Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unresolved Traffic emails in Hosted Email Security (HES)

    • Updated:
    • 22 Aug 2014
    • Product/Version:
    • Hosted Email Security - Inbound Filtering 1.9.8
    • Hosted Email Security 1.9.8
    • Hosted Email Security 2.0
    • Platform:
    • Not Applicable N/A
Summary
Know why emails get stuck under "Unresolved Traffic" in the Mail Tracking logs of HES.
Details
Public
HES uses <senderMsgID> to co-relate the records of preMTA, scanner, and postMTA. An email will be judged as "unresolved" if it meets one of the following conditions:
  • The same sender Message ID is used for two different emails going through two different MTAs.
  • All the records with the same sender Message ID and recipient should have the same MTA ID and MTA generated Message ID. If either the MTA ID or MTA Message ID is different from those records, those records will be considered "unresolved".
This issue happens only to notification mails. It occurs depending on:
  • The particular "Action" that the customer set.
    Example: The customer set the action to quarantine the bad mail and then send out a notification mail containing the unmodified bad mail as attachment.
  • The particular action HES takes on this situation:
    When the terminal action (like "quarantine", "delete" and "deliver now") and send notification mail action (such as "attach the bad mail") are both set, HES will scan the notification mail again. As a result, there will be a record for this notification mail on the scanner side.
Since the scanner is not a real MTA, the notification mail will not get a <senderMsgID> . But when the notification mail goes to postMTA, it will get a <senderMsgID>. This means that in the scanner record, the notification mail's is NULL. But in postMTA, its <senderMsgID> is *****. Since it was generated by the scanner, there is no inbound record for the notification mail, so there is no way to co-relate it with the <senderMsgID>.
Trend Micro has decided not to do anything about the issue because it will not have any influence on the customer side. More importantly, the rescan action of the notification mail is important for security.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1056716
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.