Skip to main content

Message History

Hermes SEG keeps a log and a copy of each email message it sends and receives for archiving purposes. The number of log entries and actual messages the system keeps depends on the amount of storage space available on the system. The system automatically starts purging the oldest email logs and email messages once the internal storage reaches 95% capacity.

You can easily see the data/time of the oldest message that the system has retained by looking on the upper right-hand corner of the page in the Earliest Message Date/Time field (Figure 1).

Figure 1

image-1606139654835.png

For a low to medium traffic system, an email archive of up to 5 years is possible assuming that no Email Archive job has been setup in order to free up space. If an email Archive job has been setup, the email archive can become virtually unlimited since the email messages will be stored off the local storage.

In

Message thisHistory pageDate/Time youRange willand beMessage ableResults to perform the following functions:

Limit

  • Set the Number of Mesages to Display
  • Sort Email Messages
  • Search Email Messages
  • Release Email Messages to Internal Recipient Mailboxes
  • Create Block & Allow Sender Rules
  • Train the Bayes Database
  • View & Download Email Messages

For security reasons, the following keywords are not allowed in any search field:

  • Select
  • Update
  • join
  • delete
  • insert
  • all
  • drop

Set the Number of Messages to Display

By defaultdefault, the Message History &displays Archivethe latest 1000 page displays 25 messages atfrom athe time.day You can selectbefore to display 5075 or 100 the current day. Please note that if your system has processed more than 1000 messages atduring athat time.

time
  1. Click onperiod, the thedisplayed drop-downmessages fnextwill tonot the Nonecessarily ofencompass Msgsthat toentire display field,date/time selectrage. The date/time range as well as the number of messages to be displayed can be adjusted by setting the Start Date/Time, End Date/Time, Search Results Limit fields and clicking the Fetch Messages button (Figure 1). Please note setting the Search Results Limit to 10000 or 15000 messages will significantly increase the page loading time. It's best to have approximate dates and times if you wish to displaysearch for specific messages.
  2. Figure 1

    image.png

    Sorting Messages

    You can sort messages by ascending or descending values by simply clicking the Archived, Date/Time, Sender IP, Return-Path, From, To, Subject, Score, Type and clickAction onheaders the Go buttonof the message results (Figure 2)2).

Figure 2

image-1606139672498.pngimage.png

Sort
Email Messages

  1. Click on drop-down field containing the messages types, select a message type you wish to sort for and click on the Clear & Sort button (Figure 3).

Figure 3

image-1606139682873.png

 

You can sort by the following types of messages:

  • ALL - These selection will display all messages regardless of message type.
  • Clean (Passed) - These are email messages that no problems were found and were succesfully delivered to their intended recipient.
  • Spam (Passed) - These are email messages that were tagged as Spam but they did not score high enough to be quarantined, thus they were succesfully delivered to their intended recipient albeit tagged as Spam.
  • Spam (Quarantined) - These are email messages that were tagged as Spam and scored high enough to be quarantined.
  • Bad-Header (Quarantined) - These are email messages that were detected as having bad headers thus they were quarantined.
  • Banned (Quarantined) - These are email messages that contained banned file attachments thus they were quarantined.
  • Virus (Quarantined) - These are email messages that contained malware thus they were quarantined.

If you sort by any type of message, in other words if the message type selection drop-down is set to anything but the ALL entry, message searches will be performed for the message type selected. For example, if you have sorted by the message type Spam (Quarantined) and you perform a search by date range, the results are only going to show entries matching the date range AND the message type Spam (Quarantined). If you wish to perform a search for all messages, ensure you have sorted by ALL message types.

Clicking on the Clear & Sort button, will clear any previous searches.

Search EmailSearching Messages

You can search email messages by by Date/Time Range, the the From  field, the the Return-Path  field, the the To  field, the the Subject  field and you can also search in the the body  or header  of a message.

Searching by DATE/TIME

Searching by DATE/TIME allows you to search for messages that were received/sent between the dates and times you specify.

  1. Ensure the Search Field(s) drop-down is set to to DATE ONLY.
  2. Ensure Ensure Search Phrase Phrase field is empty.
  3. Enter Start Date  (you can click on the Calendar button to bring up the calendar to select a date or you can simply enter a date in the format format dd/mm/yyyy)
  4. Select Start Time  by selecting a an entry from the the Start Time  drop-down (entries are in 15-minute increments)
  5. Enter an an End Date  (you can click on the Calendar button to bring up the calendar to select a date or you can simply enter a date in the format format dd/mm/yyyy)
  6. Select an an End Time  by selecting a an entry from the the End Time  drop-down (entries are in 15-minute increments)
  7. Click the the Advanced Search  button (Figure 4)

Figure 4

image-1606139697845.png

  1. If any results are found they will be displayed underneath the Search section (Figure 5).

Figure 5

image-1606139709990.png

 

Searching by FROM, RETURN-PATH, TO, SUBJECT

Searching by FROM, RETURN-PATH, TO or SUBJECT allows you to search for messages that match the search criteria you specify in the From field, Return-Path field, the To field or the Subject field of a mesage.

