Cisco Cisco Email Security Appliance C170 Guía Del Usuario
30-3
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 30 Tracking Messages
Searching for Messages
Option
Description
Envelope Sender Select
Begins With, Is, or Contains, then enter an email address, username,
or domain of a message sender to find.
You can enter any character(s). No validation of your entry is performed.
Envelope Recipient
Select Begins With, Is, or Contains, and enter an email address, username, or
domain of a message recipient to find.
domain of a message recipient to find.
You can enter any character(s). No validation of your entry is performed.
Subject
Select Begins With, Is, or Contains, and enter a text string to search for in the
message subject line.
message subject line.
Warning: Do not use this type of search in environments where regulations
prohibit such tracking.
prohibit such tracking.
Message Received
Specify a date and time range.
If you do not specify a date, the query returns data for all dates. If you specify
a time range only, the query returns data for that time range across all available
dates.
a time range only, the query returns data for that time range across all available
dates.
Use the local date and time that the message was received by the Email
Security appliance.
Security appliance.
Advanced options:
Sender IP Address/
Domain / Network
Owner
Domain / Network
Owner
Specify the IP address, domain, or network owner of a remote host.
You can search within rejected connections only or search all messages.
Attachment
Select Begins With, Is, or Contains, and enter an ASCII or Unicode text string
for one attachment to find. Leading and trailing spaces are not stripped from
the text you enter.
for one attachment to find. Leading and trailing spaces are not stripped from
the text you enter.
You can search for messages by attachment filenames only if you have
performed:
performed:
•
Body scan using a message filter
•
Body scan using a content filter
•
Advanced Malware Protection (AMP) scan.
For more information about identifying files based on SHA-256 hash, see
Message Event
Select one or more message processing events. For example, you can search for
messages that have been delivered, quarantined, or hard bounced.
messages that have been delivered, quarantined, or hard bounced.
Message events are added with an “OR” operator: Selecting multiple events
finds messages that match any of the conditions you specify.
finds messages that match any of the conditions you specify.
Message ID Header
Enter a text string for the SMTP Message-ID header.
This RFC 822 message header uniquely identifies each email message. It is
inserted in the message when the message is first created.
inserted in the message when the message is first created.
Cisco IronPort MID
Enter a message number to search for. An IronPort MID uniquely identifies
each email message on the Email Security appliance.
each email message on the Email Security appliance.
Query Settings
Change the default query timeout and maximum number of results to return.