10.0.6 - Message Logs - empty From-address for Rejected Mails
BWC
Cybersecurity Overlord ✭✭✭
Hi,
I'am currently investigating some DHA events and figured that the Message Logs at least in version 10.0.6 on different appliances, show just "unknown" as From-address for rejected mails.
This is IMHO not OK, at least in 10.0.2 this worked in a way where the original From-address was listed.
Is this a known bug and will be address in the already overdue update for the ESA?
--Michael@BWC
Category: Email Security Appliances
0
Comments
UPDATE: This is also valid for Hosted Email Security.
Anything marked as DHA and set to reject will never show the from address, only to to address.
If you set it to store in junkbox it should show the from address.
If there are messages being marked as DHA but the recipient exists you would first want to do a refresh users in the UI which will update right away.
New users from LDAP can take an hour or so to work.
David Wilbur
Technical Support Senior Advisor, Premier Services , SME Email Security
Hi @sonic_dave2469
sorry, I looked at the wrong place, From-address is unknown in older versions as well. But it makes no sense to NOT log the From-address, because it's essential to investigate in a typical scenario like this:
Customer: "A super important mail did not come through"
Me: "OK, let me check, what's the address of the sender?"
... see, suddenly this scenario gets a turn, it could be so easy, because the sender sent the mail to "muller@domain" instead of "mueller@domain". This would be a 10 second case and my customer would be happy, instead I have to start a fishing expedition.
RFE for the obvious or is this on your list already?
--Michael@BWC
Hello Michael@BWC,
I do not see anything matching on the lists already. I would say go ahead and file a new one.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
FYI have you seen these options on the bottom of the connection management page?
Delayed Connection Management
Reject connections: as soon as possible (better performance)
after all recipients are known (better tracking)
This is still about recipients not senders however setting the options for DHA to store in junkbox should show the senders full email address.
The option for delete may as well but to see all data store in junkbox would be best.
David Wilbur
Technical Support Senior Advisor, Premier Services , SME Email Security
Hi @sonic_dave2469
this option is one of the first I set for every new deployment, without it Connection Log would be somewhat useless.
But it does not address my main concern, the senders should be listed in the Message Log, no one wants DHA mails wasting space in the junkbox, IMHO.
--Michael@BWC
Hey @sonic_dave2469 ,
I can only agree with @BWC ,
The Message Log is so important to us and accurate and verbose information in there that we can sort and filter is imperative to our MSP operations. It's the single best feature of ES and should continue to be embellished.
..One of the things we tell our customers is that we will assist the customers/suppliers of our customers and we are always trawling this information for "clues".
Unknown is unhelpful. We may want to tell some customer... hey stop sending those automated emails to that user who doesn't exist anymore... (DHAed?)..
Unknown is unhelpful. If you've got it flaunt it.
My 2 cents.
Steph.