  1. Ensure the Search Field(s) drop-down is set to to FROM, RETURN-PATH, TO or SUBJECT.
  2. Enter the criteria to search for in the the Search Phrase Phrase field.  Please note that in case of a Return-Path field search, the search criteria must be the exact email address or the system will not return any results.
  3. Click the the Advanced Search  button (Figure 6).

Figure 6

image-1606139721352.png

  1. If any results are found they will be displayed underneath the Search section (Figure 7).

Figure 7

image-1606139729962.png

 

Searching by BODY/HEADERS

Searching by the BODY/HEADERS allows you to search for messages that match the search criteria you specify in the body or the headers of messages. The search Criteria can be any keyword or phrase.

Search results for BODY/HEADERS searches are limited to a maximum of 500 entries.

While a BODY/HEADERS search is in progress, no other BODY/HEADER searches can be performed, however, other types of search by Date/Time Range, From, To and Subject field can still be performed.

Please note that BODY/HEADERS searches are limited to messages stored locally on the appliance. Any messages that have been archived outside the appliance will not be searched.

  1. Ensure the Search Field(s) drop-down is set to to BODY/HEADERS.
  2. Enter the criteria to search for in the the Search Phrase Phrase field.
  3. Click the the Advanced Search  button (Figure 8).

Figure 8

image-1606139743502.png

  1. Searching by BODY/HEADERS is a very system intensive operation. Search results are not displayed like all other searches. Instead the system creates a search job that runs in the background. While a BODY/HEADER search is in progress the system displays a red dot on the upper right-hand corner of the page above the the Earliest Message Date/Time  field (Figure 9).

Figure 9

image-1606139755350.png

  1. Clicking on the red dot will redirect to the the Body/Headers Search History  page, where you can view the status and/or cancel of a pending BODY/HEADERS search. If a search is pending and you wish to cancel it, you can click on the the Cancel  button under the Cancel column of a pending search (Figure 10).

Figure 10

image-1606139764393.png

  1. After a BODY/HEADERS search is complete, the red dot will turn green (Figure 11).

Figure 11

image-1606139773523.png

  1. Clicking on the green dot will redirect to the the Body/Headers Search History  page, where you can view the search results and/or delete the search results of the BODY/HEADERS search. You can view the search results by clicking on the the View  button under the the Results  column or you can delete the search results by clicking the the Delete  button under the the Delete column  column  (Figure 12).

Figure 12

image-1606139781932.png

  1. Clicking on the the View View button, will re-direct you back to the the Message History & Archive  page where it will display display ONLY  the results of the BODY/HEADER search (Figure 13).

Figure 13

image-1606139790303.png

  1. After you finished reviewing reviewing you MUST clear the BODY/HEADER results  from the the Message History & Archive  page by clicking on the the Clear & Sort Sort button on top of the page (Figure 14). Clearing the BODY/HEADER results will revert the the Message History & Archive  page to displaying the default message history.

Figure 14

image-1606139799695.png

 

Release Email Messages to Internal Recipient Mailboxes

Releasing messages will instruct the sytem to deliver the messages selected to the intended intended Internal Recipient  mailbox. This action can be performed for any type of message regardless if the message was inititally quarantined. This is useful for releasing lost email back to users or releasing quarantined messages that were never delivered to the user's mailbox.

The system can ONLY release messages stored in local storage. Messages that have been archived to external storage via an Archive Job cannot be released. They can only be viewed and/or downloaded.

When you click on Release Msg button the system will NOT display a loading message like normal (Figure 15) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

Figure 15

image-1606139811697.png

  1. On the the Message History & Archive  page, in the message history section, place a check on the checkbox(es) under the the Select  column of the message(s) you wish to release and then click on the the Release Msg  button (Figure 16).

Figure 16

image-1606139819572.png

  1. Messages will be released and delivered to the intended Internal Recipient mailbox indicated in the the To  column of each respective message.

Create Block & Allow Sender Rules

Block/Allow rules should NOT be used as a method of spam control. Spam should be handled by training the Bayes Filter instead. Legitimate mass marketing email campaigns should be handled by unsubscribing from those campaigns.

When you click on Block Sender or the Allow Sender buttons the system will NOT display a loading message like normal (Figure 17) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

Figure 17

image-1606139832965.png

  1. You can easily create Block/Allow rules by selecting one or more messages and clicking either the the Block Sender  or the the Allow Sender  buttons (Figure 18).

Figure 18

image-1606139841786.png

  1. This will automatically create rules with either a Block or Allow action under the the Content Checks --> Sender Checks Bypass Bypass section using the the email address displayed in the the From  column as the Sender and the Internal Recipient email address displayed in the the To  column of the Message History section.

