cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

975
Views
0
Helpful
4
Replies
ivanyk79
Beginner

Message filters working in WUI trace but no where else

Hi,

   I have configured a message filter and tested using the WUI trace option. This produces the results i want to see, however when i attempt to replicate having mail that should be tagged sent through the ESA, nothing happens.

Any thoughts?

4 REPLIES 4
marc.luescherFRE
Enthusiast

Hi Ivan,

 

debugging message filters is a bit harder but for me adding multiple log entries has paid off.

 

So your filter would mainly then look like:

 

Test_v3:

 

if (mail-from == test@domain.com) {

log-entry(Test_v3-Line 1);

insert-header(X-Test","Test");

log-entry(Test_v3-Line 2);

add=heading("ExternalHeader");

log-entry(Test_v3-Line3);

}

 

After the filter should run check the mail log on CLI and grep for the line items above like

 

grep "Test_v3-Line3" mail_logs

 

Then you should see if the filter did run at all and/or where it dropped out.

 

I hope that helps

 

Marc

see below

ivanyk79
Beginner

Hi Marc, 

    I did a test with the following:

EXT_TAG_LOG1: if recv-listener == "InboundMail" {
                              log-entry("EXT_TAG_LOG");
                                insert-header("Subject", "[EXTERNAL EMAIL] $Subject");
                                 log-entry("EXT_TAG_LOG");
                          }

   I send a test email that should be tagged with [EXTERNAL MAIL]. The email comes in with no tag. I then look at the SMA message tracking and see a line:

  

25 Sep 2020 12:51:52 (GMT -03:30)25 Sep 2020 12:51:52 (GMT -03:30)25 Sep 2020 12:51:52 (GMT -03:30)

Message 353 Custom Log Entry: EXT_TAG_LOG
Message 353 Custom Log Entry: EXT_TAG_LOG
Message 353 matched per-recipient policy DEFAULT for inbound mail policies.

 

   I then connect to the CLI and ran grep "EXT_TAG_LOG" mail.logs and i get:

Fri Sep 25 12:39:47 2020 Info: MID 351 Custom Log Entry: EXT_TAG_LOG
Fri Sep 25 12:51:52 2020 Info: MID 353 Custom Log Entry: EXT_TAG_LOG
Fri Sep 25 12:51:52 2020 Info: MID 353 Custom Log Entry: EXT_TAG_LOG

   I thought i would get more information, am i missing something to check? I find it strange how trace in the WUI will work and show the correct response. 

Thoughts?

 

Happy to help you further, please sent me an email at marc.luescher@gmail.com and we go from there.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad