Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Threat Emulation (MTA+BCC) - multiple logs generated with the same event

Hi All,

 

Currently I have TE (R80.20 version) and the management server (R80.30 version). The TE runs MTA with BCC mode. From the management server, I can see the email traffic has copied already to my gateway, but there a lot of logs are generated with the same event. After my short investigation, multiple logs represent the number of recipient. Does Threat Emulation will emulate every single recipient and made it as multiple sessions? or something unusual happens here? Please find below the capture. Thanks for your all kindness.

 

MTA+BCC.PNG

 

 
 
0 Kudos
4 Replies
Highlighted
Admin
Admin

Generally, a given file should only be emulated once, even if it is sent to multiple recipients at different times.
Recent emulations are cached.
Possible a log entry is generated per recipient.
0 Kudos
Highlighted
Ivory

Thanks for your prompt reply. Is it a normal behaviour? From my Check Point DemoPoint lab (using MTA only), I can see there is only one log generated for each event (even though multiple recepients there).
0 Kudos
Highlighted
Ivory

Does anyone has same issue?

0 Kudos
Highlighted
Admin
Admin

If you're seeing this in one environment but not another, it might be worth a TAC case.
0 Kudos