Table 1 describes the actions the Barracuda Email Security Service takes with messages on the Overview > Message Log page.
Table 1. Message Actions
Action | Description |
---|---|
Account Suspended | If your Barracuda Email Security Service subscription expired more than 60 days ago, your account is marked as Suspended, and email are no longer scanned for spam. Note: Email is still scanned for viruses. |
Advanced Threat Protection | Message blocked by the Advanced Threat Protection (ATP) cloud-based virus scanning service. ATP is an advanced virus scanning service which, when enabled on the ATP Settings page, provides additional scanning for the attachment file types you specify. See also: |
Anti-Fraud | Barracuda Anti-Fraud Intelligence detected a potential phishing scheme, which could be used to gather confidential information about an organization or its individual users. |
Antivirus | The message had a virus attached. |
Attachment Content | Content in a message attachment matched a Message Content Filter rule specified on the Inbound Settings > Content Policies page. |
Attachment Filter | Content in a message attachment matched an attachment filter defined on either the Inbound Settings > Content Policies or the Outbound Settings > Content Policies page. |
ATP Exempt | Message was exempted by ATP scan. |
ATP Scan Inconclusive | Message was quarantined because the ATP scan timed out or resulted in an unknown response. |
AV Service Unavailable | The Scan Email for Viruses setting on the Inbound Settings > Anti-Spam/Antivirus page is set to Yes, but the virus scanning service was temporarily unavailable when the message came through. Note: The message is deferred and retried when the virus scanning service is available. |
BRTS | Barracuda Real-Time System (BRTS) detected a zero-hour spam or virus. This advanced service detects spam or virus outbreaks even where traditional heuristics and signatures to detect such messages do not yet exist. |
Barracuda Reputation | Message was sent from a particular IP address on the Barracuda Reputation Block List (BRBL). A list maintained by Barracuda Central that includes IP addresses of known spammers. |
Body Content | Message body content matched a Message Content Filter rule specified on the Inbound Settings > Content Policies page. |
Bulk Email | The Bulk Email Detection setting on the Inbound Settings > Anti-Spam/Antivirus page is set to Yes, and the message qualifies as Bulk. |
Cloudscan Service Unavailable | The Enable Cloudscan setting on the Inbound Settings > Anti-Spam/Antivirus page is set to Yes, but the Cloudscan spam scoring service was temporarily unavailable when the message came through. Note: The message is deferred and is retried when the Cloudscan service is available. |
Content Protected | The message has a password-protected archive attachment. See settings for Attachment Filter on the Inbound Settings > Content Policies and Outbound Settings > Content Policies pages. |
Content URL | The message contained one or more URLs listed in the Intent Domain Policies section on the Inbound Settings > Anti-Phishing page. |
DKIM | The DomainKeys Identified Mail (DKIM) setting on the Inbound Settings > Sender Authorization page is set to Quarantine or Block and the message is from a domain that fails DKIM verification. |
DMARC | The Domain Based Message Authentication (DMARC) setting on the Inbound Settings > Sender Authorization page is Enabled and the message is from a domain that fails DMARC verification. |
Email Categorization | Per settings on the Inbound Settings > Anti-spam/Antivirus page, email from this sender is categorized as not necessarily spam, but rather something that the user may have subscribed to at one time and may no longer wish to receive. For example, newsletters and memberships, or marketing information. Categories supported appear in the Message Log Reason as:
Email Categorization assigns some of these emails to specific categories which the admin can set to allow, block, or quarantine on the Inbound Settings > Anti-spam/Antivirus page. |
From Address | A sender or content rule for From Address was encountered. |
GeoIP Policies | Message blocked/quarantined based on a country of origin policy selected on the Inbound Settings > Regional Policies page. |
Header Content | Content in the message header matched a Message Content Filter rule specified on the Inbound Settings > Content Policies page. |
IP Address Policies | The sending IP address is listed as Blocked or Exempt on the Inbound Settings > IP Address Policies page. |
Image Analysis | Image Analysis identified this message as a bulk/spam message. |
