Message History

Hermes SEG keeps a log and a copy of each email message it sends and receives for archiving purposes. The number of log entries and actual messages the system keeps depends on the amount of storage space available on the system. The system automatically starts purging the oldest email logs and email messages once the internal storage reaches 95% capacity.

For a low to medium traffic system, an email archive of up to 5 years is possible assuming that no Email Archive job has been setup in order to free up space. If an email Archive job has been setup, the email archive can become virtually unlimited since the email messages will be stored off the local storage.

Message History Date/Time Range and Message Results Limit

By default, Message History displays the latest 1000 messages from the day before to the current day. Please note that if your system has processed more than 1000 messages during that time period, the displayed messages will not necessarily encompass that entire date/time rage. The date/time range as well as the number of messages to be displayed can be adjusted by setting the Start Date/Time, End Date/Time, Search Results Limit fields and clicking the Fetch Messages button (Figure 1). Please note setting the Search Results Limit to 10000 or 15000 messages will significantly increase the page loading time. It's best to have approximate dates and times if you wish to search for specific messages.

Figure 1

SortingSort Messages

You can sort messages by ascending or descending values by simply clicking the Archived, Date/Time, Sender IP, Return-Path, From, To, Subject, Score, Type and Action headers of the message results (Figure 2).

Figure 2

Searching

Search Messages

~~You can search email messages by~~ ~~Date/Time Range~~~~, the~~ ~~From~~ ~~field, the~~ ~~Return-Path~~ ~~field, the~~ To ~~field, the~~ ~~Subject~~ ~~field and you can also search in the~~ ~~body~~ ~~or a~~ ~~header~~ ~~of a message.~~

~~Searching by DATE/TIME~~

~~Searching by DATE/TIME allows you to search for messages that were received/sent between the dates and times you specify.~~

~~Ensure the Search Field(s) drop-down is set to~~ ~~DATE ONLY.~~ ~~Ensure~~ ~~Search Phrase~~ ~~field is empty.~~ Enter a ~~Start Date~~ ~~(you can click on the Calendar button to bring up the calendar to select a date or you can simply enter a date in the format~~ ~~dd/mm/yyyy~~) ~~Select a~~ ~~Start Time~~ ~~by selecting a an entry from the~~ ~~Start Time~~ ~~drop-down (entries are in 15-minute increments)~~ ~~Enter an~~ ~~End Date~~ ~~(you can click on the Calendar button to bring up the calendar to select a date or you can simply enter a date in the format~~ ~~dd/mm/yyyy)~~ ~~Select an~~ ~~End Time~~ ~~by selecting a an entry from the~~ ~~End Time~~ ~~drop-down (entries are in 15-minute increments)~~ ~~Click the~~ ~~Advanced Search~~ ~~button (~~~~Figure 4~~)

~~Figure 4~~

~~If any results are found they will be displayed underneath the Search section (~~~~Figure 5~~).

~~Figure 5~~

~~Searching by FROM, RETURN-PATH, TO, SUBJECT~~

~~Searching by FROM, RETURN-PATH, TO or SUBJECT allows you to~~ search ~~for messages that match the search criteria you specify in the From field, Return-Path field, the To field or the Subject field of a mesage.~~

~~Ensure the Search Field(s) drop-down is set to~~ ~~FROM, RETURN-PATH, TO or SUBJECT.~~ ~~Enter the criteria to search for~~term in the Search ~~Phrase~~ ~~field.~~ ~~Please note that in case of a Return-Path~~ field ~~search, the search criteria must be the exact email address or~~and the system will ~~not~~automatically ~~return~~filter ~~any~~messages ~~results.~~ ~~Click~~matching the ~~Advanced~~term ~~Search~~you ~~button~~entered. You can enter multiple search terms separated by a space (Figure 6).

~~Figure 6~~

~~If any results are found they will be displayed underneath the Search section (~~~~Figure 7~~).

~~Figure 7~~

~~Searching by BODY/HEADERS~~

~~Searching by the BODY/HEADERS allows you to search for messages that match the search criteria you specify in the body or the headers of messages. The search Criteria can be any keyword or phrase.~~

~~Search results for BODY/HEADERS searches are limited to a maximum of 500 entries.~~

~~While a BODY/HEADERS search is in progress, no other BODY/HEADER searches can be performed, however, other types of search by Date/Time Range, From, To and Subject field can still be performed.~~

~~Please note that BODY/HEADERS searches are limited to messages stored locally on the appliance. Any messages that have been archived outside the appliance will not be searched.~~

~~Ensure the Search Field(s) drop-down is set to~~ ~~BODY/HEADERS.~~ ~~Enter the criteria to search for in the~~ ~~Search Phrase~~ ~~field.~~ ~~Click the~~ ~~Advanced Search~~ ~~button (~~~~Figure 8~~).

~~Figure 8~~

~~Searching by BODY/HEADERS is a very system intensive operation~~. Search results are not displayed like all other searches. Instead the system creates a search job that runs in the background. While a BODY/HEADER search is in progress the system displays a red dot on the upper right-hand corner of the page above the ~~Earliest Message Date/Time~~ ~~field (~~~~Figure 9~~).

