Tracking of domainmap rewrite

Doug Maxfield · ‎07-11-2018

Good Morning,

We have a configuration in the listenerconfig for domain mapping that rewrites anything from "subdomain.domain.com" to "domain.com". We are working towards decommissioning the subdomain but would like to know how many emails are coming in with that address.

We have looked in the mail logs and can't find any entries of the rewrite but know it's in use. Is there a way to find out how many of these emails we are receiving daily?

Thanks in advance,

Doug

svgeorgi · ‎07-11-2018

The only way would be to grep the mail_logs under CLI like this:

grep "with the mapping to" mail_logs

You should see many lines like this:

This email was originally sent to dan@olddomain.com with the mapping to newdomain.com:

Count of those lines should answer your question of how many emails are coming in.

If you want to check them for one day, you can specify further the grep search string:

grep "Jul 11.*with the mapping to" mail_logs

I hope this helps...

Doug Maxfield · ‎07-11-2018

Thanks for the information, but it doesn't appear to be getting logged.

I sent myself a test email and attempted to run the command provided, and got zero results. I then downloaded the entire mail.current file to my PC and used Notepad++ to search for the item, I could not find anything. I was able to see the email that I sent in the mail.current log, but nothing showing that the address had been rewritten. I even reviewed the headers of the email coming in and they show no trace that the email was originally sent to @subdomain.domain.com

Doug

svgeorgi · ‎07-11-2018

Sorry, this was my mistake.

Domain map rewriting is not reflected in the mail_logs.

Let me check if there is another way to track this somehow.

svgeorgi · ‎07-11-2018

It seems there is no direct way to track this.

A workaround would be to create another interface bound to another listener, and point the MX record for the old domain to it, and you will count how many message you are receiving on the new interface.

Unfortunately, this will track the count of connections, and not the exact number of messages. You can transmit more than one email over one connection.

If you believe such feature should be available, you can open a Cisco TAC case to file a new feature request.

Doug Maxfield · ‎07-11-2018

Thanks for the help.

Creating another interface would not be ideal due to us being Cloud ES. Also, we had issues in the past with having this as a MX record as some MTAs would "round-robin" our MX records and we specify the addresses to accept in the RAT.

Doug

svgeorgi · ‎07-11-2018

For your situation, I believe it would be best to disable domain mapping, create a filter which will check for emails coming to @olddomain.com, and its action will be to send a notification to the sender, and maybe your email address. Notification may use a notification template explaining that the old domain is deprovisioned and the sender should update the recipient's domain with a new one in order for the message to be delivered correctly. Next action will be to drop the email.

With the notifications sent to your email address, you will be able to check the number of emails sent to the old domain. If the emails are too many, you can consider renewing the domain mapping temporarily.