Envelope
and Header Summary section:
|
Received Time
|
Time that the appliance
received the message.
Dates and times are displayed using the local time configured on the appliance
.
|
MID
|
Unique
IronPort message ID.
|
Message Size
|
Message
size.
|
Subject
|
Subject
line of the message.
The subject
line in the tracking results may have the value “(No Subject)” if the message
does not have a subject, or if log files are not configured to record subject
headers. For more information, see
Logging
|
Envelope Sender
|
Address of
the sender in the SMTP envelope.
|
Envelope
Recipients
|
If your deployment uses the alias table for alias expansion, the search finds the expanded recipient addresses rather than
the original envelope addresses. For more information about Alias Tables, see “Creating Alias Tables” in the “Configuring
Routing and Delivery Features” chapter .
In all
other cases, message tracking queries find the original envelope recipient
addresses.
|
Message ID Header
|
The RFC 822
message header.
|
SMTP Auth User ID
|
SMTP
authenticated username of the sender, if the sender used SMTP authentication to
send the message. Otherwise, the value is “N/A.”
|
Attachments
|
The names
of files attached to the message.
Messages
that contain at least one attachment with the queried name will appear in the
search results.
Some
attachments may not be tracked. For performance reasons, scanning of attachment
names occurs only as part of other scanning operations, for example message or
content filtering, DLP, or disclaimer stamping. Attachment names are available
only for messages that pass through body scanning while the attachment is still
attached. Situations in which an attachment name will not appear in search
results include (but are not limited to):
- If the system only uses content filters, and a message is dropped or its attachment is stripped by anti-spam or anti-virus
filters
- If message splintering policies strip the attachment from some messages before body scanning occurs.
For
performance reasons, the names of files within attachments, such as OLE objects
or archives such as .ZIP files, are not searched.
|
[New Web Interface Only] Message Event
|
Select multiple events to include messages that match each event type.
|
Sending
Host Summary section
|
Reverse DNS Hostname
|
Name of the
sending host, as verified by reverse DNS (PTR) lookup.
|
IP Address
|
IP address
of the sending host.
|
IP Reputation Score
|
IP reputation score. The range is from 10 (likely a trustworthy sender) to -10 (apparent spammer). A score of “None” indicates
that there was no information about this host at the time the message was processed.
For more information about IP Reputation Service, see IP Reputation Filtering
|
Processing
Details section
|
Summary information
(If one
of the tabs below is displayed, this information is displayed in a tab. Summary
information always displays.)
|
The
Summary tab displays status events logged during the processing of the message.
Entries
include information about Mail Policy processing, such as Anti-Spam and
Anti-Virus scanning, and other events such as message splitting and custom log
entries added by a content or message filter.
If the
message was delivered, the details of the delivery are displayed here.
The last
recorded event is highlighted in the processing details.
|
DLP Matched Content tab
|
This tab
displays only for messages that were caught by DLP policies.
This tab
includes information about the match, as well as the sensitive content that
triggered the DLP policy match.
You must configure the appliance
to display this information. See Displaying Sensitive DLP Data in Message Tracking.
To
control access to this tab, see
Controlling Access to Sensitive Information in Message Tracking.
|
URL Details tab
|
This tab
displays only for messages caught by URL Reputation and URL Category content
filters and by outbreak filters.
This tab
displays the following information:
- The reputation score or
category associated with the URL
- The action performed on
the URL (rewrite, defang, or redirect)
- If a message contains
multiple URLs, which URL has triggered the filter action.
You must configure the appliance
to display this information. See Displaying URL Details in Message Tracking.
To
control access to this tab, see
Controlling Access to Sensitive Information in Message Tracking.
|