ESA FAQ: What is a Message ID (MID), Injection Connection ID (ICID), or Delivery Connection ID (DCID)?

Introduction

This document describes recorded information regarding text mail logs and the associated message ID, injection connection ID, and delivery ID on the Email Security Appliance (ESA) or on the Security Message Appliance (SMA).

What is a Message ID (MID)?

A Message ID (MID), is an unique identifier assigned to a particular message by the ESA.  A MID is associated with every message received by the Cisco appliance and can be tracked in mail logs.

What is an Injection Connection ID (ICID)?

An Injection Connection ID (ICID) is a numerical identifier for an individual SMTP connection to the system, over which 1 to thousands of individual messages may be sent.

What is a Delivery Connection ID (DCID)?

A Delivery Connection ID (DCID) is a numerical identifier for an individual SMTP connection to another server, for delivery of 1 to thousands of messages, each with some or all of their Recipient IDs (RID) being delivered in a single message transmission.

The type of log best suited for discovering the disposition of a specific email message is the text mail log (mail_logs).  This contains details of email receiving, email delivery and bounces. Status information is also written to the mail log every minute. These logs are a useful source of information to understand delivery of specific messages and to analyze system performance.

An example of a message processing through the ESA and written to the mail_logs:

Mon Apr 17 19:56:22 2003 Info: New SMTP ICID 5 interface Management (10.1.1.1)
 address 10.1.1.209 reverse dns host remotehost.com verified yes
Mon Apr 17 19:57:20 2003 Info: Start MID 6 ICID 5
Mon Apr 17 19:57:20 2003 Info: MID 6 ICID 5 From: <sender@remotehost.com>
Mon Apr 17 19:58:06 2003 Info: MID 6 ICID 5 RID 0 To: <mary@yourdomain.com>
Mon Apr 17 19:59:52 2003 Info: MID 6 ready 100 bytes
 from <sender@remotehost.com>
Mon Apr 17 19:59:59 2003 Info: ICID 5 close
Mon Mar 31 20:10:58 2003 Info: New SMTP DCID 8 interface 192.168.42.42
 address 10.5.3.25
Mon Mar 31 20:10:58 2003 Info: Delivery start DCID 8 MID 6 to RID [0]
Mon Mar 31 20:10:58 2003 Info: Message done DCID 8 MID 6 to RID [0]
Mon Mar 31 20:11:03 2003 Info: DCID 8 closeIn this instance, the email message
 with MID 6 from sender@example.com is 100 bytes long.

Looking at the specifics of the provided mail_logs example:

1. A new connection is initiated into the system and assigned an Injection ID (ICID) of "5." The connection was received on the Management IP interface and was initiated from the remote host at 10.1.1.209.
2. The message was assigned a Message ID (MID) of "6" after the MAIL FROM command is issued from the client.
3. The sender address is identified and accepted.
4. The recipient is identified and assigned a Recipient ID (RID) of "0."
5. MID 5 is accepted, written to disk, and acknowledged.
6. Receiving is successful and the receiving connection closes.
7. Next the message delivery process starts. It is assigned a Delivery Connection ID (DCID) of "8" from 192.168.42.42 and to 10.5.3.25.
8. The message delivery starts to RID "0."
9. Delivery is successful for MID 6 to RID "0."
10. The delivery connection closes.

For more information about Log Characteristics, see the AsyncOS User Guide.

Related Information

• Cisco Email Security Appliance - End-User Guides
• ESA Message Disposition Determination
• Technical Support & Documentation - Cisco Systems