Email Security Service Support

Frequently Asked Questions

  • Q: How can I track messages through the system?

    A: The management portal provides three methods for message tracking:

    1. The Mail In log, which maintains a historic record of every message that has entered the service. The Mail In Log will show pertinent information about the date, sender, recipient, and subject. This is the most commonly used log for searching because it includes all messages that came in through the Email Filtering Service. You can open the Mail In log by selecting Logs from the menu bar, then Mail In.
    2. The Pending log, which details every message that the service is actively processing, such as which messages are being filtered and which are waiting for submission, and also messages that are not deliverable for some reason. Once an action has been completed, the message no longer appears in the Pending log. You can open the Pending log by selecting Logs, then Pending. Outbound emails held in the Pending queue are bounced back to the sender after 24 hours. Inbound emails are bounced back after seven days. Inbound mail is handled differently because the service is delivering to the server, which should be available.
    3. The Delivery log, which maintains a historical record of every delivery attempt made on a message, including records of failures and deferrals of the message. Messages only appear in the Delivery log if they have passed through all the filters and require delivery (or have been delivered) either to your organization or to the Internet. You can open the Delivery log by selecting Logs, then Delivery.

  • Q: Is it possible to stop regular encrypted emails (to and from trusted sources) from being stalled?

    A: Yes. To implement this, edit your domain or group and go to the Filtering menu. In the Virus Filtering section, there are options for "Outbound encrypted message treatment" and "Inbound encrypted message treatment." The default behavior is "Treat message as un-scannable." You can change this to "Allow messages to the address(es)." Then list the email addresses or domains that will bypass stalling.

    Note: Before forcing stalled mails, verify that the sender is trusted and the stalled mail is expected.

  • Q: What is Stalled Mail and how do I handle it?

    A: The majority of stalled mail is due to the mail containing an element that our AntiVirus component cannot open and scan. This is usually due to a password-protected zip file, macros in a spreadsheet, or message tracking enabled in Word documents. When a mail is stalled, by default a notification is sent to the administrator. To view the stalled mail, go to your Quarantine log and click the "Show each pending recipient" box. The status column will show “stalled” in red. You will notice you now have access to the Retry, Force, and Delete buttons. To pass a stalled mail onwards, check the Select box for the stalled mail and click Force.

  • Q: Why did my message fail?

    A: To understand why a message failed, check the mail in the Mail In log. Use the sender/ recipient search field to find the actual message. The recipient field should show the status of the message. If the message’s status shows “fail”:

    1. Click on the Linked message ID. This will open the extended message details. The message failure reason should be displayed.
    2. Copy the Mail in ID and paste it into the MailinID field in the Delivery log to view the cluster’s delivery attempts.
    3. Hover the mouse over the dots in the session column. A pop-up window will show the stmp conversation between our cluster and the receiving server, including any smtp error codes.

    SMTP error codes
    Permanent failure codes from receiving servers are in the 550 range. The logs should display the code number and reason for failure.

    These can include:

    • 553 Syntax error (4.2.1):
    • 550 Requested action not taken: mailbox unavailable
    • 550 5.1.1 <xxx@xxxxx.com>… User unknown
    • 550 Denied by policy.
    • 552 sorry, that message size exceeds my databytes limit (#5.3.4)
    • 550 Invalid recipient <xxxx@xx.com > (#5.1.1)
    • 554 delivery error: dd This user doesn't have a xxxxx.com account
    • 550 Rule imposed mailbox access for xxxx@xxxxx.com refused: user invalid

Copyright 2004 - 2012 Webroot Inc.