3 Replies Latest reply: Jul 17, 2013 6:44 PM by Brad McGarr RSS

    Non-delivery of released quarantine, why no backup option?


      Client releases message from quarantine, as seen below. However, there is no detail of the queue and delivery confirmation and client's own mail log shows no receipt or rejection detail. And before you ask, they only accept inbound relay from McAfee and do not use a firewall setting because of that.


      Why is there no backup, e.g hold released message for 3-days, or an inbound message saying it was undeliverable and reset for another queue? To just drop the message without the same processing as a clean message, makes no sense and unexcusable in mail handling. There needs to be some sort of backup, if the message can not be delivered, then at least keep a copy for a reasonable period of time. Client is not happy about this release process with no miminum fail-safe.


      Recipient Disposition: [250 Deferred; Mode: normal; Queued: no; Frontend TLS: yes; SPF: n/a]

      Message Disposition: [250 OK qs:6f5a1d15.0.2423446.00-2104.3899277.p01c12m014.mxlogic.net (Mode: normal); Backend TLS: n/a; Backend IP: n/a; Policy Set: Default Inbound]


      Detail: Released from Quarantine by: user@domain.com


      Missing from the message audit report


      Detail: message originated via queue

      Detail: successful delivery from dir[new]: 250 thanks, queued as






        • 1. Re: Non-delivery of released quarantine, why no backup option?
          Brad McGarr



          In some cases the second delivery confirmation audit entry is not visible to customers, so if a quarantine released message does not arrive, we recommend contacting your support team for a research request.


          Quarantine mail is otherwise handled exactly the same as all other messages, once it is released from the queue it is immediately attempted against the server. If the server rejects the message, it is sent back to the sender and the original message is not retained in the system (identical to how clean messages are handled).

          • 2. Re: Non-delivery of released quarantine, why no backup option?

            OK, but that is still flawed in the eyes of the client. Why wouldn't the confirmation audit entry be visable, when other quarantine releases do? We already checked the sender for the NDR after release, nothing was received, flaw number 2. As for clean messages, when are they held, other than during the store and forward processing during the scan?


            As for the research request, what are we asking for and what will it produce, if Mcafee's own message audit report does not show it? Are there additional log reports available to provide the disposition of the released message? If it did not hit the recipients server and no NDR was sent to the sender, where is it?


            Keeping a released message for a few day's would certainly offer a better solution. Unfortunately, this is a former Postini client who had that feature of reviewing released quarantined messages.

            • 3. Re: Non-delivery of released quarantine, why no backup option?
              Brad McGarr



              You are correct, a delivery confirmation should be visible, on occation it is not, in which case again, escalating a research request to have that looked at through your support team will be recommended.


              As far as clean messages, they are not retained by the system except for the following circumstances:

              • While quarantined for a policy violation, until released.
              • While queued for a temporary failure when reaching the recipient server
              • While queued due to a traffic delay in processing
              • While in Disaster Recovery, and for a brief time following a Disaster Recovery situation.


              At no other times are messages retained, and once a message is either delivered or rejected by the recipient server, it is released from the system. McAfee is not a mail host, and as such our system is not capable of retaining copies of the tens of billlions of messages that pass through (not to mention the possible liabilities). The SaaS System is designed to be as transparent as possible, if a message would not have been accepted without the McAfee system, it's going to be allowed to be rejected.


              When you contact your support team, you're requesting research into a non-delivered release message. They will need the message audit details of the released message to escalate to McAfee Operations. Operations Engineers have access to the full raw MTA logs on the system (from which Message Audit is parsed, but includes MTA queues that are not for public consumption and additional reporting).


              In situations dealing with a specific message, it is best to contact your support team with the details available (such as the initial message audit entry for the quarantined message). The communities are not going to be the best place to address account or message-specific questions.