Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
397 Views 3 Replies Latest reply: Jul 3, 2013 2:31 AM by Attila Polinger RSS
karnold002 Newcomer 5 posts since
Jun 24, 2010
Currently Being Moderated

Jun 28, 2013 10:58 AM

E-Mail Missing from Logs

Running MEG 7.5.  I had a user ask about finding a daily E-Mail he had expected but not arrived - it wasn't there.  I also noticed there were several days where the E-Mail had not arrived.  I asked him to verify it was indeed coming daily.

 

He provided an E-Mail from one of the missing days - it had arrived, the header indicates it came in the normal route from Internet, to MEG, to Exchange.  But it's not in the E-Mail search at all.

 

Called support - they generously provided us with root access to allow us to query the POSTGRES database directly.  It is not in there at all.

 

Anyone else see anything like this?  I have high hopes for the upcoming service packs - little things like this and the ongoing spam failures are making this a fulltime job.

 

Thanks in advance!

Kevin

  • ijahnke McAfee Employee 118 posts since
    May 12, 2010
    Currently Being Moderated
    1. Jun 28, 2013 3:12 PM (in response to karnold002)
    Re: E-Mail Missing from Logs

    The meg device uses the 821 address in the reports. If the message is missing in the reports, but the headers indicate that the message went through the device, then its most likely that the sending address you see in the "From:" field is different than the actual 821 email address used. You might want to try searching by subject.

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    3. Jul 3, 2013 2:31 AM (in response to karnold002)
    Re: E-Mail Missing from Logs

    Another possibility could be that this mail has not been subject to any filtering and went straight thru the appliance as legitimate mail AND at the same time a certain logging event type was not enabled (which is not enabled by default) and thus this email did not count among the number of Delivered emails in the PostGres database.

    If you cannot query the Legitimate emails - which is the case when you do not have a scanner type LG recorded in PostGres reporting database then this could be the cause.

     

    Attila

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points