Inbound TLS Required | On the Domains > Settings page, the setting Require TLS to Barracuda from these domains lists domains that must use a TLS connection when connecting to Email Gateway Defense. If a TLS connection was not used, then the inbound message is blocked with a reason of Inbound TLS Required. |
Intent Analysis | Intention Analysis identified this message as a bulk/spam message. |
Invalid Recipient | The To address does not exist on the mail server. |
Language Policies | Message blocked/quarantined based on the selected character class on the Inbound Settings > Regional Policies page. |
Malformed | The message did not conform to the SMTP protocol; for example, the Sender, From, Date, or other required fields may be empty. |
Message Delivery Interrupted | This error occurs when a sender’s connection drops during email transmission, or if a sender closes or quits their email editor before email transmission is complete. The message is deferred until the connection resumes and the email is successfully sent. |
Message Too Large | The message exceeded the maximum message size allowed by the destination mail server, which rejected the message. The Barracuda Email Security Service allows messages of up to 300 MB. |
No PTR Record | Action was taken because: (1) The Block on No PTR Records setting on the Inbound Settings > Sender Authentication page was set to Yes, and b ecause of (1), the Barracuda Email Security Service queried DNS for the SPF record of the sending domain, and no PTR record was found. |
Office Protected | The message has a password-protected Microsoft Office attachment. See settings for Attachment Filter on the Inbound Settings > Content Policies and Outbound Settings > Content Policies pages. |
Password Protected PDF Filtering | The message has a password-protected PDF attachment. See settings for Attachment Filter on the Inbound Settings > Content Policies and Outbound Settings > Content Policies pages. |
Pending Scan | When ATP is enabled with the Scan First, Then Deliver option, the message is deferred because attachment scanning is pending. The mail server retries later to check if the scan is complete and, if it is, delivers the message. |
PhishLine | Message was sent as part of a PhishLine campaign. |
Possible Mail Loop | IP address for the destination mail server is not correctly configured in the Barracuda Email Security Service, and may instead contain the IP address for the Barracuda Email Security Service, causing a mail loop. |
Predefined Attachment Content | An attachment contained content that matched a Predefined filter based on data leakage patterns (specific to United States). See the Outbound Settings > Content Policies page. |
Predefined Body Content | The message body contained content that matched a predefined filter based on data leakage patterns (specific to United States). See the Outbound Settings > Content Policies page. |
Predefined Filter Exceptions | The message body contained content that matched a predefined filter exception to HIPAA or Privacy content filters. See the Outbound Settings > Content Policies page. |
Predefined From Address | The message From address contained content that matched a predefined filter based on data leakage patterns (specific to United States). See the Outbound Settings > Content Policies page. |
Predefined Header Content | The message header contained content that matched a predefined filter based on data leakage patterns (specific to United States). See the Outbound Settings > Content Policies page. |
Predefined Subject Content | The message subject contained content that matched a predefined filter based on data leakage patterns (specific to United States). See the Outbound Settings > Content Policies page. |
Predefined To/CC Address | The message To/CC address contained content that matched a predefined filter based on data leakage patterns (specific to United States). See the Outbound Settings > Content Policies page. |
Rate Control | Sender IP address exceeded maximum number of allowed connections in a half-hour period. Note: The message is deferred unless the client continues to make connections. |
Realtime Block List | IP Reputation Analysis determined that the sending IP address is listed on a Real-Ttime Block List (RBL) or DNS Block List (DNSBL). |
Recipient | Action was taken because of a rule for the To address. |
Remediated by Barracuda Forensics | Barracuda Forensics & Incident Response remediated this email by deleting it from recipient's inbox. |
