8.1 Using the MailMarshal Console for Email Management

The Console provides summary information on the current state of MailMarshal, as well as administrative access to the quarantine folders and message sending services.

8.1.1 Connecting to MailMarshal Using the Console

You can connect using a web browser from any computer that can browse to the Array Manager computer.

8.1.2 Monitoring Email Statistics and Server Health

The Dashboard and Status pages in the Console provide basic information about MailMarshal at a glance. To view these pages click Dashboard or Status in the left pane.

The Dashboard Overview includes:

Summary of email traffic: Inbound and Outbound message totals and Blocked Threats total.

Email Security Score and Recommendations: Analysis of the configuration of the MailMarshal installation, with best practice suggestions.

Blocked threat analysis: Breakdown of threats by category.

The Dashboard Emails tab includes:

Hold Reasons: Highlight of MailMarshal folders containing most blocked messages.

Rejected messages: Detailed breakdown of reasons for rejections.

Rejected and held messages by user: Highlight of users most affected by blocks.

The Status page includes:

Mail server health: Service status, disk health, and alerts.

License status: User count, license expiration, and maintenance expiration.

Automatic Updates status: Last update and scheduled check times.

The Mail Servers page collects server and service status information for each MailMarshal email processing server. To view this item click Mail Servers in the left pane. For each server the Console shows the server name, version of MailMarshal installed, whether the configuration is up to date with the configuration committed at the Array Manager, and whether the services are running.

For each server, you can also see details about the associated services and processed messages, as well as details of free disk space and event logs. To see a summary of the Receiver and Sender activity for a specific server, expand the Servers item then expand the item for the server name. To see details of the individual processing tasks, select an item (Receiver, Sender, or Routes). For more information see Help.

8.1.3 Deleting and Retrying Queued Messages

The Sender item for each server shows the messages MailMarshal is currently sending. The Routes item for each server shows a list of the route table entries that MailMarshal is attempting to send messages to, including items that are pending a retry and routes that are “down” or “on hold” (See “Marking Routes as Down”.)

You can stop sending a message that MailMarshal is currently sending and delete it. In the Sender view, highlight the message, and click Kill Message. 

To attempt to send all messages queued for a specific route entry in the queue, in the Domains view, highlight a domain and click Retry Route Now.

The Hold Queues item for each server shows the number of items that are being held for each rule with a “Hold” action. To retry the rules, click Retry Now.

8.1.4 Viewing Folders and Folder Contents

MailMarshal message quarantine folders include the archive, parking and standard folders into which messages are placed through rule action, as well as the Dead Letter folders used for messages that cannot be processed, and the Mail Recycle Bin used to hold deleted items for a period.

To view a list of MailMarshal message quarantine folders, under Management expand the menu item Folders. 

The Folders page shows a menu of folders. Visibility of folders in the list depends on the folder security permissions (see “Working with Folders”). To view the contents of a folder, select it in the menu. The contents display in the right pane, divided into daily sub folders. Select a daily folder to see its contents. By default no more than 250 items will be retrieved for each sub folder per screen. You can view the next or previous screen using the Page Up and Page Down keys. You can adjust the number of items per screen with the Rows menu at the bottom of the pane. You can select, order, and resize the columns in the list and save the column view, using controls on the page. You can sort the items on the screen by clicking column headers.

Information 

Note: The column sorting function only sorts the items on the current screen. If the folder contains more than one screen of items, sorting does not sort over multiple screens. Use the user filter at the top of the listing, or the search function, to retrieve a limited number of items.

 

You can also view items in the folders using the Email History view and the Search window.

8.1.5 Working With Email Messages

You can perform the following actions on an email message located in a MailMarshal quarantine folder:

View

Open a new window displaying the message headers, body, attachments, and the MailMarshal email processing logs if they are available for the message.

Forward

Send a copy of the message to a specified email address.

Delete

Move the message to the MailMarshal Mail Recycle Bin, or optionally delete it permanently. You can­not perform this action for items in Archive folders.

Release

Queue the message for action by other MailMarshal services. This action is typically used to deliver a quarantined message to the original recipient. You can choose from several options.

Spam

Forward a copy of the message to Trustwave tagged as “spam.”

Not Spam

Forward a copy of the message to Trustwave tagged as “not spam.”

Information 

Note: Use the Spam and Not Spam options to help improve MailMarshal spam detection by reporting messages that were wrongly classified. The messages you send are automatically processed. Trustwave treats the messages in complete confidence.

To report a message you must have permission to forward messages from the folder that contains it. To configure permissions on a folder, see “Editing Folders”.

 

To work with a message, select it in the Email History, the Message Search results, or the Folders view.

