Debugging Mail Flow Using Test Messages: Trace
You can use System Administration > Trace page (the equivalent of the trace command in the CLI) to debug the flow of messages through the system by emulating sending a test message. The Trace page (and trace CLI command) emulates a message as being accepted by a listener and prints a summary of features that would have been “triggered” or affected by the current configuration of the system (including uncommitted changes ). The test message is not actually sent. The Trace page (and trace CLI command) can be a powerful troubleshooting or debugging tool, especially if you have combined many of the advanced features available on the Cisco appliance .
Note |
Trace is not effective for testing file reputation scanning. |
The Trace page (and trace CLI command) prompts you for the input parameters listed in the following table.
Value |
Description |
Example |
---|---|---|
Source IP address |
Type the IP address of the remote client to mimic the source of the remote domain. This can be an Internet Protocol version 4 (IPv4) or version 6 (IPv6) address. Note: The trace command prompts for an IP address and a fully-qualified domain name. It does not attempt to reverse the IP address to see if it matches the fully-qualified domain name. The trace command does not allow the fully-qualified domain name field to be blank, so it is impossible to test a scenario where the DNS does not reverse match properly. |
203.45.98.109 2001:0db8:85a3::8a2e:0370:7334 |
Fully Qualified Domain Name of the Source IP |
Type the fully-qualified remote domain name to mimic. If left null, a reverse DNS lookup will be performed on the source IP address. |
smtp.example.com |
Listener to Trace Behavior on |
Choose from the list of listeners configured on the system to emulate sending the test message to. |
InboundMail |
SenderBase Network Owner Organization ID |
Type the unique identification number of the SenderBase network owner, or allow the system to Lookup network owner ID associated with source IP address. You can view this information if you added network owners to sender groups via the GUI. |
34 |
SenderBase Reputation Score |
Type the SBRS score you want to provide for the spoofed domain, or allow the system to look up the SBRS score associated with the source IP address. This can be helpful when testing policies that use SBRS scores. Note that manually entered SBRS scores are not passed to the Context Adaptive Scanning Engine (CASE). See Editing Sender Reputation Filtering Score Thresholds for a Listener for more information. |
-7.5 |
Envelope Sender |
Type the Envelope Sender of the test message. |
admin@example.net |
Envelope Recipients |
Type a list of recipients for the test message. Separate multiple entries with commas. |
joe frank@example.com |
Message Body |
Type the message body for the test message, including headers. Type a period on a separate line to end entering the message body. Note that “headers” are considered part of a message body (separated by a blank line), and omitting headers, or including poorly formatted ones can cause unexpected trace results. |
To: 1@example.com From: ralph Subject: Test this is a test message . |
After you have entered the values, click Start Trace. A summary of all features configured on the system affecting the message is printed.
You can upload message bodies from your local file system. (In the CLI, you can test with message bodies you have uploaded to the /configuration directory. See FTP, SSH, and SCP Access for more information on placing files for import onto the Cisco appliance .)
After the summary is printed, you are prompted to view the resulting message and re-run the test message again. If you enter another test message, the Trace page and the trace command uses any previous values from the above table you entered.
Note |
The sections of configuration tested by the trace command listed in the following table are performed in order . This can be extremely helpful in understanding how the configuration of one feature affects another. For example, a recipient address transformed by the domain map feature will affect the address as it is evaluated by the RAT. A recipient that is affected by the RAT will affect the address as it is evaluated by alias table, and so on. |
trace Command Section |
Output |
---|---|
Host Access Table (HAT) and Mail Flow Policy Processing |
The Host Access Table settings for the listener you specified are processed. The system reports which entry in the HAT matched from the remote IP address and remote domain name you entered. You can see the default mail flow policies and sender groups and which one matched the given entries. If the Cisco appliance was configured to reject the connection (either through a REJECT or TCPREFUSE access rule), the trace command exits at the point in the processing. For more information on setting HAT parameters, see Understanding Predefined Sender Groups and Mail Flow Policies. |
Envelope Sender Address Processing These sections summarize how the appliance configuration affects the Envelope Sender you supply. (That is, how the MAIL FROM command would be interpreted by the configuration of the appliance .) The trace command prints “Processing MAIL FROM:” before this section. |
|
Default Domain |
If you specified that a listener to change the default sender domain of messages it receives, any change to the Envelope Sender is printed in this section. For more information, see Configuring the Gateway to Receive Email . |
Masquerading |
If you specified that the Envelope Sender of a message should be transformed, the change is noted here. You enable masquerading for the Envelope Sender on private listeners using the listenerconfig -> edit -> masquerade -> config subcommands. For more information, see Configuring Routing and Delivery Features. |
Envelope Recipient Processing These sections summarize how the appliance affects the Envelope Recipients you supply. (That is, how the RCPT TO command would be interpreted by the configuration of the appliance .) The trace command prints “ Processing Recipient List: ” before this section. |
|
Default Domain |
If you specified that a listener to change the default sender domain of messages it receives, any changes to the Envelope Recipients are printed in this section. For more information, see Configuring the Gateway to Receive Email. |
Domain Map Translation |
The domain map feature transforms the recipient address to an alternate address. If you specified any domain map changes and a recipient address you specified matches, the transformation is printed in this section. For more information, see Configuring Routing and Delivery Features. |
