4.4 Email history

Email history and Failed emails merged

Starting with MetaDefender Email Gateway Security version 4.7.0, the former Dashboard > Email history and Dashboard > Failed emails pages are merged into the Audit > Email History page.

Email history

Audit > Email History shows information about email events in the system.

On the Email history page you can search for RECEIVED DATE, SCAN VERDICT, STATUS, SENDER, RECIPIENT(S), EMAIL RULE, DIRECTION and SUBJECT (DIRECTION and EMAIL RULE are not displayed in the list).

No auto refresh

Due to usability reasons the Email history list is not updated automatically. Click the Refresh icon to update.

N/A values

The SCAN VERDICT value N/A means that MetaDefender Core was not involved in the processing of this entry.

Such cases are:

  • Notifications for blocked emails

  • Released from quarantine

  • Forwarded from quarantine

  • Delivered for external quarantining

Differentiating forked emails

In some cases there are seemingly duplicate entries in Email history. Such cases are when an email is:

  • Released from quarantine,

  • Forwarded from quarantine,

  • Delivered for external quarantining.

These cases are marked in Email history with the following icons in front of the RECIPIENT(S) value:

Icon

Fork case

images/download/attachments/2979026/font-awesome_4-7-0_send_22_0_273238_none.png

Released from quarantine

images/download/attachments/2979026/font-awesome_4-7-0_mail-forward_22_0_273238_none.png

Forwarded from quarantine

images/download/attachments/2979026/font-awesome_4-7-0_shield_22_0_273238_none.png

Delivered for external quarantining

Example

In the example below the quarantined (down) and the released-from-quarantine (over) email can be observed.

images/download/attachments/2979026/image2019-5-20_15-43-59.png

Operations

Export to CSV

Clicking the EXPORT TO CSV button will export the history list (according to the actual filter conditions) to a CSV file.

Data range

The currently active filter conditions apply to the exported list.

All filtered data gets exported, even if the list expands to multiple pages.

CSV file download

The CSV file is written into a HTTP stream, so it gets downloaded by the browser immediately, automatically.

The CSV file is named according to the following scheme:

Naming convention
emailhistory-<yyyy>-<MM>-<dd>-<HH>-<mm>-<ss>.csv

For example, if the export happened on 06th November, 2019; at 09:55:51 AM:

Naming example
emailhistory-2019-11-06-09-55-51.csv

images/download/attachments/2979026/image2019-11-6_10-15-19.png

The history above exports to the following CSV:

images/download/attachments/2979026/image2019-11-6_11-12-34.png

Force retry

images/download/thumbnails/2979026/icomoon-free_2014-12-23_spinner11_22_0_007dff_none.png

If one of your emails entered into a Resending state due to some errors (5.4 Understanding email processing statuses) and you don't want to wait until the next scheduled retry then you have the option to trigger a forced retry. For doing this you should move your mouse over the email and click on the Force retry icon ( images/download/thumbnails/2979026/icomoon-free_2014-12-23_spinner11_22_0_007dff_none0.png ).

images/download/attachments/2979026/image2019-5-20_15-51-15.png

View email details

images/download/attachments/2979026/font-awesome_4-7-0_info-circle_22_0_007dff_none.png

Display details about the email and its processing history.

Clicking an Email history entry displays public details (that do not require authentication on MetaDefender Core) about the scan.

images/download/attachments/2979026/image2019-5-20_15-46-45.png

The View scan details link points to the scan details on the MetaDefender Core instance where the actual scanning took place.

Broken scan details links

The View scan details link utilizes the Core address as specified under Inventory > Server profiles. If Core is specified with an address that is not reachable on the machine where the actual browsing of the Web Management Console happens, then the browser will report error.

Example: Core and Email Gateway Security are installed on the same machine and Core is referenced with the URI http://127.0.0.1:8008 on Email Gateway Security. If Email Gateway Security's Web Management Console is browsed from any other machine, then (most probably) the View scan details link will be broken.

See also 3.7 Server profiles.

