Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1943
Views
5
Helpful
5
Replies

Reporting of released mails

AndreasEisele
Level 1
Level 1

‎02-15-2021 06:31 AM

Hello community,

 

is there a report which mails have been released in the last x days?

I need a report how many mails have been released from the different quarantines.

 

Thanks a lot

Andreas

Labels:
5 Replies 5

dmccabej
Cisco Employee
Cisco Employee

‎02-15-2021 08:12 AM

Hello,

 

I do not believe we have any reports for this, but, you could always search through the mail logs in the CLI for messages that have been released.

 

Some example commands:

 

grep "released from" mail_logs

grep "targeted for release" mail_logs

 

Thanks!

-Dennis M.

0 Helpful

AndreasEisele
Level 1
Level 1
In response to dmccabej

‎02-22-2021 01:18 AM

Hello Dennis,



i've tried your solution.

It doesn't match our requirements. The result shows all released messages (without taking care if the release was initiated manually or automatically).

If i search for the expression "released from all quarantines" it will still report to many messages.



The background is that we want to see if our (and the antispam) filters are correct or if there are to many manual releases on special filters.

I wonder if noone else has got the same question.



Kind regards

Andreas


0 Helpful

dmccabej
Cisco Employee
Cisco Employee
In response to AndreasEisele

‎02-23-2021 09:46 AM

Hello,

 

As Marc mentioned, there is no currently nothing prebuilt to complete this type of task, and you would need to gather/push the logs somewhere off-box to perform more complex queries. 

 

Thanks!

-Dennis M.

0 Helpful

marc.luescherFRE
Spotlight
Spotlight

‎02-22-2021 10:45 AM

There is no out of the box report for this use case.

You will need to import the mail logs into a SIEM or log analysis tool to make more complex queries.

 

Regards

Marc

0 Helpful

Siebe
Level 1
Level 1

‎02-24-2021 10:52 AM

Is the email being delivered to Exchange ? Maybe you can perform a search from that end. On IronPort go to: Mail Policies - incoming Mail Policies - Anti-Spam settings. Is "Add Text to Subject" configured. You can select Prepend and then add the text: [Suspected SPAM]. When the message is released it still has this subject. You could perform a search in Exchange for [Suspected SPAM].

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents