Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

10.0.6 - Message Logs - empty From-address for Rejected Mails

BWCBWC Cybersecurity Overlord ✭✭✭


I'am currently investigating some DHA events and figured that the Message Logs at least in version 10.0.6 on different appliances, show just "unknown" as From-address for rejected mails.

This is IMHO not OK, at least in 10.0.2 this worked in a way where the original From-address was listed.

Is this a known bug and will be address in the already overdue update for the ESA?


Category: Email Security Appliances


  • BWCBWC Cybersecurity Overlord ✭✭✭

    UPDATE: This is also valid for Hosted Email Security.

  • David WDavid W SonicWall Employee

    Anything marked as DHA and set to reject will never show the from address, only to to address.

    If you set it to store in junkbox it should show the from address.

    If there are messages being marked as DHA but the recipient exists you would first want to do a refresh users in the UI which will update right away.

    New users from LDAP can take an hour or so to work.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @sonic_dave2469

    sorry, I looked at the wrong place, From-address is unknown in older versions as well. But it makes no sense to NOT log the From-address, because it's essential to investigate in a typical scenario like this:

    Customer: "A super important mail did not come through"

    Me: "OK, let me check, what's the address of the sender?"

    ... see, suddenly this scenario gets a turn, it could be so easy, because the sender sent the mail to "muller@domain" instead of "mueller@domain". This would be a 10 second case and my customer would be happy, instead I have to start a fishing expedition.

    RFE for the obvious or is this on your list already?


  • Hello Michael@BWC,

    I do not see anything matching on the lists already. I would say go ahead and file a new one.


    Shipra Sahu

    Technical Support Advisor, Premier Services

  • David WDavid W SonicWall Employee
    edited June 2020

    FYI have you seen these options on the bottom of the connection management page?

    Delayed Connection Management

      Reject connections: as soon as possible (better performance)

    after all recipients are known (better tracking)

    This is still about recipients not senders however setting the options for DHA to store in junkbox should show the senders full email address.

    The option for delete may as well but to see all data store in junkbox would be best.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @sonic_dave2469

    this option is one of the first I set for every new deployment, without it Connection Log would be somewhat useless.

    But it does not address my main concern, the senders should be listed in the Message Log, no one wants DHA mails wasting space in the junkbox, IMHO.


  • Halon5Halon5 Enthusiast ✭✭
    edited June 2020

    Hey @sonic_dave2469 ,

    I can only agree with @BWC ,

    The Message Log is so important to us and accurate and verbose information in there that we can sort and filter is imperative to our MSP operations. It's the single best feature of ES and should continue to be embellished.

    ..One of the things we tell our customers is that we will assist the customers/suppliers of our customers and we are always trawling this information for "clues".

    Unknown is unhelpful. We may want to tell some customer... hey stop sending those automated emails to that user who doesn't exist anymore... (DHAed?)..

    Unknown is unhelpful. If you've got it flaunt it.

    My 2 cents.


Sign In or Register to comment.