Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
985 Views 3 Replies Latest reply: Jul 17, 2013 6:44 PM by Brad McGarr RSS
frankm Apprentice 62 posts since
Jan 10, 2013
Currently Being Moderated

Jul 17, 2013 3:59 PM

Non-delivery of released quarantine, why no backup option?

Client releases message from quarantine, as seen below. However, there is no detail of the queue and delivery confirmation and client's own mail log shows no receipt or rejection detail. And before you ask, they only accept inbound relay from McAfee and do not use a firewall setting because of that.

 

Why is there no backup, e.g hold released message for 3-days, or an inbound message saying it was undeliverable and reset for another queue? To just drop the message without the same processing as a clean message, makes no sense and unexcusable in mail handling. There needs to be some sort of backup, if the message can not be delivered, then at least keep a copy for a reasonable period of time. Client is not happy about this release process with no miminum fail-safe.

 

Recipient Disposition: [250 Deferred; Mode: normal; Queued: no; Frontend TLS: yes; SPF: n/a]

Message Disposition: [250 OK qs:6f5a1d15.0.2423446.00-2104.3899277.p01c12m014.mxlogic.net (Mode: normal); Backend TLS: n/a; Backend IP: n/a; Policy Set: Default Inbound]

 

Detail: Released from Quarantine by: user@domain.com

 

Missing from the message audit report

 

Detail: message originated via queue

Detail: successful delivery from dir[new]: 250 thanks, queued as

 

 

 

 

FrankM

  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012

    Frank,

     

    In some cases the second delivery confirmation audit entry is not visible to customers, so if a quarantine released message does not arrive, we recommend contacting your support team for a research request.

     

    Quarantine mail is otherwise handled exactly the same as all other messages, once it is released from the queue it is immediately attempted against the server. If the server rejects the message, it is sent back to the sender and the original message is not retained in the system (identical to how clean messages are handled).


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information
  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012

    Frank,

     

    You are correct, a delivery confirmation should be visible, on occation it is not, in which case again, escalating a research request to have that looked at through your support team will be recommended.

     

    As far as clean messages, they are not retained by the system except for the following circumstances:

    • While quarantined for a policy violation, until released.
    • While queued for a temporary failure when reaching the recipient server
    • While queued due to a traffic delay in processing
    • While in Disaster Recovery, and for a brief time following a Disaster Recovery situation.

     

    At no other times are messages retained, and once a message is either delivered or rejected by the recipient server, it is released from the system. McAfee is not a mail host, and as such our system is not capable of retaining copies of the tens of billlions of messages that pass through (not to mention the possible liabilities). The SaaS System is designed to be as transparent as possible, if a message would not have been accepted without the McAfee system, it's going to be allowed to be rejected.

     

    When you contact your support team, you're requesting research into a non-delivered release message. They will need the message audit details of the released message to escalate to McAfee Operations. Operations Engineers have access to the full raw MTA logs on the system (from which Message Audit is parsed, but includes MTA queues that are not for public consumption and additional reporting).

     

    In situations dealing with a specific message, it is best to contact your support team with the details available (such as the initial message audit entry for the quarantined message). The communities are not going to be the best place to address account or message-specific questions.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points