5.2. Email History


Audit > Email History shows information about processing details and email related events in the system.

No auto refresh

Due to usability reasons the Email history list is not updated automatically. Click the Refresh icon to update.


N/A Scan result

The N/A Scan result value means that MetaDefender Core was not involved in the processing of this entry.

Such cases are:

  • Notifications for blocked emails

  • Released from quarantine

  • Forwarded from quarantine

  • Delivered for external quarantining

Empty Rule

The empty Rule value means that the email was not received from outside, but was generated from within Email Gateway Security.

Such cases are:

  • Notifications for blocked emails

  • Email alerts

  • Quarantine reports


The list of emails can be filtered by the:

  1. Date,

  2. Sender,

  3. Recipient,

  4. Subject,

  5. Status

  6. Scan verdict

  7. Whether the email has attachments or not,

  8. Rule priority,

  9. Classifications (see 5.11. Email classifications) and

  10. Tags (see 5.12. Email tags).

Multiple values

For the status, classifications and tags filters multiple values can be specified.

Time window

For the date filter a time window can be specified.


Email details

Clicking an Email history list entry displays public details about the processing of the specific email.


The [Show result] link points to the scan details on the MetaDefender Core instance where the actual scanning took place.

Broken scan details links

The [Show result] link utilizes the Core address as specified under Settings > Server profiles. If Core is specified with an address that is not reachable on the machine where the actual browsing of the web management console happens, then the browser will report error.


Core and Email Gateway Security are installed on the same machine and Core is referenced with the URI on Email Gateway Security. If Email Gateway Security's web management console is browsed from any other machine, then (most probably) the [Show result] link will be broken.

For details see 4.6. Server profiles.


To reflect the risk level of a certain email, Email Gateway Security applies classifications. For details see 5.11. Email classifications.


The priority of the email is displayed in the list and in the Email details view. The following icons represent each priority:

  1. High:

  2. Low:

For details see 4.4. Policy.

Processing history

The processing history section of the email details contains information about the processing of the email.


The following type of entries are listed:





Added when a status change occurs. If the status change was manually initiated, the message contains the name of the user that executed the REST call.

LOCAL/admin changed status from Failed to Pending


Added when a scan failure occurs.

Scan failed on url https://localhost:8008 (Reason: Core unavailable)


Added when sending an email

Sending email to smtp://


Added when sending an email succeeded

SMTP send succeeded to smtp://


Added when a send failure occurs.

SMTP send failed to smtps://localhost:587 (Response: No connection could be made because the target machine actively refused it


Added when an email cannot be modified/sanitized (e.g. parsing error).



Occurs when an email is forked (e.g. different policy rules apply to different recipients, partial send failure for certain recipients).



Occurs when email content is duplicated (e.g. original copy is moved to quarantine, quarantined original copy is forwarded).



Added when we receive a scan verdict for a file related to the email.

email/[body].txt: No Threat Detected


Added when uploading an attachment to MetaDefender Vault

Attachment 'LargeAttachment' was uploaded to Vault


This event is added when all email modifications are complete and the email is ready to be sent.

Modification/Sanitization of email completed



Configure scheduled Email History cleanup under Settings > Data Retention / Email history cleanup schedule.



To clean-up Email History on demand click the broom icon and select the time window of the cleanup.

images/download/attachments/5715897/image-20200327-120511.png images/download/attachments/5715897/image-20200327-120532.png


Bulk email operations

Use the checkbox in front of each row to select entries (or use the checkbox in the header row to select all visible items).

Only visible selected

Only visible elements are selected. Elements that are not visible (due to pagination, search or filtering) are not selected even by the select all checkbox.

Only Failed or Reprocessing can be selected

Only emails that are in the Failed or Reprocessing status can be selected cause these are the only emails where bulk operations (Retry email, Delete email, Download email) are applicable.

For other entries the original email is not kept, hence the operations would not work.

To understand what can make an email to be failed see the section Processing status values.


Operations that applicable to all selected

Only those operations are available that are applicable to all emails that are selected.

For example if both Failed and Reprocessing mails are in the selection, then the Retry email function will be available.


Export to CSV

Clicking the Export to CSV button will export the history list (according to the actual filter conditions) to a CSV file.


Data range

The currently active filter conditions apply to the exported list.

All filtered data gets exported, even if the list expands to multiple pages.

Differentiating forked emails

In some cases there are seemingly duplicate entries in Email history. Such cases are when an email is:

  • Released from quarantine,

  • Forwarded from quarantine,

  • Delivered for external quarantining.

These cases are marked in Email history with the following icons in the history list:


Processing status values

Workflow statuses

Emails with statuses listed below are progressing through the MetaDefender Email Gateway Security workflow.


Email is queued waiting to be processed.


Email is currently being processed.


Email has been processed and is being delivered to the SMTP relay server.


This status is deprecated since 4.4.0. It was replaced by Sent and Blocked

Email has been successfully processed and sent forward or blocked.


Email has been successfully processed and forwarded.


Email has been blocked.

Temporary failure statuses

Emails with statuses listed below are in automatic retry sequence.


MetaDefender Email Gateway Security has failed to process the email and it is currently pending a retry.

Possible causes

  • MetaDefender Core server down/not responding

  • Archive engine is not active on MetaDefender Core images/download/attachments/5715897/image-20200330-103449.png

  • Enable archive handling is not enabled for the rules on MetaDefender Core (that are defined in the Core server policies that are in use by the rules on MetaDefender Email Gateway Security) images/download/attachments/5715897/image-20200330-103536.png images/download/attachments/5715897/image-20200330-103321.png


MetaDefender Email Gateway Security has failed to forward the email to the SMTP relay server and is currently pending retry.

Possible causes

  • SMTP relay server down/not responding

  • SMTP relay server rejects the email

Permanent failure statuses

Emails with statuses listed below require user interaction, since retry sequence is exhausted.


Email has exceeded the retry count and cannot be processed/delivered.

Possible causes

  • Exhausted temporary processing failures (see 4.3. Settings) lead to this permanent failure status.

Possible actions

  • Manually retry/delete email from the MetaDefender Email Gateway Security web interface.


No policy rule is found matching the email and requires manual delivery

Possible actions

  • Manually retry/delete email from the MetaDefender Email Gateway Security web interface.

Other statuses


Email is located in quarantine.

Possible actions

  • Manually deliver/delete/forward email from the MetaDefender Email Gateway Security web interface.


Emails with this status has been manually deleted by a user.