Recipient Access Table (RAT) |
Each Envelope Recipient that matches an entry in the RAT is printed in this section, in addition to the policy and parameters. (For example, if a recipient was specified to bypass limits in the listener’s RAT.) For more information on specifying recipients you accept, see Configuring the Gateway to Receive Email. |
Alias Table |
Each Envelope Recipient that matches an entry in the alias tables configured on the appliance (and the subsequent transformation to one or more recipient addresses) is printed in this section. For more information, see Configuring Routing and Delivery Features. |
Pre-Queue Message Operations These sections summarize how the appliance affects each message after the message contents have been received, but before the messages are enqueued on the work queue. This processing occurs before the final 250 ok command is returned to the remote MTA. The trace command prints “Message Processing : ” before this section. |
|
Virtual Gateways |
The altsrchost command assigns messages to a specific interface, based on a match of the Envelope Sender’s full address, domain, or name, or IP address. If an Envelope Sender matches entries from the altsrchost command, that information is printed in this section. Note that the virtual gateway address assigned at this point may be overridden by message filter processing below. For more information, see Configuring Routing and Delivery Features. |
Bounce Profiles |
Bounce profiles are applied at three different points in the processing. This is the first occurrence. If a listener has a bounce profile assigned to it, it is assigned at this point in the process. That information is printed in this section. For more information, see Configuring Routing and Delivery Features. |
Work Queue Operations The following group of functions are performed on messages in the work queue. This occurs after the message has been accepted from the client, but before the message is enqueued for delivery on a destination queue. “Messages in Work Queue” is reported by the status and status detail commands. |
|
Masquerading |
If you specified that the To:, From:, and CC: headers of messages should be masked (either from a static table entered from a listener or via an LDAP query), the change is noted here. You enable masquerading for the message headers on private listeners using the listenerconfig -> edit -> masquerade -> config subcommands. For more information, see Configuring Routing and Delivery Features. |
LDAP Routing |
If LDAP queries have been enabled on a listener, the results of LDAP acceptance, re-routing, masquerading, and group queries are printed in this section. For more information, see LDAP Queries. |
Message Filters Processing |
All messages filters that are enabled on the system are evaluated by the test message at this point. For each filter, the rule is evaluated, and if the end result is “true,” each of the actions in that filter are then performed in sequence. A filter may contain other filters as an action, and the nesting of filters is unlimited. If a rule evaluates to “false” and a list of actions is associated with an else clause, those actions are evaluated instead. The results of the message filters, processed in order, are printed in this section. |
Mail Policy Processing The mail policy processing section displays the Anti-Spam, Anti-Virus, Outbreak Filters feature, and disclaimer stamping for all recipients you supplied. If multiple recipients match multiple policies in Email Security Manager, the following sections will be repeated for each matching policy. The string: “Message Going to” will define which recipients matched which policies. |
|
Anti-Spam |
This section notes messages that are not flagged to be processed by anti-spam scanning. If messages are to be processed by anti-spam scanning for the listener, the message is processed and the verdict returned is printed. If the Cisco appliance is configured to bounce or drop the messages based on the verdict, that information is printed and the trace command processing stops. Note: This step is skipped if anti-spam scanning is unavailable on the system. If anti-spam scanning is available but has not been enabled with a feature key, that information is also printed in this section. |
Anti-Virus |
This section notes messages that are not flagged to be processed by anti-virus scanning. If messages are to be processed by anti-virus scanning for the listener, the message is processed and the verdict returned is printed. If the Cisco appliance is configured to “clean” infected messages, that information is noted. If configured to bounce or drop the messages based on the verdict, that information is printed and the trace command processing stops. Note: This step is skipped if anti-virus scanning is unavailable on the system. If anti-virus scanning is available but has not been enabled with a feature key, that information is also printed in this section. See the Anti-Virus. |
Content Filters Processing |
All content filters that are enabled on the system are evaluated by the test message at this point. For each filter, the rule is evaluated, and if the end result is “true,” each of the actions in that filter are then performed in sequence. A filter may contain other filters as an action, and the nesting of filters is unlimited. The results of the content filters, processed in order, are printed in this section. See Content Filters. |
Outbreak Filters Processing |
This section notes that messages that contain attachments are to bypass the Outbreak Filters feature. If messages are to be processed by Outbreak Filters for the recipient, the message is processed and the evaluation. If the appliance is configured to quarantine, bounce, or drop the messages based on the verdict, that information is printed and the processing stops. See Outbreak Filters. |
Footer Stamping |
This section notes whether a footer text resource was appended to the message. The name of the text resource is displayed. See Message Disclaimer Stamping in Text Resources. |
Delivery Operations The following sections note operations that occur when a message is delivered. The trace command prints “ Message Enqueued for Delivery ” before this section. |
|
Global Unsubscribe per Domain and per User |
If any recipients you specified as input for the trace command match recipients, recipient domains, or IP addresses listed in the in the Global Unsubscribe feature, any unsubscribed recipient addresses are printed in this section. |
Final Result When all processing has been printed, you are prompted with the final result. In the CLI, Answer y to the question, “Would you like to see the resulting message?” to view the resulting message. |