This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can an email that has been blocked be retrieved/looked at for analysis? I am looking to see what the blocked email contains. For example: links, files types, attachment types etc.

 I am wondering if there is a way to retrieve or look at a blocked email (as an admin) I am looking to see what the blocked email contains.  For example:  links, files types, attachment types etc.



This thread was automatically locked due to age.
Parents
  • Hello Chris,

    In the Additional Actions section, you can configure extra actions.

    Select Add a log entry if you want events that trigger this policy rule to be logged to the message policy log. Events are displayed in the log as key/value pairs with the form user_<key>=<value>, where user_ is added to beginning of the assigned key. The message policy log is accessible through either FTP backup or syslog.

    • Select Add or Replace to configure whether a log entry will be added or replaced.
      Note:
      If you select Add, there can be multiple entries of the same key, but with different values. For example, if multiple policies trigger, entries similar to the following will appear:
      user_policy=strip_suspect_attachment
      user_policy=quarantine_for_spam

      If you select Replace, and multiple log entries with the same key are present, all of them will be replaced.

    • In the Key text box, enter the key that you want to assign to this log entry.
      Note: Keys will be logged with the prefix user_. Keys may only contain alphanumeric characters, or the underscore ("_") character.
    • In the Value text box, enter the value that you want assigned as the key for this log entry.

    You can choose arbitrary key/value pairs.

    Let us know if you have any further questions.

    Regards,

    Aiman Ansari | Network & Security Engineer 

Reply
  • Hello Chris,

    In the Additional Actions section, you can configure extra actions.

    Select Add a log entry if you want events that trigger this policy rule to be logged to the message policy log. Events are displayed in the log as key/value pairs with the form user_<key>=<value>, where user_ is added to beginning of the assigned key. The message policy log is accessible through either FTP backup or syslog.

    • Select Add or Replace to configure whether a log entry will be added or replaced.
      Note:
      If you select Add, there can be multiple entries of the same key, but with different values. For example, if multiple policies trigger, entries similar to the following will appear:
      user_policy=strip_suspect_attachment
      user_policy=quarantine_for_spam

      If you select Replace, and multiple log entries with the same key are present, all of them will be replaced.

    • In the Key text box, enter the key that you want to assign to this log entry.
      Note: Keys will be logged with the prefix user_. Keys may only contain alphanumeric characters, or the underscore ("_") character.
    • In the Value text box, enter the value that you want assigned as the key for this log entry.

    You can choose arbitrary key/value pairs.

    Let us know if you have any further questions.

    Regards,

    Aiman Ansari | Network & Security Engineer 

Children
No Data