~~Figure 9~~

~~Clicking on the red dot will redirect to the~~ ~~Body/Headers Search History~~ ~~page, where you can view the status and/or cancel of a pending BODY/HEADERS search. If a search is pending and you wish to cancel it, you can click on the~~ ~~Cancel~~ ~~button under the Cancel column of a pending search (~~~~Figure 10~~).

~~Figure 10~~

~~After a BODY/HEADERS search is complete, the red dot will turn green (~~~~Figure 11~~).

~~Figure 11~~

~~Clicking on the green dot will redirect to the~~ ~~Body/Headers Search History~~ ~~page, where you can view the search results and/or delete the search results of the BODY/HEADERS search. You can view the search results by clicking on the~~ ~~View~~ ~~button under the~~ ~~Results~~ ~~column or you can delete the search results by clicking the~~ ~~Delete~~ ~~button under the~~ ~~Delete~~ ~~column (~~~~Figure 12~~).

~~Figure 12~~

~~Clicking on the~~ ~~View~~ ~~button, will re-direct you back to the~~ ~~Message History & Archive~~ ~~page where it will display~~ ~~ONLY~~ ~~the results of the BODY/HEADER search (~~~~Figure 13~~).

~~Figure 13~~

~~After you finished reviewing~~ ~~you MUST clear the BODY/HEADER results~~ ~~from the~~ ~~Message History & Archive~~ ~~page by clicking on the~~ ~~Clear & Sort~~ ~~button on top of the page (~~~~Figure 14~~~~). Clearing the BODY/HEADER results will revert the~~ ~~Message History & Archive~~ ~~page to displaying the default message history.~~

~~Figure 14~~

Release Email Messages to Internal Recipient Mailboxes

~~Releasing messages will instruct the sytem to deliver the messages selected to the intended~~ ~~Internal Recipient~~ mailbox. This action can be performed for any type of message regardless if the message was inititally quarantined. This is useful for releasing lost email back to users or releasing quarantined messages that were never delivered to the user's mailbox.

~~The system can ONLY release messages stored in local storage. Messages that have been archived to external storage via an Archive Job cannot be released. They can only be viewed and/or downloaded.~~

When you click on Release Msg button the system will NOT display a loading message like normal (Figure 15) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

~~Figure 15~~

~~On the~~ ~~Message History & Archive~~ ~~page, in the message history section, place a check on the checkbox(es) under the~~ ~~Select~~ ~~column of the message(s) you wish to release and then click on the~~ ~~Release Msg~~ ~~button (~~~~Figure 16~~).

~~Figure 16~~

~~Messages will be released and delivered to the intended Internal Recipient mailbox indicated in the~~ To ~~column of each respective message.~~

Create Block & Allow Sender Rules

Block/Allow rules should NOT be used as a method of spam control. Spam should be handled by training the Bayes Filter instead. Legitimate mass marketing email campaigns should be handled by unsubscribing from those campaigns.

When you click on Block Sender or the Allow Sender buttons the system will NOT display a loading message like normal (Figure 17) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

~~Figure 17~~

~~You can easily create Block/Allow rules by selecting one or more messages and clicking either the~~ ~~Block Sender~~ ~~or the~~ ~~Allow Sender~~ ~~buttons (~~~~Figure 18~~).

~~Figure 18~~

~~This will automatically create rules with either a Block or Allow action under the~~ ~~Content Checks --> Sender Checks Bypass~~ ~~section using the the email address displayed in the~~ ~~From~~ ~~column as the Sender and the Internal Recipient email address displayed in the~~ To ~~column of the Message History section.~~

~~Note, that most marketing/spam email campaigns will auto generate the~~ ~~From~~ ~~email address each time they send out emails. An auto generated email address will look similar to the example below:~~

d-3-2492042-40004013-2-1-us2-c2bf84fa@aflac-onlineservices.com

~~In this example, each time an email goes out from this email campaign, the string before the~~ @ ~~(d-3-2492042-40004013-2-1-us2-c2bf84fa) will always be different while the domain string after the~~ @ ~~(aflac-onlineservices.com) will remain the same. Therefore, creating a block/allow rule using the~~ ~~From~~ ~~email address is pointless since the Block/Allow rule you previously created will not fire next time an email from this marketing campaign gets received since the string before the~~ @ ~~will be different. In these cases, it's recommended to navigate to~~ ~~Content Checks --> Sender Check Bypass~~ ~~and follow the instructions under the~~ ~~Add Domain Sender Check Bypass to Internal Recipient~~ ~~section~~ ~~in order to create a rule by using the domain string after the~~ @ ~~(aflac-onlineservices.com).~~

Train the Bayes Database

The Bayes Database needs to be initially trained with at least 200 spam messages before it becomes enabled. The more you train the Bayes Database the more accurate it becomes, however anything over 5000 messages does not seem to improve accuracy.

