4.4 Email history
Email history and Failed emails merged
Starting with MetaDefender Email Gateway Security version 4.7.0, the former Dashboard > Email history and Dashboard > Failed emails pages are merged into the Audit > Email History page.
Email history
Audit > Email History shows information about email events in the system.
On the Email history page you can search for RECEIVED DATE, SCAN VERDICT, STATUS, SENDER, RECIPIENT(S), EMAIL RULE, DIRECTION and SUBJECT (DIRECTION and EMAIL RULE are not displayed in the list).
No auto refresh
Due to usability reasons the Email history list is not updated automatically. Click the Refresh icon to update.
N/A values
The SCAN VERDICT value N/A means that MetaDefender Core was not involved in the processing of this entry.
Such cases are:
-
Notifications for blocked emails
-
Released from quarantine
-
Forwarded from quarantine
-
Delivered for external quarantining
Differentiating forked emails
In some cases there are seemingly duplicate entries in Email history. Such cases are when an email is:
-
Released from quarantine,
-
Forwarded from quarantine,
-
Delivered for external quarantining.
These cases are marked in Email history with the following icons in front of the RECIPIENT(S) value:
Icon |
Fork case |
|
Released from quarantine |
|
Forwarded from quarantine |
|
Delivered for external quarantining |
Example
In the example below the quarantined (down) and the released-from-quarantine (over) email can be observed.
Operations
Export to CSV
Clicking the EXPORT TO CSV button will export the history list (according to the actual filter conditions) to a CSV file.
Data range
The currently active filter conditions apply to the exported list.
All filtered data gets exported, even if the list expands to multiple pages.
CSV file download
The CSV file is written into a HTTP stream, so it gets downloaded by the browser immediately, automatically.
The CSV file is named according to the following scheme:
emailhistory-<yyyy>-<MM>-<dd>-<HH>-<mm>-<ss>.csv
For example, if the export happened on 06th November, 2019; at 09:55:51 AM:
emailhistory-2019-11-06-09-55-51.csv
The history above exports to the following CSV:
Force retry
If one of your emails entered into a Resending state due to some errors (5.4 Understanding email processing statuses) and you don't want to wait until the next scheduled retry then you have the option to trigger a forced retry. For doing this you should move your mouse over the email and click on the Force retry icon ( ).
View email details
Display details about the email and its processing history.
Clicking an Email history entry displays public details (that do not require authentication on MetaDefender Core) about the scan.
The View scan details link points to the scan details on the MetaDefender Core instance where the actual scanning took place.
Broken scan details links
The View scan details link utilizes the Core address as specified under Inventory > Server profiles. If Core is specified with an address that is not reachable on the machine where the actual browsing of the Web Management Console happens, then the browser will report error.
Example: Core and Email Gateway Security are installed on the same machine and Core is referenced with the URI http://127.0.0.1:8008 on Email Gateway Security. If Email Gateway Security's Web Management Console is browsed from any other machine, then (most probably) the View scan details link will be broken.
See also 3.7 Server profiles.
View scan details availability
The View scan details link works with MetaDefender Core version 4.7.0 (or later) only.
For MetaDefender Core versions earlier than 4.7.0 the Dashboard is opened.
From MetaDefender Email Gateway Security 4.2.0 you will need a logged in session to the MetaDefender Core to see the scan details.
Absolute scan details links
To generate the View scan details links, MetaDefender Email Gateway Security stores the actual Core IP where the current request's files were scanned.
As a result the View scan details links continue to work properly even after a new Core is configured instead the old one (given that the old Core is still available).
Breaking scan details links
View scan details links stop working after the referenced Core is uninstalled or migrated to a new address.
Processing history
The processing history section of the email details contains information about the processing of the email. The following type of entries are listed:
Type |
Description |
Example |
StatusChange |
Added when a status change occurs. If the status change was manually initiated, the message contains the name of the user that executed the REST call. |
LOCAL/admin changed status from Failed to Pending |
ScanFailed |
Added when a scan failure occurs. |
Scan failed on url https://localhost:8008 (Reason: Core unavailable) |
SendDetails |
Added when sending an email |
Sending email to smtp://127.0.0.1:25 |
SendSucceeded |
Added when sending an email succeeded |
SMTP send succeeded to smtp://127.0.0.1:25 |
SendFailed |
Added when a send failure occurs. |
SMTP send failed to smtps://localhost:587 (Response: No connection could be made because the target machine actively refused it 127.0.0.1:587) |
ModifyFailed |
Added when an email cannot be modified/sanitized (e.g. parsing error). |
|
ForkEmail |
Occurs when an email is forked (e.g. different policy rules apply to different recipients, partial send failure for certain recipients). |
|
DuplicateEmail |
Occurs when email content is duplicated (e.g. original copy is moved to quarantine, quarantined original copy is forwarded). |
|
ScanVerdict |
Added when we receive a scan verdict for a file related to the email. |
email/[body].txt: No Threat Detected |
VaultUpload |
Added when uploading an attachment to MetaDefender Vault |
Attachment 'LargeAttachment' was uploaded to Vault |
ModifyEmail |
This event is added when all email modifications are complete and the email is ready to be sent. |
Modification/Sanitization of email completed |
Failed emails
Email history and Failed emails merged
Starting with MetaDefender Email Gateway Security version 4.7.0, the former Dashboard > Email history and Dashboard > Failed emails pages are merged into the Audit > Email History page.
Failure conditions
To understand in what conditions an email fails permanently, see section Permanent failure statuses in 5.4 Understanding email processing statuses.
Operations
Only for failed emails
The functions in this section are available for failed emails only.
If there are other than failed emails in the selection, then the function will execute for the failed selected entries only. For the rest of the entries, a notification is displayed.
The following operations are available on entries in the Email history:
-
Retry Failed
-
Retry
-
Delete
-
Download
Bulk operations
Operations on all failed items
Retry Failed
This function will call the 198213880 for all (visible and not visible) failed entries in the Email history.
Operations on selected items
Selecting entries
Use the checkbox in front of each row to select entries (or use the checkbox in the header row to select all visible items).
Retry
Retry processing the email from the point where it failed and send it to the original recipient(s).
The email is removed from the permanent failures queue.
Delete
Delete the email from the permanent failures queue without trying to reprocess it.
Download
Download the selected original emails from the failed emails to the local hard drive.
The format of the downloaded emails is zipped MIME (.eml).
File naming
Component |
File name |
Extension |
Archive package |
EmailSecurity-Failed-<year>-<month>-<day>-<hour>-<minute>-<second> |
.zip |
Email file |
<subject>_<unique ID> |
.eml |