View scan details availability

The View scan details link works with MetaDefender Core version 4.7.0 (or later) only.

For MetaDefender Core versions earlier than 4.7.0 the Dashboard is opened.

From MetaDefender Email Gateway Security 4.2.0 you will need a logged in session to the MetaDefender Core to see the scan details.

Absolute scan details links

To generate the View scan details links, MetaDefender Email Gateway Security stores the actual Core IP where the current request's files were scanned.

As a result the View scan details links continue to work properly even after a new Core is configured instead the old one (given that the old Core is still available).

Breaking scan details links

View scan details links stop working after the referenced Core is uninstalled or migrated to a new address.

Processing history

The processing history section of the email details contains information about the processing of the email. The following type of entries are listed:

Type

Description

Example

StatusChange

Added when a status change occurs. If the status change was manually initiated, the message contains the name of the user that executed the REST call.

LOCAL/admin changed status from Failed to Pending

ScanFailed

Added when a scan failure occurs.

Scan failed on url https://localhost:8008 (Reason: Core unavailable)

SendDetails

Added when sending an email

Sending email to smtp://127.0.0.1:25

SendSucceeded

Added when sending an email succeeded

SMTP send succeeded to smtp://127.0.0.1:25

SendFailed

Added when a send failure occurs.

SMTP send failed to smtps://localhost:587 (Response: No connection could be made because the target machine actively refused it 127.0.0.1:587)

ModifyFailed

Added when an email cannot be modified/sanitized (e.g. parsing error).

 

ForkEmail

Occurs when an email is forked (e.g. different policy rules apply to different recipients, partial send failure for certain recipients).

 

DuplicateEmail

Occurs when email content is duplicated (e.g. original copy is moved to quarantine, quarantined original copy is forwarded).

 

ScanVerdict

Added when we receive a scan verdict for a file related to the email.

email/[body].txt: No Threat Detected

VaultUpload

Added when uploading an attachment to MetaDefender Vault

Attachment 'LargeAttachment' was uploaded to Vault

ModifyEmail

This event is added when all email modifications are complete and the email is ready to be sent.

Modification/Sanitization of email completed

Failed emails

Email history and Failed emails merged

Starting with MetaDefender Email Gateway Security version 4.7.0, the former Dashboard > Email history and Dashboard > Failed emails pages are merged into the Audit > Email History page.

Failure conditions

To understand in what conditions an email fails permanently, see section Permanent failure statuses in 5.4 Understanding email processing statuses.

Operations

Only for failed emails

The functions in this section are available for failed emails only.

If there are other than failed emails in the selection, then the function will execute for the failed selected entries only. For the rest of the entries, a notification is displayed.

The following operations are available on entries in the Email history:

  1. Retry Failed

  2. Retry

  3. Delete

  4. Download

Bulk operations

Operations on all failed items

Retry Failed

images/download/attachments/2979026/image2019-5-20_15-56-31.png

This function will call the 198213880 for all (visible and not visible) failed entries in the Email history.

Operations on selected items

Selecting entries

Use the checkbox in front of each row to select entries (or use the checkbox in the header row to select all visible items).

images/download/attachments/2979026/image2019-5-20_15-58-6.png

Retry

images/download/attachments/2979110/icomoon-free_2014-12-23_spinner11_22_0_007dff_none.png

Retry processing the email from the point where it failed and send it to the original recipient(s).

The email is removed from the permanent failures queue.

Delete

images/download/attachments/2979077/font-awesome_4-7-0_trash_22_0_007dff_none.png

Delete the email from the permanent failures queue without trying to reprocess it.

Download

images/download/attachments/2979026/font-awesome_4-7-0_download_22_0_2672fb_none.png

Download the selected original emails from the failed emails to the local hard drive.

The format of the downloaded emails is zipped MIME (.eml).

File naming

Component

File name

Extension

Archive package

EmailSecurity-Failed-<year>-<month>-<day>-<hour>-<minute>-<second>

.zip

Email file

<subject>_<unique ID>

.eml