Skip to main content

Message History

Hermes SEG keeps a log and a copy of each email message it sends and receives for archiving purposes. The number of log entries and actual messages the system keeps depends on the amount of storage space available on the system. The system automatically starts purging the oldest email logs and email messages once the internal storage reaches 95% capacity.

For a low to medium traffic system, an email archive of up to 5 years is possible assuming that no Email Archive job has been setup in order to free up space. If an email Archive job has been setup, the email archive can become virtually unlimited since the email messages will be stored off the local storage.

Message History Date/Time Range and Message Results Limit

  • By default, Message History displays the latest 1000 messages from the day before to the current day. Please note that if your system has processed more than 1000 messages during that time period, the displayed messages will not necessarily encompass that entire date/time rage. The date/time range as well as the number of messages to be displayed can be adjusted by setting the Start Date/Time, End Date/Time, Search Results Limit fields and clicking the Fetch Messages button (Figure 1). Please note setting the Search Results Limit to 10000 or 15000 messages will significantly increase the page loading time. It's best to have approximate dates and times if you wish to search for specific messages.

Figure 1

image.png

SortingSort Messages

You can sort messages by ascending or descending values by simply clicking the Archived, Date/Time, Sender IP, Return-Path, From, To, Subject, Score, Type and Action headers of the message results (Figure 2).

Figure 2

image.png

Searching

Search Messages

You can search email messages by Date/Time Range, the From field, the Return-Path field, the To field, the Subject field and you can also search in the body or a header of a message.

Searching by DATE/TIME

Searching by DATE/TIME allows you to search for messages that were received/sent between the dates and times you specify.

  1. Ensure the Search Field(s) drop-down is set to DATE ONLY.
  2. Ensure Search Phrase field is empty.
  3. Enter a Start Date (you can click on the Calendar button to bring up the calendar to select a date or you can simply enter a date in the format dd/mm/yyyy)
  4. Select a Start Time by selecting a an entry from the Start Time drop-down (entries are in 15-minute increments)
  5. Enter an End Date (you can click on the Calendar button to bring up the calendar to select a date or you can simply enter a date in the format dd/mm/yyyy)
  6. Select an End Time by selecting a an entry from the End Time drop-down (entries are in 15-minute increments)
  7. Click the Advanced Search button (Figure 4)

Figure 4

image-1606139697845.png

  1. If any results are found they will be displayed underneath the Search section (Figure 5).

Figure 5

image-1606139709990.png


Searching by FROM, RETURN-PATH, TO, SUBJECT

Searching by FROM, RETURN-PATH, TO or SUBJECT allows you to search for messages that match the search criteria you specify in the From field, Return-Path field, the To field or the Subject field of a mesage.

  1. Ensure the Search Field(s) drop-down is set to FROM, RETURN-PATH, TO or SUBJECT.
  2. Enter the criteria to search forterm in the Search Phrase field. Please note that in case of a Return-Path field search, the search criteria must be the exact email address orand the system will notautomatically returnfilter anymessages results.
  3. Clickmatching the Advancedterm Searchyou buttonentered. You can enter multiple search terms separated by a space (Figure 6).

Figure 6

image-1606139721352.png

  1. If any results are found they will be displayed underneath the Search section (Figure 7).

Figure 7

image-1606139729962.png


Searching by BODY/HEADERS

Searching by the BODY/HEADERS allows you to search for messages that match the search criteria you specify in the body or the headers of messages. The search Criteria can be any keyword or phrase.

Search results for BODY/HEADERS searches are limited to a maximum of 500 entries.

While a BODY/HEADERS search is in progress, no other BODY/HEADER searches can be performed, however, other types of search by Date/Time Range, From, To and Subject field can still be performed.

Please note that BODY/HEADERS searches are limited to messages stored locally on the appliance. Any messages that have been archived outside the appliance will not be searched.

  1. Ensure the Search Field(s) drop-down is set to BODY/HEADERS.
  2. Enter the criteria to search for in the Search Phrase field.
  3. Click the Advanced Search button (Figure 8).

Figure 8

image-1606139743502.png

  1. Searching by BODY/HEADERS is a very system intensive operation. Search results are not displayed like all other searches. Instead the system creates a search job that runs in the background. While a BODY/HEADER search is in progress the system displays a red dot on the upper right-hand corner of the page above the Earliest Message Date/Time field (Figure 9).