Remediated by Barracuda Sentinel | Barracuda Sentinel remediated this email either by deleting it from the recipient’s inbox or by moving it to the recipient's Junk mailbox. |
Score | The message score exceeded the Cloudscan Scoring setting on the Inbound Settings > Anti-Spam/Antivirus page. |
Sender Email Address | The message was blocked for sender email address. This sender is listed in the Barracuda email block list. |
Sender Policies | Action was taken because of settings configured on the Inbound Settings > Sender Policies page. |
Sender Policy Framework (SPF) | The Sender IP address is not listed as an allowed sender for the specified domain using the SPF protocol. |
Sender Spoof Protection | Action was taken because of a rule to block the "From" address that uses your domain. |
Subject Content | Content in the subject line matched a Message Content Filter rule specified on the Inbound Settings > Content Policies page. Note: A subject line of Message Has No Content indicates an incomplete SMTP transaction due to a failed connection. The log entry shows the from/to data, but has no header or body content. This mail includes messages that are malformed or are addressed to invalid recipients. |
Suspicious | Message deferred or blocked due to multi-level intent checks or Barracuda Anti-Fraud Intelligence checks, as configured on the Inbound Settings > Anti-spam/Antivirus page. |
System Sender Policies | The sender has been blocked per policy set by Barracuda Networks; this action prevents the Barracuda Email Security Service IP address from being blocked. Contact your email administrator if you have questions. Note: Applies to outbound mail. |
TLS Required | On the Outbound Settings > DLP/Encryption page, a TLS connection must be used when connecting to the recipient domains listed. If a TLS connection cannot be established, then the outbound message is not delivered and is blocked, with a reason of TLS Required. |
To/CC Address | Action was taken because of a recipient or content rule for To/CC Address. |
UI Delivered | For emails blocked or quarantined in the Message Log, the admin can manually deliver those messages. Once the message is delivered, the reason code for that message displays as Allowed with a reason of UI Delivered. |
When searching for messages in the Message Log, you can use the filters listed in Table 2.
Table 2. Search Filters.
Filter | Description |
---|---|
Inbound Mail | |
Allowed | Search for delivered messages. |
Not Allowed | Search for undelivered messages. To further refine your search, select Blocked, Deferred, or Quarantined. |
Blocked | Search for blocked messages. Messages are blocked due to a policy specified on the Inbound Settings and Outbound Settings pages. |
Deferred | Search for deferred messages. Indicates that the Barracuda Email Security Service returned a 4xx response to the sending mail server. There are several reasons for deferring messages:
|
Quarantined | Search for quarantined messages. Messages are quarantined due to policies specified on the Inbound Settings and Outbound Settings pages. |
Outbound Mail | |
Allowed | Search for delivered messages. |
Not Allowed | Search for undelivered messages. To further refine your search, select Blocked, Deferred, or Quarantined. |
Blocked | Search for blocked messages. Messages are blocked due to policies specified on the Inbound Settings and Outbound Settings pages. |
Deferred | Search for deferred messages. Indicates that the Barracuda Email Security Service returned a 4xx response to the sending mail server. There are several reasons for deferring messages:
|
Quarantined | Search for quarantined messages. Messages are quarantined due to policies specified on the Inbound Settings and Outbound Settings pages. |
Encrypted | Search for encrypted messages. The Barracuda Email Encryption Service encrypts messages due to policy as specified in the Inbound Settings and Outbound Settings pages. The Barracuda Email Security Service sends the message recipient(s) a notification email directing them to visit the Barracuda Message Center to retrieve the encrypted message. |
Rejected | Search for rejected messages. |
Email Spooling
You can enable Spooling if you want the Barracuda Email Security Service to retain all of your email for up to 96 hours if your mail server goes down. Select Yes to enable or No to disable. If Spooling is set to No and the service cannot connect to your mail server, the mail is deferred and the Delivery Status in the Message Log displays as Not Delivered. The sending mail server, depending on its configuration, has the option of retrying the message or notifying the sender that the mail was deferred or failed.