In some cases the second delivery confirmation audit entry is not visible to customers, so if a quarantine released message does not arrive, we recommend contacting your support team for a research request.
Quarantine mail is otherwise handled exactly the same as all other messages, once it is released from the queue it is immediately attempted against the server. If the server rejects the message, it is sent back to the sender and the original message is not retained in the system (identical to how clean messages are handled).
OK, but that is still flawed in the eyes of the client. Why wouldn't the confirmation audit entry be visable, when other quarantine releases do? We already checked the sender for the NDR after release, nothing was received, flaw number 2. As for clean messages, when are they held, other than during the store and forward processing during the scan?
As for the research request, what are we asking for and what will it produce, if Mcafee's own message audit report does not show it? Are there additional log reports available to provide the disposition of the released message? If it did not hit the recipients server and no NDR was sent to the sender, where is it?
Keeping a released message for a few day's would certainly offer a better solution. Unfortunately, this is a former Postini client who had that feature of reviewing released quarantined messages.
You are correct, a delivery confirmation should be visible, on occation it is not, in which case again, escalating a research request to have that looked at through your support team will be recommended.
As far as clean messages, they are not retained by the system except for the following circumstances:
- While quarantined for a policy violation, until released.
- While queued for a temporary failure when reaching the recipient server
- While queued due to a traffic delay in processing
- While in Disaster Recovery, and for a brief time following a Disaster Recovery situation.
At no other times are messages retained, and once a message is either delivered or rejected by the recipient server, it is released from the system. McAfee is not a mail host, and as such our system is not capable of retaining copies of the tens of billlions of messages that pass through (not to mention the possible liabilities). The SaaS System is designed to be as transparent as possible, if a message would not have been accepted without the McAfee system, it's going to be allowed to be rejected.
When you contact your support team, you're requesting research into a non-delivered release message. They will need the message audit details of the released message to escalate to McAfee Operations. Operations Engineers have access to the full raw MTA logs on the system (from which Message Audit is parsed, but includes MTA queues that are not for public consumption and additional reporting).
In situations dealing with a specific message, it is best to contact your support team with the details available (such as the initial message audit entry for the quarantined message). The communities are not going to be the best place to address account or message-specific questions.