What you are seeing is correct the first bucket grabs everything and doesn't allow traffic to be distributed to other service ID's. Using PBR to overcome this is what we came up with for this type of deployment.
Since you can’t specifically set a Content Filter on attachment size but you can on message size which includes body + attachment I would suggest add a content filter as a condition and then the action is add Log Entry and then you can search for the...
There is no report but if you are syslogging the mail_logs off box you could run something to look for the Message to Large indicators and create a report. Other than that you'd have to grep the logs that are being stored off-box for the same.
Receiving aborted is generally and indication that the transmitting end stop sending data OR there is some network device interfering with the communication. If you are unable to receive any email always best to open a TAC case and have them assist.
Unless something has changed in the last year or so and it is possible, you could configure the WSA to use 802.1q VLAN interfaces and they would synch with WCCP on the ASA off the physical inside interface and sub-interfaces however there was an issu...
.jpg "Hall of Fame Community Legend"){kind=icon}
