5.2. Email History
Overview
Audit > Email History shows information about processing details and email related events in the system.
No auto refresh
Due to usability reasons the Email history list is not updated automatically. Click the Refresh icon to update.
N/A Scan result
The N/A Scan result value means that MetaDefender Core was not involved in the processing of this entry.
Such cases are:
-
Notifications for blocked emails
-
Released from quarantine
-
Forwarded from quarantine
-
Delivered for external quarantining
Empty Rule
The empty Rule value means that the email was not received from outside, but was generated from within Email Gateway Security.
Such cases are:
-
Notifications for blocked emails
-
Email alerts
-
Quarantine reports
Search
On the Email history page you can search for (marked red in the image below) the Date, Scan result, Status, Sender, Recipient, Rule, Subject and Rule direction (for Rule direction see 4.4. Policy).
Filtering
The list of emails can be filtered by the:
-
Date,
-
Sender,
-
Recipient,
-
Subject,
-
Status
-
Scan verdict
-
Whether the email has attachments or not,
-
Rule priority,
-
Classifications (see 5.11. Email classifications) and
-
Tags (see 5.12. Email tags).
Multiple values
For the status, classifications and tags filters multiple values can be specified.
Time window
For the date filter a time window can be specified.
Email details
Clicking an Email history list entry displays public details about the processing of the specific email.
The [Show result] link points to the scan details on the MetaDefender Core instance where the actual scanning took place.
Broken scan details links
The [Show result] link utilizes the Core address as specified under Settings > Server profiles. If Core is specified with an address that is not reachable on the machine where the actual browsing of the web management console happens, then the browser will report error.
Example
Core and Email Gateway Security are installed on the same machine and Core is referenced with the URI http://127.0.0.1:8008 on Email Gateway Security. If Email Gateway Security's web management console is browsed from any other machine, then (most probably) the [Show result] link will be broken.
For details see 4.6. Server profiles.
Classifications
To reflect the risk level of a certain email, Email Gateway Security applies classifications. For details see 5.11. Email classifications.
Priority
The priority of the email is displayed in the list and in the Email details view. The following icons represent each priority:
-
High: ↑
-
Low: ↓
For details see 4.4. Policy.
Processing history
The processing history section of the email details contains information about the processing of the email.
The following type of entries are listed:
Type |
Description |
Example |
StatusChange |
Added when a status change occurs. If the status change was manually initiated, the message contains the name of the user that executed the REST call. |
LOCAL/admin changed status from Failed to Pending |
ScanFailed |
Added when a scan failure occurs. |
Scan failed on url https://localhost:8008 (Reason: Core unavailable) |
SendDetails |
Added when sending an email |
Sending email to smtp://127.0.0.1:25 |
SendSucceeded |
Added when sending an email succeeded |
SMTP send succeeded to smtp://127.0.0.1:25 |
SendFailed |
Added when a send failure occurs. |
SMTP send failed to smtps://localhost:587 (Response: No connection could be made because the target machine actively refused it 127.0.0.1:587) |
ModifyFailed |
Added when an email cannot be modified/sanitized (e.g. parsing error). |
|
ForkEmail |
Occurs when an email is forked (e.g. different policy rules apply to different recipients, partial send failure for certain recipients). |
|
DuplicateEmail |
Occurs when email content is duplicated (e.g. original copy is moved to quarantine, quarantined original copy is forwarded). |
|
ScanVerdict |
Added when we receive a scan verdict for a file related to the email. |
email/[body].txt: No Threat Detected |
VaultUpload |
Added when uploading an attachment to MetaDefender Vault |
Attachment 'LargeAttachment' was uploaded to Vault |
ModifyEmail |
This event is added when all email modifications are complete and the email is ready to be sent. |
Modification/Sanitization of email completed |
Cleanup
Scheduled
Configure scheduled Email History cleanup under Settings > Data Retention / Email history cleanup schedule.
On-demand
To clean-up Email History on demand click the broom icon and select the time window of the cleanup.
Operations
Bulk email operations
Use the checkbox in front of each row to select entries (or use the checkbox in the header row to select all visible items).
Only visible selected
Only visible elements are selected. Elements that are not visible (due to pagination, search or filtering) are not selected even by the select all checkbox.
Only Failed or Reprocessing can be selected
Only emails that are in the Failed or Reprocessing status can be selected cause these are the only emails where bulk operations (Retry email, Delete email, Download email) are applicable.
For other entries the original email is not kept, hence the operations would not work.
To understand what can make an email to be failed see the section Processing status values.
Operations that applicable to all selected
Only those operations are available that are applicable to all emails that are selected.
For example if both Failed and Reprocessing mails are in the selection, then the Retry email function will be available.
Export to CSV
Clicking the Export to CSV button will export the history list (according to the actual filter conditions) to a CSV file.
Data range
The currently active filter conditions apply to the exported list.
All filtered data gets exported, even if the list expands to multiple pages.
Differentiating forked emails
In some cases there are seemingly duplicate entries in Email history. Such cases are when an email is:
-
Released from quarantine,
-
Forwarded from quarantine,
-
Delivered for external quarantining.
These cases are marked in Email history with the following icons in the history list:
Icon |
Fork case |
Released from quarantine |
|
Forwarded from quarantine |
|
Delivered for external quarantining |
Processing status values
Workflow statuses
Emails with statuses listed below are progressing through the MetaDefender Email Gateway Security workflow.
Pending
Email is queued waiting to be processed.
Processing
Email is currently being processed.
Sending
Email has been processed and is being delivered to the SMTP relay server.
Completed
This status is deprecated since 4.4.0. It was replaced by Sent and Blocked
Email has been successfully processed and sent forward or blocked.
Sent
Email has been successfully processed and forwarded.
Blocked
Email has been blocked.
Temporary failure statuses
Emails with statuses listed below are in automatic retry sequence.
Reprocessing
MetaDefender Email Gateway Security has failed to process the email and it is currently pending a retry.
Possible causes
-
MetaDefender Core server down/not responding
-
Archive engine is not active on MetaDefender Core
-
Enable archive handling is not enabled for the rules on MetaDefender Core (that are defined in the Core server policies that are in use by the rules on MetaDefender Email Gateway Security)
Resending
MetaDefender Email Gateway Security has failed to forward the email to the SMTP relay server and is currently pending retry.
Possible causes
-
SMTP relay server down/not responding
-
SMTP relay server rejects the email
Permanent failure statuses
Emails with statuses listed below require user interaction, since retry sequence is exhausted.
Failed
Email has exceeded the retry count and cannot be processed/delivered.
Possible causes
-
Exhausted temporary processing failures (see 4.3. Settings) lead to this permanent failure status.
Possible actions
-
Manually retry/delete email from the MetaDefender Email Gateway Security web interface.
Forbidden
No policy rule is found matching the email and requires manual delivery
Possible actions
-
Manually retry/delete email from the MetaDefender Email Gateway Security web interface.
Other statuses
Quarantined
Email is located in quarantine.
Possible actions
-
Manually deliver/delete/forward email from the MetaDefender Email Gateway Security web interface.
Deleted
Emails with this status has been manually deleted by a user.