Chapter 3 Tracking Email Messages
Tracking Service Overview
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
Instead of having to search through log files using “grep” or similar tools, you can
use the flexible tracking interface to locate messages. You can use a variety of
search parameters in combination.
Tracking queries can include:
Envelope information: Find messages from particular envelope senders or
recipients by entering the text strings to match.
Subject header: Match a text string in the subject line. Warning: Do not use
this type of search in environments where regulations prohibit such tracking.
Time frame: Find a message that was sent between specified dates and times.
Sender IP address or rejected connections: Search for messages from a
particular IP address, or show rejected connections in the search results.
Event Information: Find messages that match specified events, such as
messages flagged as virus positive, spam positive, or suspected spam, and
messages that were delivered, hard bounced, soft bounced, or sent to the
Virus Outbreak Quarantine.
Message ID: Find messages by identifying the SMTP “Message-ID:” header
or the IronPort message ID (MID).
Attachment name: You can search for messages based on the attachment
name in the Envelope information fields (envelope senders or envelope
recipients). Messages that contain at least one attachment with the queried
name will appear in the search results.
Some attachments may not be tracked. For performance reasons, scanning of
attachment names occurs only as part of other scanning operations, for
example message or content filtering, DLP, or disclaimer stamping.
Attachment names are available only for messages that pass through body
scanning while the attachment is still attached. Some examples when an
attachment name will not appear include (but are not limited to):
– if the system only uses content filters, and a message is dropped or its
attachment is stripped by anti-spam or anti-virus filters
– if message splintering policies strip the attachment from some messages
before body scanning occurs.