Figure 9

image-1606139755350.png

  1. Clicking on the red dot will redirect to the Body/Headers Search History page, where you can view the status and/or cancel of a pending BODY/HEADERS search. If a search is pending and you wish to cancel it, you can click on the Cancel button under the Cancel column of a pending search (Figure 10).

Figure 10

image-1606139764393.png

  1. After a BODY/HEADERS search is complete, the red dot will turn green (Figure 11).

Figure 11

image-1606139773523.png

  1. Clicking on the green dot will redirect to the Body/Headers Search History page, where you can view the search results and/or delete the search results of the BODY/HEADERS search. You can view the search results by clicking on the View button under the Results column or you can delete the search results by clicking the Delete button under the Delete column  (Figure 12).

Figure 12

image-1606139781932.png

  1. Clicking on the View button, will re-direct you back to the Message History & Archive page where it will display ONLY the results of the BODY/HEADER search (Figure 13).

Figure 13

image-1606139790303.png

  1. After you finished reviewing you MUST clear the BODY/HEADER results from the Message History & Archive page by clicking on the Clear & Sort button on top of the page (Figure 14). Clearing the BODY/HEADER results will revert the Message History & Archive page to displaying the default message history.

Figure 14

image-1606139799695.png


Release Email Messages to Internal Recipient Mailboxes

Releasing messages will instruct the sytem to deliver the messages selected to the intended Internal Recipient mailbox. This action can be performed for any type of message regardless if the message was inititally quarantined. This is useful for releasing lost email back to users or releasing quarantined messages that were never delivered to the user's mailbox.

The system can ONLY release messages stored in local storage. Messages that have been archived to external storage via an Archive Job cannot be released. They can only be viewed and/or downloaded.

When you click on Release Msg button the system will NOT display a loading message like normal (Figure 15) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

Figure 15

image-1606139811697.png

  1. On the Message History & Archive page, in the message history section, place a check on the checkbox(es) under the Select column of the message(s) you wish to release and then click on the Release Msg button (Figure 16).

Figure 16

image-1606139819572.png

  1. Messages will be released and delivered to the intended Internal Recipient mailbox indicated in the To column of each respective message.

Create Block & Allow Sender Rules

Block/Allow rules should NOT be used as a method of spam control. Spam should be handled by training the Bayes Filter instead. Legitimate mass marketing email campaigns should be handled by unsubscribing from those campaigns.

When you click on Block Sender or the Allow Sender buttons the system will NOT display a loading message like normal (Figure 17) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

Figure 17

image-1606139832965.png

  1. You can easily create Block/Allow rules by selecting one or more messages and clicking either the Block Sender or the Allow Sender buttons (Figure 18).

Figure 18

image-1606139841786.png

  1. This will automatically create rules with either a Block or Allow action under the Content Checks --> Sender Checks Bypass section using the the email address displayed in the From column as the Sender and the Internal Recipient email address displayed in the To column of the Message History section.

Note, that most marketing/spam email campaigns will auto generate the From email address each time they send out emails. An auto generated email address will look similar to the example below:

d-3-2492042-40004013-2-1-us2-c2bf84fa@aflac-onlineservices.com

In this example, each time an email goes out from this email campaign, the string before the (d-3-2492042-40004013-2-1-us2-c2bf84fa) will always be different while the domain string after the @ (aflac-onlineservices.com) will remain the same. Therefore, creating a block/allow rule using the From email address is pointless since the Block/Allow rule you previously created will not fire next time an email from this marketing campaign gets received since the string before the @ will be different. In these cases, it's recommended to navigate to Content Checks --> Sender Check Bypass and follow the instructions under the Add Domain Sender Check Bypass to Internal Recipient section in order to create a rule by using the domain string after the @ (aflac-onlineservices.com).

Train the Bayes Database

The Bayes Database needs to be initially trained with at least 200 spam messages before it becomes enabled. The more you train the Bayes Database the more accurate it becomes, however anything over 5000 messages does not seem to improve accuracy. 