8.1.5.1 Forwarding Messages

Use forwarding to send a copy of the message to a specified email address.

To forward a message:

1.Select the message.

2.Click the Forward icon on the toolbar, or open the message then choose Forward from the Message menu.

3.Enter one or more addresses. To forward to multiple addresses, enter them separated by semi-colons (for instance RichardN@example.com; GeraldF@example.com).

4.By default MailMarshal retains the message when you forward it from a quarantine folder. To adjust this behavior select or clear the check box. MailMarshal will not delete messages from archive folders.

8.1.5.2 Deleting Messages

Deleting a message sends it to the Mail Recycle Bin, or optionally deletes it permanently.

To delete one or more messages:

1.Select the messages. You can use shift and control click to multi-select.

2.Click the Delete icon above the list. The message(s) will be sent to the Mail Recycle Bin folder.

3.To permanently delete an item, delete it from the Mail Recycle Bin.

8.1.5.3 Restoring Messages

Restore from the Recycle Bin is not currently supported. This functionality will be provided in a future update.

Once MailMarshal places a message in a quarantine folder, it retains that message for the period configured in the properties of the folder, unless you choose to delete the message permanently.

The retention period applies even if the message is moved to the Mail Recycle Bin or restored. For instance, if the Spam folder has a retention period of one week, and MailMarshal moves a message to the Spam folder, then you delete it to the Mail Recycle Bin, it will be permanently deleted from the Mail Recycle Bin one week after it was first received.

8.1.5.4 Viewing Messages

View a message to display the message headers, body, attachments, and the MailMarshal email processing logs if they are available.

To view a message and its associated processing logs in a folder, History, or Search view, double-click the message.

MailMarshal opens the message in a new panel.

Figure 15: Message window

console-message.png 

The lower portion of the message window includes several tabs: Message, Details, and one or more Log tabs. The Message and Details tabs restrict access to items that could represent security threats. Large images may be converted to thumbnails for performance reasons.

Message

Shows the message body in the richest available format (HTML, RTF, or plain text).

Details

Shows a tree view of the components of the message. You can click any item to view it in detail.

Log tabs

Show the MailMarshal processing logs for the message (Connection, Content Analysis, and Delivery logs)

The processing logs are available for all services that have processed a message (for instance, a quarantined message may not have a Delivery log). The logs are retained with the message, and may also be available for a longer period in the Sent History folder (depending on the retention period for that folder). You may also be able to retrieve this information from the main MailMarshal text logs. The text logs are created by default in the Logging sub folder of the MailMarshal installation folder. How­ever by default these logs are only retained for five days.

You can copy message text to the Clipboard from any of the message tabs.

8.1.5.5 Releasing Messages

Releasing a message queues it for action by other MailMarshal services.

To release a message, select one or more messages, and then click Release. 

Information 

Note: You can also release messages using a specially formatted email message. See “Using the Message Release External Command”.

You can add “fingerprints” of attached files into a list that MailMarshal can use in Rules. For more information, see Trustwave Knowledge Base article Q10543.

 

The messages will be released for all recipients. By default the messages will be processed through additional rules, as specified for each message in the rule that placed the message in a folder.

Figure 16: Release Message window

console-releasemessage.PNG 

To change the release actions, on the Release Message window, choose from the following actions:

Continue processing the message

This option continues processing the messages as specified for each message in the rule that placed the message in a folder. This is the default action. This action can be used to release a message from quarantine while testing it for any further violations of policy.

Information 

Note: If rules change after the message is placed in the folder, MailMarshal may not be able to perform the requested action. For more details, see Help for this window.

 

Reprocess the message

This option resubmits the message for processing by the current set of MailMarshal rules. This option can be useful to resubmit a number of messages after rules have been adjusted.

Pass through

This option queues the message for delivery with no further evaluation.

Forward

This option sends a copy of the message to an address you specify. After selecting this option, you can enter an email address.

The following additional options are available:

Report as not spam

Forward a copy of the message to Trustwave tagged as “not spam.” To report a message you must have permission to forward messages from the folder that contains it. For more information about con­figuring permissions on a folder, see “Editing Folders”.

Keep a copy of the message

Once MailMarshal has completed the selected actions, by default it deletes the message from the folder (except archive folders). Check this box to retain the message in the folder

If the message has multiple recipients and you have chosen not to release it for all users, MailMarshal removes the users who received the message from the list of message recipients. In this case, if you select Keep a copy, MailMarshal keeps all existing users on the list. MailMarshal only deletes the message from a folder when it has no remaining recipients.

