Email History

Overview

Audit > Email History shows information about processing details and email related events in the system.

On the Email history list you can search for (marked red in the image below) the Date, Malware s_can verdict, Phishing/Spam verdict_, Status, Sender, Recipient, Rule, Subject and Rule direction (for Rule direction see $link[page,318711,Configuration/Policy]).

Filtering

The list of emails can be filtered by the:

  1. Date,
  2. Sender,
  3. Recipient,
  4. Subject,
  5. Status,
  6. Classifications,
  7. Scan verdict,
  8. Phishing/Spam verdict (see the Phishing/Spam verdict section below),
  9. Whether the email has attachments or not,
  10. Rule priority,
  11. Classifications (see $link[page,318763,Operating/Email classifications]) and
  12. Tags (see $link[page,318764,Operating/Email tags]).

Email details

Clicking an Email history list entry displays public details about the processing of the specific email.

Malware scan details

Under the Malware scan verdict block links point to the scan details on the MetaDefender Core or MetaDefender Cloud instance where the actual scanning took place.

Results for files that had a hash lookup match and were taken from the cache are marked with a $inline[icon,fas fa-hashtag] (hash) symbol, while results for files that were actually scanned are marked with a $inline[icon,fas fa-link] (chain) symbol.

In case of scan results the Show results link points to the result of the scan batch (the aggregated result of all the scanned files).

For both the hash lookup and the scan results, clicking the $inline[icon,fas fa-angle-down] (dropdown) symbol next to the Show results link each file has a individual link to its specific results.

Classifications

To reflect the risk level of a certain email, Email Gateway Security applies classifications. For details see $link[page,318763,Operating/Email classifications].

Phishing/Spam verdict

Email Gateway Security's anti-spam and anti-phishing filters can categorize phishing and spam emails based on the content of the email.

For the list of supported categories (verdicts) see $link[page,318760,auto$].

Priority

The priority of the email is displayed in the list and in the Email details view. The following icons represent each priority:

  1. High:
  2. Low:

For details see $link[page,318711,Configuration/Policy].

Processing history

The processing history section of the email details contains information about the processing of the email.

Cleanup

Scheduled

Configure scheduled Email History cleanup under Settings > Data Retention / Email history cleanup schedule.

On-demand

To clean-up Email History on demand click the icon and select the time window of the cleanup.

Operations

Bulk email operations

Use the checkbox in front of each row to select entries (or use the checkbox in the header row to select all visible items).

Export to CSV

Clicking the Export to CSV button will export the history list (according to the actual filter conditions) to a CSV file.

Differentiating forked emails

In some cases there are seemingly duplicate entries in Email history. Such cases are when an email is:

  • Released from quarantine,
  • Forwarded from quarantine,
  • Delivered for external quarantining.

These cases are marked in Email history with the following icons in the history list:

Processing status values

Workflow statuses

Emails with statuses listed below are progressing through the MetaDefender Email Gateway Security workflow.

Pending

Email is queued waiting to be processed.

Processing

Email is currently being processed.

Sending

Email has been processed and is being delivered to the SMTP relay server.

Completed

This status is deprecated since 4.4.0. It was replaced by Sent and Blocked

Email has been successfully processed and sent forward or blocked.

Sent

Email has been successfully processed and forwarded.

Blocked

Email has been blocked.

Temporary failure statuses

Emails with statuses listed below are in automatic retry sequence.

Reprocessing

MetaDefender Email Gateway Security has failed to process the email and it is currently pending a retry.

Possible causes

  • MetaDefender Core server down/not responding
  • Archive engine is not active on MetaDefender Core
  • Enable archive handling is not enabled for the rules on MetaDefender Core (that are defined in the Core server policies that are in use by the rules on MetaDefender Email Gateway Security)

Resending

MetaDefender Email Gateway Security has failed to forward the email to the SMTP relay server and is currently pending retry.

Possible causes

  • SMTP relay server down/not responding
  • SMTP relay server rejects the email

Permanent failure statuses

Emails with statuses listed below require user interaction, since retry sequence is exhausted.

Failed

Email has exceeded the retry count and cannot be processed/delivered.

Possible causes

  • Exhausted temporary processing failures (see $link[page,318710,Configuration/Settings]) lead to this permanent failure status.

Possible actions

  • Manually retry/delete email from the MetaDefender Email Gateway Security web interface.

Forbidden

No policy rule is found matching the email and requires manual delivery

Possible actions

  • Manually retry/delete email from the MetaDefender Email Gateway Security web interface.

Other statuses

Quarantined

Email is located in quarantine.

Possible actions

  • Manually deliver/delete/forward email from the MetaDefender Email Gateway Security web interface.

Deleted

Emails with this status has been manually deleted by a user.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Quarantine
On This Page