Skip to main content link. Accesskey S
  • HCL Logo
  • HCL Notes and Domino wiki
  • THIS WIKI IS READ-ONLY. Individual names altered for privacy purposes.
  • HCL Forums and Blogs
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • API Documentation
Search
Community Articles > Lotus Protector for Mail Security > Troubleshooting Lotus Protector for Mail Security > Message Tracking with Log Files
  • Share Show Menu▼
  • Subscribe Show Menu▼

Recent articles by this author

Modify Quarantine Report Templates

The Quarantine Report Templates allow administrators to control what end users see in the quarantine reports they receive via email. Default templates are available for most languages and do not require customization. If you want to customize a template, see the example below on how to add a ...

Message Tracking with Log Files

There are four key log files that can help you quickly and easily diagnose mail flow issues with Protector: SMTP, Filters, Messages and SMAIL.  You can access all of these log files by logging into the console of the appliance with the root account.. SMTP varlogxmailsmtpYYYYMMDDHH00 This logs ...

Tutorial: Creating a SpamLearn macro in Outlook 2007

First, to avoid security issues, create a self certification that you'll use with your macros. Run the following selfcert program: C:Program FilesMicrosoft OfficeOFFICE12selfcert.exe enter your name or any string there Go back to Outlook Type Alt+F11 (or go to ToolsMacroVisual Basic ...
Community articleMessage Tracking with Log Files
Added by ~Ted Minjumiettu | Edited by ~Hank Prejipytherli on September 28, 2017 | Version 7
  • Actions Show Menu▼
expanded Abstract
collapsed Abstract
No abstract provided.
Tags: log, logging, Lotus Protector for Mail Security
There are four key log files that can help you quickly and easily diagnose mail flow issues with Protector: SMTP, Filters, Messages and SMAIL.  You can access all of these log files by logging into the console of the appliance with the root account..
 
SMTP
/var/log/xmail/smtp-YYYYMMDDHH00
This logs all incoming emails to the server, both destined to the Internet and Internal networks. For every message, you should see a RECV and RCPT.  If you don't see a message on this log, we never received it. Some of the IP filters will also show errors on this log if a message was blocked by our IP filters. If you don't see a message on this log file, Protector never received it.

FILTERS
/var/log/xmail/filters-YYYYMMDDHH00
This logs our IP layer filters including Recipient Verification. Note that when you enable Recipient Verification, ALL messages lines will show the words Recipient Verification, but that does not mean they were blocked by it, only checked against it.

MESSAGES
/var/log/messages
This log shows all mail security notices, but also shows the messages that are analyzed. If a message was blocked by one of our content filters, it will show here in the form of which Rule and Analysis Module matched against the email and if a Response was applied to the message and the ultimate message action status, typically action taken=1. If a message does not show a Rule and Analysis Module in the log and has an action taken=0, this indicates that the message has passed all checks and will be delivered to your internal mailbox.

SMAIL
/var/log/xmail/smail-YYYYMMDDHH00
This log shows all mail that has been or is attempted to be delivered by the server, for both External and Internal mail. If the message is delivered to the Internet it will show "SMTP", a message delivered to Internal will show "RLYS".  If you see either of these, you know the message is now at its next hop and not in Protector.

EXAMPLE INBOUND EMAIL:
LPforMS:~ # tail /var/log/xmail/smtp-201107290900
"swg.usma.ibm.com"      "swg.usma.ibm.com"      "127.0.0.1"     "2011-07-29 09:12:02"   "mail.ibm.com"  "swg.usma.ibm.com"      "joey@example.com"      "samanthadaryn@swg.usma.ibm.com"   "11072913-8336-0000-0000-0000001200EE"  "RCPT=OK"       ""      "0"     ""
"swg.usma.ibm.com"      "swg.usma.ibm.com"      "127.0.0.1"     "2011-07-29 09:12:17"   "mail.ibm.com"  "swg.usma.ibm.com"      "joey@example.com"      "samanthadaryn@swg.usma.ibm.com"   "11072913-8336-0000-0000-0000001200EE"  "RECV=OK"       ""      "64"    ""

LPforMS:~ # tail /var/log/xmail/filters-201107290900
"joey@example.com"      "samanthadaryn@swg.usma.ibm.com"        "127.0.0.1"     "127.0.0.1"     "2011-07-29 09:12:02"   "post-rcpt"     ""      "11072913-8336-0000-0000-0000001200EE"     "0"     "0"     "Recipient Verification;"

LPforMS:~ # tail /var/log/messages
Jul 29 09:12:23 LPforMS pvmail[1444]: id=MS name=MSM_MailProcessed time="2011-7-29 9:12:23" fw=LPforMS pri=6 issueid=6000031 msg="Mail Processed" msgid=11072913-8336-0000-0000-0000001200EE sender="joey@example.com" recipient="samanthadaryn@swg.usma.ibm.com" direction=inbound size=709 attachmentcount=0 src=127.0.0.1 ActionTaken=0

LPforMS:~ # tail /var/log/xmail/smail-201107290900
"swg.usma.ibm.com"      "1311945143834.b34d3ba0.6dd.12c.LPforMS"        "11072913-8336-0000-0000-0000001200EE"  "joey@example.com"      "samanthadaryn@swg.usma.ibm.com"  "RLYS"   "LPDominoSvr.swg.usma.ibm.com"  "2011-07-29 09:12:24"   "Message accepted for delivery"
 
For a full list of SMTP errors, reference this support article:https://www-304.ibm.com/support/docview.wss?uid=swg21437369

  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (1)
collapsed Versions (1)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (7)Sep 28, 2017, 4:57:13 PM~Hank Prejipytherli  
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedAbout
  • HCL Software
  • HCL Digital Solutions community
  • HCL Software support
  • BlogsDigital Solutions blog
  • Community LinkHCL Software forums and blogs
  • About HCL Software
  • Privacy
  • Accessibility