What does Cisco IronPort do?

Cisco IronPort security management technologies provide centralized reporting, message tracking and spam quarantine services. Administrators can simplify email and web security administration, gain corporate-wide insight into their email network, and comply with governance and compliance requirements.

What is IronPort mid?

This contains details of email receiving, email delivery and bounces. The message was assigned a Message ID (MID) of “6” after the MAIL FROM command is issued from the client.

What is IronPort exchange?

The Cisco Ironport is an appliance that is deployed into an existing mail infrastructure. All emails are sent to the IronPort and the IronPort is either the last point out (most common configuration) or it can process email and then send it back to the mail server where it is sent out.

What is mid email?

The Mailer Identifier (MID) is a field within the Intelligent Mail barcode that is used to identify mailers. MIDs are assigned by the USPS® to a Mail Owner, Mailing Agent or other service providers who request them.

What is an injection connection id ( ICID )?

An Injection Connection ID (ICID) is a numerical identifier for an individual SMTP connection to the system, over which 1 to thousands of individual messages may be sent. What is a Delivery Connection ID (DCID)?

Is there a predefined rule for IronPort mail?

There are no predefined rules for this device. In RESOURCE > Reports, search for “ironport mail” in the Name and Description columns to see the reports for this device. FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation.

How to retrieve fortisiem log from IronPort gateway?

Log in to your Ironport Mail Gateway device manager with administrator privileges. Edit the Log Subscription settings. For Log Name, enter IronPort-Mail. This identifies the log to FortiSIEM as originating from an Ironport mail gateway device. For Retrieval Method, select Syslog Push .

What does ” ICID lost or ICID close ” mean?

This typically happens when either the ESA loses the connection, or the sending client prematurely ends the connection without sending us the entire message. This would mean that the remote host connected but did not send any data.