This article contains information on troubleshooting mail flow for Mimecast Email Security Cloud Integrated, including steps for Microsoft 365 and Mimecast perspectives, message tracing, and uninstalling components if necessary.
Troubleshooting
You must troubleshoot mail flow from two perspectives: your environment, i.e. Microsoft 365, and Mimecast Email Security Cloud Integrated.
Below are details of both and what to look for to check and troubleshoot your mail flow.
Mail Flow - Azure Active Directory
You can troubleshoot mail flow from a Microsoft 365 perspective, by using the following steps:
-
Login to admin.exchange.microsoft.com
You need to have Administrator access to Mimecast Email Security Cloud Integrated, if you need to review scanning results from Mimecast.
- Navigate to Mail Flow | Message Trace
-
Select Start a trace.
- Enter the details to perform a New message trace > Search.
- Once the email is located, it should appear once or twice per recipient, based on Mimecast Email Security Cloud Integrated’s scanning decision.
-
- Results are ordered from Oldest (Bottom) to Newest (Top)
- If seen only ONCE, the email came into Exchange > Cloud Integrated but has yet to return. This could point to the message being HELD in Quarantine within Cloud Integrated.
- If seen TWICE, the email went from Exchange > Cloud Integrated > Exchange. So, Mimecast scanned it and returned the email.
Message Trace Details: Inbound Examples
The following example displays what is seen for Inbound emails, and why two entries will be visible within Exchange’s Message Trace.
|
Result 1 |
Result 2 |
|
|
|
|
The initial email will indicate the following:
|
The Second email entry seen indicates the following: (Example shown here is for INBOUND email)
|
Mail Flow - From Mimecast Email Security Cloud Integrated
You can troubleshoot mail flow from a Mimecast Email Security Cloud Integrated perspective, by using the following steps:
- Log in to Mimecast Email Security Cloud Integrated.
- Navigate to Detections.
-
Uncheck Filter options while selecting the appropriate Date Range to ensure you see all emails Email Security (CI) has seen.
-
- By default, the Filters will always show Malware, Phishing, Spam, and Untrustworthy, which cannot be changed. This is because the typical user would only be accessing Mimecast Email Security Cloud Integrated to locate messages held in quarantine or was seen as a potential threat.
- Enter Search Criteria > Search!
-
- The search functionality utilizes an “elastic” search, which will search every aspect of the email seen in the most visible columns.
- Once located, select the email to open and review the necessary details.
Your findings from these checks will help to ascertain where any mail flow issue may exist; this information is also helpful to our Support teams should you need to proceed in Raising a Support Case with us.
Uninstalling
Uninstalling should be done only as a last resort; if you intend to remain with Mimecast, any re-installation will need to be done with assistance from our global Support teams.
Should you need to uninstall Mimecast Email Security Cloud Integrated, please follow the following steps:
- Navigate to Exchange Admin Center | Mail Flow | Rules and delete all Mimecast-created rules.
- Navigate to Exchange Admin Center | Mail Flow | Connectors and delete the From Mimecast and To Mimecast connectors.
- Navigate to Azure Active Directory Admin Center | Enterprise Applications and delete all Email Security, Cloud Integrated related Enterprise Applications.
Other Uninstall Components that need to be removed are:
- Reporting Mailbox as a User, and from User-Reported Settings.
- Accepted Domain.
- Trusted ARC Sealer.
Comments
Please sign in to leave a comment.