You can check if the Bayes Database is enabled by running the following command in a command prompt:

spamassassin -D --lint 2>> sa.txt

Next, list the contents of sa.txt:

cat sa.txt

If you see an entry similar to the one below, this indicates that the Bayes Database is disabled and it needs to be trained further before it becomes enabled. In the example below, the Bayes Database needs to be trained with 189 additional spam messages ( 200-11=189):

debug: bayes: Not available for scanning, only 11 spam(s) in 
Bayes DB < 200

You should NEVER use legitimate mass marketing emails to train the Bayes Database as Spam. Inversely, you should NEVER use spam emails to train the Bayes Database as non-spam. These actions will corrupt the Bayes Database and lead to the system misidentifying spam and non-spam emails. Additionally, you should avoid training the Bayes Database with forwarded spam emails.

When you click on the Train as Spam or the Train as NOT Spam buttons the system will NOT not display a loading message like normal (Figure 19) and the system may appear unresponsive. However, please be patient while your system processes the request before trying a different request. Some requests involving lots of messages may take a while to process.

Figure 19

image-1606139857884.png

Train as Spam

  1. On the Message History & Archive page, in the message history section, place a check on the checkbox(es) under the Select column of spam message(s) you wish to use for training the Bayes Database and then click on the Train as Spam button  (Figure 20).

Figure 20

image-1606139868172.png


Train as NOT Spam

  1. On the Message History & Archive page, in the message history section, place a check on the checkbox(es) under the Select column of the NON spam message(s) you wish to use for training the Bayes Database and then click on the Train as NOT Spam button  (Figure 21).

Figure 21

image-1606139877815.png


View & Download Email Messages

  1. On the Message History & Archive page, under the View column, click on theimage-1606139894188.png icon of the message you wish to view and/or downloadYou will be redirected to the View Message page (Figure 22).

When viewing a message, the system automatically disables links and any external content automatically.

Figure 22

image-1606139924852.png

  1. The View Message page is organized in 5 sections:

Command Buttons - This section contains the following 6 buttons:

  • Back - Allows you to return to the Message History & Archive Page while keeping any search parameters intact.
  • Block - Allows you to set a Block Rule for the sender of the message.
  • Allow - Allows you to set an Allow Rule for the sender of the message.
  • Release - Allows you to release the message to the Internal Recipient mailbox.
  • Spam - Allows you to train the Bayes Database with the message as spam.
  • NOT Spam - Allows you to train the Bayes Database with the message as Non-Spam (Figure 23).

Figure 23

image-1606139940383.png

Download Message - Clicking on the Download Message link will allow you to download the message in .eml format which can be opened by an email client such as Outlook (Figure 24).

Use extreme care when downloading messages and/or opening attachments within messages since they may contain malware.

Figure 24

image-1606139954943.png

Message Details - This section shows the following headers of the message:

  • Date - The date the message was received/sent
  • Return-Path - This is the email address that is to be used for non-delivery receipts. This is the header that the system uses in order to create the Block/Allow rules.
  • From - This is the email address indicating who the message is from, however this can be easily forged or it can be different from the Return-Path header is the email was sent on the behalf of someone else. This header is NOT used by the system for Block/Allow rules.
  • X-Envelope-To - This is the email address of the original recipient based on the SMTP envelope. This is the header that the system uses in order to create the Block/Allow rules.
  • To - The email address the message was delivered to. This does NOT always match the final recipient, thus this header is NOT used by the sytem for Block/Allow rules.
  • CC - This is the the email address that a copy of the message was also sent to. This header is not necessarily populated.
  • Subject - This is the subject header of the message (Figure 25).

Figure 25

image-1606139966743.png

Message Body - This section shows the content inside the body of a message. The body section has two modes to display the body of a message:

  • Show Msg Body as HTML - This is the default mode when viewing a message. This mode displays any HTML elements that may be inside the body of a message (Figure 26).

Figure 26

image-1606139998792.png

If the message body is blank, the message may not contain HTML elements, in that case try clicking on the Show Msg Body as Text selection.

  • Show Msg Body as Text - This mode displays the body of a message in text only (Figure 27).

Figure 27

image-1606140008430.png

Message Headers - This section shows the message headers which can contain a lot of useful information such as spam score, the antispam filter tests that it scored, the sending email server IP address etc. (Figure 283).

Figure 283

image-1606140178325.pngimage.png

Message Actions