Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
6-9
AsyncOS 9.1 for Cisco Content Security Management Appliances User Guide
Chapter 6 Tracking Email Messages
Understanding Tracking Query Results
•
•
•
Envelope and Header Summary
This section displays information from the message envelope and header, such as the envelope
sender and recipients. It includes the following information:
sender and recipients. It includes the following information:
Received Time: Time that the Email Security appliance received the message.
MID: Message ID.
Subject: Subject line of the message.
The subject line in the tracking results may have the value “(No Subject)” if the message does not
have a subject or if the Email Security appliances are not configured to record the subject lines in
log files.
have a subject or if the Email Security appliances are not configured to record the subject lines in
log files.
Envelope Sender: Address of the sender
in the SMTP envelope.
Envelope Recipients: Addresses of the recipients in the SMTP envelope.
Message ID Header: “Message-ID:” header that uniquely identifies each email message. It is
inserted in the message when the message is first created. The “Message-ID:” header can be useful
when you are searching for a particular message.
inserted in the message when the message is first created. The “Message-ID:” header can be useful
when you are searching for a particular message.
Cisco IronPort Host: Email Security appliance that processed the message.
SMTP Auth User ID: SMTP authenticated user name of the sender, if the sender used SMTP
authentication to send the email. Otherwise, the value is “N/A.”
authentication to send the email. Otherwise, the value is “N/A.”
Attachments: The names of files attached to the message.
Sending Host Summary
Reverse DNS Hostname: Hostname of the sending host, as verified by reverse DNS (PTR) lookup.
IP Address: IP address of the sending host.
SBRS Score: (SenderBase Reputation Score). The range is from 10 (likely a trustworthy sender) to
-10 (apparent spammer). A score of “None” indicates that there was no information about this host
at the time the message was processed.
-10 (apparent spammer). A score of “None” indicates that there was no information about this host
at the time the message was processed.
Processing Details
This section displays various logged status events during the processing of the message.
Entries include information about mail policy processing, such as anti-spam and anti-virus scanning,
and other events such as message splitting.
and other events such as message splitting.
If the message was delivered, the details of the delivery appear here. For example, a message may
have been delivered and a copy kept in quarantine.
have been delivered and a copy kept in quarantine.
The last recorded event is highlighted in the processing details.
DLP Matched Content Tab
This section displays content that violates Data Loss Prevention (DLP) policies.