4.4 Email history

Email history and Failed emails merged

Starting with MetaDefender Email Gateway Security version 4.7.0, the former Dashboard > Email history and Dashboard > Failed emails pages are merged into the Audit > Email History page.

Email history

Audit > Email History shows information about email events in the system.

On the Email history page you can search for RECEIVED DATE, SCAN VERDICT, STATUS, SENDER, RECIPIENT(S), EMAIL RULE, DIRECTION and SUBJECT (DIRECTION and EMAIL RULE are not displayed in the list).

No auto refresh

Due to usability reasons the Email history list is not updated automatically. Click the Refresh icon to update.

N/A values

The SCAN VERDICT value N/A means that MetaDefender Core was not involved in the processing of this entry.

Such cases are:

  • Notifications for blocked emails

  • Released from quarantine

  • Forwarded from quarantine

  • Delivered for external quarantining

Differentiating forked emails

In some cases there are seemingly duplicate entries in Email history. Such cases are when an email is:

  • Released from quarantine,

  • Forwarded from quarantine,

  • Delivered for external quarantining.

These cases are marked in Email history with the following icons in front of the RECIPIENT(S) value:


Fork case


Released from quarantine


Forwarded from quarantine


Delivered for external quarantining


In the example below the quarantined (down) and the released-from-quarantine (over) email can be observed.



Export to CSV

Clicking the EXPORT TO CSV button will export the history list (according to the actual filter conditions) to a CSV file.

Data range

The currently active filter conditions apply to the exported list.

All filtered data gets exported, even if the list expands to multiple pages.

CSV file download

The CSV file is written into a HTTP stream, so it gets downloaded by the browser immediately, automatically.

The CSV file is named according to the following scheme:

Naming convention

For example, if the export happened on 06th November, 2019; at 09:55:51 AM:

Naming example


The history above exports to the following CSV:


Force retry


If one of your emails entered into a Resending state due to some errors (5.4 Understanding email processing statuses) and you don't want to wait until the next scheduled retry then you have the option to trigger a forced retry. For doing this you should move your mouse over the email and click on the Force retry icon ( images/download/thumbnails/2979026/icomoon-free_2014-12-23_spinner11_22_0_007dff_none0.png ).


View email details


Display details about the email and its processing history.

Clicking an Email history entry displays public details (that do not require authentication on MetaDefender Core) about the scan.


The View scan details link points to the scan details on the MetaDefender Core instance where the actual scanning took place.

Broken scan details links

The View scan details link utilizes the Core address as specified under Inventory > Server profiles. If Core is specified with an address that is not reachable on the machine where the actual browsing of the Web Management Console happens, then the browser will report error.

Example: Core and Email Gateway Security are installed on the same machine and Core is referenced with the URI on Email Gateway Security. If Email Gateway Security's Web Management Console is browsed from any other machine, then (most probably) the View scan details link will be broken.

See also 3.7 Server profiles.

View scan details availability

The View scan details link works with MetaDefender Core version 4.7.0 (or later) only.

For MetaDefender Core versions earlier than 4.7.0 the Dashboard is opened.

From MetaDefender Email Gateway Security 4.2.0 you will need a logged in session to the MetaDefender Core to see the scan details.

Absolute scan details links

To generate the View scan details links, MetaDefender Email Gateway Security stores the actual Core IP where the current request's files were scanned.

As a result the View scan details links continue to work properly even after a new Core is configured instead the old one (given that the old Core is still available).

Breaking scan details links

View scan details links stop working after the referenced Core is uninstalled or migrated to a new address.

Processing history

The processing history section of the email details contains information about the processing of the email. The following type of entries are listed:





Added when a status change occurs. If the status change was manually initiated, the message contains the name of the user that executed the REST call.

LOCAL/admin changed status from Failed to Pending


Added when a scan failure occurs.

Scan failed on url https://localhost:8008 (Reason: Core unavailable)


Added when sending an email

Sending email to smtp://


Added when sending an email succeeded

SMTP send succeeded to smtp://


Added when a send failure occurs.

SMTP send failed to smtps://localhost:587 (Response: No connection could be made because the target machine actively refused it


Added when an email cannot be modified/sanitized (e.g. parsing error).



Occurs when an email is forked (e.g. different policy rules apply to different recipients, partial send failure for certain recipients).



Occurs when email content is duplicated (e.g. original copy is moved to quarantine, quarantined original copy is forwarded).



Added when we receive a scan verdict for a file related to the email.

email/[body].txt: No Threat Detected


Added when uploading an attachment to MetaDefender Vault

Attachment 'LargeAttachment' was uploaded to Vault


This event is added when all email modifications are complete and the email is ready to be sent.

Modification/Sanitization of email completed

Failed emails

Email history and Failed emails merged

Starting with MetaDefender Email Gateway Security version 4.7.0, the former Dashboard > Email history and Dashboard > Failed emails pages are merged into the Audit > Email History page.

Failure conditions

To understand in what conditions an email fails permanently, see section Permanent failure statuses in 5.4 Understanding email processing statuses.


Only for failed emails

The functions in this section are available for failed emails only.

If there are other than failed emails in the selection, then the function will execute for the failed selected entries only. For the rest of the entries, a notification is displayed.

The following operations are available on entries in the Email history:

  1. Retry Failed

  2. Retry

  3. Delete

  4. Download

Bulk operations

Operations on all failed items

Retry Failed


This function will call the 198213880 for all (visible and not visible) failed entries in the Email history.

Operations on selected items

Selecting entries

Use the checkbox in front of each row to select entries (or use the checkbox in the header row to select all visible items).




Retry processing the email from the point where it failed and send it to the original recipient(s).

The email is removed from the permanent failures queue.



Delete the email from the permanent failures queue without trying to reprocess it.



Download the selected original emails from the failed emails to the local hard drive.

The format of the downloaded emails is zipped MIME (.eml).

File naming


File name


Archive package



Email file

<subject>_<unique ID>