~~You can check if the Bayes Database is enabled by running the following command in a command prompt:~~

spamassassin -D --lint 2>> sa.txt

~~Next, list the contents of~~ ~~sa.txt~~:

cat sa.txt

If you see an entry similar to the one below, this indicates that the Bayes Database is disabled and it needs to be trained further before it becomes enabled. In the example below, the Bayes Database needs to be trained with 189 additional spam messages ( 200-11=189):

debug: bayes: Not available for scanning, only 11 spam(s) in 
Bayes DB < 200

You should NEVER use legitimate mass marketing emails to train the Bayes Database as Spam. Inversely, you should NEVER use spam emails to train the Bayes Database as non-spam. These actions will corrupt the Bayes Database and lead to the system misidentifying spam and non-spam emails. Additionally, you should avoid training the Bayes Database with forwarded spam emails.

~~When you click on the Train as Spam or the Train as NOT Spam buttons the system will NOT not display a loading message like normal (~~~~Figure 19~~) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

~~Figure 19~~

~~Train as Spam~~

~~On the~~ ~~Message History & Archive~~ ~~page, in the message history section, place a check on the checkbox(es) under the~~ ~~Select~~ ~~column of~~ ~~spam message(s)~~ ~~you wish to use for training the Bayes Database and then click on the~~ ~~Train as Spam~~ ~~button (~~~~Figure 20~~).

~~Figure 20~~

~~Train as NOT Spam~~

~~On the~~ ~~Message History & Archive~~ ~~page, in the message history section, place a check on the checkbox(es) under the~~ ~~Select~~ ~~column of the~~ ~~NON spam message(s)~~ ~~you wish to use for training the Bayes Database and then click on the~~ ~~Train as NOT Spam~~ ~~button (~~~~Figure 21~~).

~~Figure 21~~

View & Download Email Messages

~~On the~~ ~~Message History & Archive~~ ~~page, under the View column, click on the~~ ~~icon of the message you wish to view and/or download~~. ~~You will be redirected to the~~ ~~View Message~~ ~~page (~~~~Figure 22~~).

~~When viewing a message, the system automatically disables links and any external content automatically.~~

~~Figure 22~~

~~The~~ ~~View Message~~ ~~page is organized in 5 sections:~~

~~Command Buttons~~ ~~- This section contains the following 6 buttons:~~

~~Back~~ ~~- Allows you to return to the Message History & Archive Page while keeping any search parameters intact.~~ ~~Block~~ ~~- Allows you to set a Block Rule for the sender of the message.~~ ~~Allow~~ ~~- Allows you to set an Allow Rule for the sender of the message.~~ ~~Release~~ ~~- Allows you to release the message to the Internal Recipient mailbox.~~ ~~Spam~~ ~~- Allows you to train the Bayes Database with the message as spam.~~ ~~NOT Spam~~ ~~- Allows you to train the Bayes Database with the message as Non-Spam (~~~~Figure 23~~).

~~Figure 23~~

~~Download Message~~ ~~- Clicking on the Download Message link will allow you to download the message in .eml format which can be opened by an email client such as Outlook (~~~~Figure 24~~).

~~Use extreme care when downloading messages and/or opening attachments within messages since they may contain malware.~~

~~Figure 24~~

~~Message Details~~ ~~- This section shows the following headers of the message:~~

~~Date~~ ~~- The date the message was received/sent~~ ~~Return-Path~~ ~~- This is the email address that is to be used for non-delivery receipts. This is the header that the system uses in order to create the Block/Allow rules.~~ ~~From~~ - This is the email address indicating who the message is from, however this can be easily forged or it can be different from the Return-Path header is the email was sent on the behalf of someone else. This header is NOT used by the system for Block/Allow rules. ~~X-Envelope-To~~ ~~- This is the email address of the original recipient based on the SMTP envelope. This is the header that the system uses in order to create the Block/Allow rules.~~ To ~~- The email address the message was delivered to. This does NOT always match the final recipient, thus this header is NOT used by the sytem for Block/Allow rules.~~ CC ~~- This is the the email address that a copy of the message was also sent to. This header is not necessarily populated.~~ ~~Subject~~ ~~- This is the subject header of the message (~~~~Figure 25~~).

~~Figure 25~~

~~Message Body~~ ~~- This section shows the content inside the body of a message. The body section has two modes to display the body of a message:~~

~~Show Msg Body as HTML~~ ~~- This is the default mode when viewing a message. This mode displays any HTML elements that may be inside the body of a message (~~~~Figure 26~~).

~~Figure 26~~

~~If the message body is blank, the message may not contain HTML elements, in that case try clicking on the Show Msg Body as Text selection.~~

~~Show Msg Body as Text~~ ~~- This mode displays the body of a message in text only (~~~~Figure 27~~).

~~Figure 27~~

~~Message Headers~~ ~~- This section shows the message headers which can contain a lot of useful information such as spam score, the antispam filter tests that it scored, the sending email server IP address etc. (~~~~Figure 28~~3).

Figure 283