Note, that most marketing/spam email campaigns will auto generate the the From  email address each time they send out emails. An auto generated email address will look similar to the example below:

d-3-2492042-40004013-2-1-us2-c2bf84fa@aflac-onlineservices.com

In this example, each time an email goes out from this email campaign, the string before the the (d-3-2492042-40004013-2-1-us2-c2bf84fa)  will always be different while the domain string after the the @  (aflac-onlineservices.com)  will remain the same. Therefore, creating a block/allow rule using the the From  email address is pointless since the Block/Allow rule you previously created will not fire next time an email from this marketing campaign gets received since the string before the the @  will be different. In these cases, it's recommended to navigate to to Content Checks --> Sender Check Bypass  and follow the instructions under the the Add Domain Sender Check Bypass to Internal Recipient Recipient section  in order to create a rule by using the domain string after the the @  (aflac-onlineservices.com).

Train the Bayes Database

The Bayes Database needs to be initially trained with at least 200 spam messages before it becomes enabled. The more you train the Bayes Database the more accurate it becomes, however anything over 5000 messages does not seem to improve accuracy.  

You can check if the Bayes Database is enabled by running the following command in a command prompt:

spamassassin -D --lint 2>> sa.txt

Next, list the contents of sa.txt:

cat sa.txt

If you see an entry similar to the one below, this indicates that the Bayes Database is disabled and it needs to be trained further before it becomes enabled. In the example below, the Bayes Database needs to be trained with 189 additional spam messages ( 200-11=189):

debug: bayes: Not available for scanning, only 11 spam(s) in 
Bayes DB < 200

You should NEVER use legitimate mass marketing emails to train the Bayes Database as Spam. Inversely, you should NEVER use spam emails to train the Bayes Database as non-spam. These actions will corrupt the Bayes Database and lead to the system misidentifying spam and non-spam emails. Additionally, you should avoid training the Bayes Database with forwarded spam emails.

When you click on the Train as Spam or the Train as NOT Spam buttons the system will NOT not display a loading message like normal (Figure 19) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

Figure 19

image-1606139857884.png

Train as Spam

  1. On the the Message History & Archive  page, in the message history section, place a check on the checkbox(es) under the the Select  column of of spam message(s)  you wish to use for training the Bayes Database and then click on the the Train as Spam Spam button button  (Figure 20).

Figure 20

image-1606139868172.png

 

Train as NOT Spam

  1. On the the Message History & Archive  page, in the message history section, place a check on the checkbox(es) under the the Select  column of the the NON spam message(s)  you wish to use for training the Bayes Database and then click on the the Train as NOT Spam Spam button button  (Figure 21).

Figure 21

image-1606139877815.png

 

View & Download Email Messages

  1. On the the Message History & Archive page, under the View column, click on theimage-1606139894188.png icon of the message you wish to view and/or download.  You will be redirected to the the View Message  page (Figure 22).

When viewing a message, the system automatically disables links and any external content automatically.

Figure 22

image-1606139924852.png

  1. The The View Message Message page is organized in 5 sections:

Command Buttons  - This section contains the following 6 buttons:

  • Back  - Allows you to return to the Message History & Archive Page while keeping any search parameters intact.
  • Block  - Allows you to set a Block Rule for the sender of the message.
  • Allow  - Allows you to set an Allow Rule for the sender of the message.
  • Release  - Allows you to release the message to the Internal Recipient mailbox.
  • Spam  - Allows you to train the Bayes Database with the message as spam.
  • NOT Spam  - Allows you to train the Bayes Database with the message as Non-Spam (Figure 23).

Figure 23

image-1606139940383.png

Download Message  - Clicking on the Download Message link will allow you to download the message in .eml format which can be opened by an email client such as Outlook (Figure 24).

Use extreme care when downloading messages and/or opening attachments within messages since they may contain malware.

Figure 24

image-1606139954943.png

Message Details  - This section shows the following headers of the message:

  • Date  - The date the message was received/sent
  • Return-Path Path - This is the email address that is to be used for non-delivery receipts. This is the header that the system uses in order to create the Block/Allow rules.
  • From From - This is the email address indicating who the message is from, however this can be easily forged or it can be different from the Return-Path header is the email was sent on the behalf of someone else. This header is NOT used by the system for Block/Allow rules.
  • X-Envelope-To To - This is the email address of the original recipient based on the SMTP envelope. This is the header that the system uses in order to create the Block/Allow rules.
  • To To - The email address the message was delivered to. This does NOT always match the final recipient, thus this header is NOT used by the sytem for Block/Allow rules.
  • CC CC - This is the the email address that a copy of the message was also sent to. This header is not necessarily populated.
  • Subject Subject - This is the subject header of the message (Figure 25).

Figure 25

image-1606139966743.png

Message Body  - This section shows the content inside the body of a message. The body section has two modes to display the body of a message:

  • Show Msg Body as HTML  - This is the default mode when viewing a message. This mode displays any HTML elements that may be inside the body of a message (Figure 26).

Figure 26

image-1606139998792.png

If the message body is blank, the message may not contain HTML elements, in that case try clicking on the Show Msg Body as Text selection.

  • Show Msg Body as Text  - This mode displays the body of a message in text only (Figure 27).

Figure 27

image-1606140008430.png

Message Headers  - This section shows the message headers which can contain a lot of useful information such as spam score, the antispam filter tests that it scored, the sending email server IP address etc. (Figure 28).

Figure 28

image-1606140178325.png