8.1.6 Viewing Email History

The Email History view shows each action taken on each message. Actions can include message classifications, moving to folders, delivery, and delivery failure among others. MailMarshal usually creates more than one history record for a specific message. If a history record records a move or copy to a folder and the message is present in the folder, you can use it to process the message exactly as you could from the folders view. Availability of items and actions in Email History depends on the security permissions for the folder where the item is found (see “Working with Folders”).

By default no more than 250 items will be retrieved per screen. You can view the next or previous screen using the Page Up and Page Down keys. You can adjust the number of items retrieved with the Rows menu at the bottom of the pane. You can select, order, and resize the columns in the list and save the column view, using controls on the page. You can sort the items on the screen by clicking column headers.

Information 

Note: The column sorting function only sorts the items that have been retrieved. If there is more than one screen of history, sorting does not sort over multiple screens. Use the user filter at the top of the listing, or the search function, to retrieve a limited number of items.

 

8.1.7 Searching Folders and Email History

You can limit the items displayed in the folders or email history using the Filter For field at the top of the listing.

Search the email history by choosing Search from the top right of the listing. You can choose from a large number of search criteria including dates, subject, classification, and email addresses. If you want to see only items that can be viewed and processed, search only for items in specific folders.

You can search using any combination of the following options:

Classification

Allows you to select a classification name, or “all classifications” to search all classifications. Classifi­cations include both user classifications and system classifications such as “Delivered successfully”.

Folder

Allows you to select a folder name, or “all messages” to search in all folders.

Message Name

Allows you to enter a unique name MailMarshal has assigned to this message. MailMarshal includes this information in the headers of each message. You can enter the name alone (13 characters), or the name and edition (13.12 characters) to identify a specific edition of the message. You can add the server ID (13.12.4 characters). You cannot combine this option with any other option.

Date

Allows you to select the time and date when an action was logged. You can choose from pre-config­ured date ranges, or select Custom to define a range of dates. For instance, you can use this option to search for messages that were sent on a specific day.

What is the email address

Allows you to enter the address the message was sent to, from, or both. You can use wildcard charac­ters. For more information about wildcard character syntax, see “Wildcard Characters”.

Subject

Allows you to find messages containing certain text in the subject line. You can use wildcard charac­ters. For more information about wildcard character syntax, see “Wildcard Characters”. To search for messages with a blank subject, select (toggle on) Search for blank subject.

Size

Allows you to search for messages of a specific size or range of sizes. If you do not want to limit the search by size, select Any Size (default value). With size ranges you can choose to search for mes­sages inside the size range that you enter (between) or outside the size range (not between)

Search history items

Enable (toggle on) this option to return message history records including classifications, system actions, and messages that have been quarantined within the database retention time. Disable (toggle off) the option to return only messages currently in folders.

8.1.8 Auditing Quarantine Actions

You can review actions taken on messages in quarantine, such as releasing or deleting a message.

To view and search quarantine audit records, select Quarantine Audit in the left pane of the Management Console. Quarantine Audit covers actions taken from the Management Console, SQM, Digests, and Message Release external command.

8.1.9 Viewing Alert History

MailMarshal generates alerts for specific events of interest. Some of the events included are services starting, stopping, or remaining idle for a longer than expected time.

To view a historical list of service alerts, select Alert History in the left pane of the Management Console.

8.1.10 Viewing Event History

Each component of MailMarshal writes messages to the Windows application log. Each event type is given a unique Event ID number. You can review these events using the Management Console or the Windows Event Viewer. You can also use these events to trigger automatic actions such as pager notifications, service restarts, or popup notifications via third-party products.

To review the event logs in the Management Console, select Event History in the left pane. When this node is selected, the right pane shows a filtered view of the Windows event logs for MailMarshal on the array manager and all email processing servers in the installation.

Information 

Note: You can view information about a specific email processing server by expanding its entry under Mail Servers and selecting the sub-item Event History.

 

MailMarshal provides several pre-configured filters you can use to limit the events being displayed.

You can also customize a filter, or search for a specific event.

You can click any event listed (standard view: double-click) to see the full details.

For more information, see Help.

8.1.11 Finding Events

The MailMarshal Event Log view allows you to filter the records you retrieve, or search for specific records.

8.1.11.1 Event Log Filter

To filter the event history, enter text in the Filter For field at the top of the panel, and then click Go. To clear the filter, clear the field and then click Go.

8.1.11.2 Event Log Search

This panel allows you to search for specific events in the MailMarshal event log. To access the search panel, click Search at the top of the Event History panel.

Figure 17: Event log search window

console-find-event.PNG 

Enter parameters, then click Search to find matching items.

To return to the default view, reload the page.

For more information, see Help.

Trustwave MailMarshal 10.2.5 User Guide August 2024
< Previous Section   |   Next Section >
Full document: see MailMarshal Documentation.