Skip to main content
My preferencesSign out
Proofpoint, Inc.

Troubleshooting email delivery problems using Email Logs

Situation You have email messages that are not delivered or quarantined and you're not sure why.
Solution

Understand the definitions in the Essentials mail logs, including:

  • Message Log Status definitions
  • Email Status definitions
  • Tips for Inbound and Outbound logs

 

Email Logs section of the Proofpoint Essentials Interface

Please note there are some items to understand in email logs. For example, Proofpoint Essentials only keep logs for a rolling 30 days, and search results are limited to 1000 messages.

To access these options, navigate to the Logs tab and after finding the desired messages, look in the Status column. 

Silent users do not have permission to log into the interface and cannot perform this action. Please contact your admin to research the logs.

When reviewing the logs for the desired recipient, you may narrow the search by inputting these parameters (and also speeding up your research process):

  • Recipient address
  • Sender address
  • Message subject

Load Time - Limit search parameters

Log loading will take longer for the wider ranger of information you review. Logs search faster by limiting your search parameters.

Using @domain will speed up the search but also do an exact match for the domain

Up to 1000 results will be returned in a table where you can use the search tool to perform a quick filter of the result set.  You may also select a message Status to further refine your search. A message log status can be defined as the following:

Any Message of any status listed below
Quarantined Message not delivered to end recipient
Reported (Misclassified) The user or admin has performed an action using an older product feature to report spam. We encourage users not to use the older features, but instead follow the False Positive/Negative reporting process.
Blocked Filter fired, message not delivered.
Cleared Message made it to end recipient.
Cleared (but queued for delivery) Message intended for delivery, has not cleared Proofpoint Essentials system.
Cleared (but bounced by destination) Message delivered, but end server bounced back.
Cleared (released from quarantine) Message initially not delivered, then released.

Hover your mouse over the status itself to see a tooltip with more information. You can also click on the log line to bring up the Email Detail page which contains the email's Permalink which we can use as reference if you need to contact support.

Email Statuses

An email can have any of the following statuses:

Delivered This message has been accepted by the SMTP destination server, has left Proofpoint Essentials, and should be arriving at the recipient any moment now if not already (unless something is very, very wrong with the SMTP destination server - in that case the administrator of THAT server will need to be notified ASAP).
Delayed This message cannot be delivered right now, but will be queued for 30 days and delivery will be retried at sane intervals.  The reason will be displayed in the tooltip, and may range from timeouts (server not available / firewall), to server configuration problems (the destination server's disk may be full...), etc. etc.  After 24h of queuing the sender gets notified.
Queued This could be a stuck state, or an intermediary state of a retry. If it is stuck, please contact support.
Bounced This message has been rejected by the SMTP destination server for any of a large number of reasons.  The most common reason is that the destination server only allows known email addresses and a typo has been made in the local part of the recipient email address (if the typo was in the domain, it would not have reached here in the first place).
<blank> If the Status column is empty, the message is still actively being queued for the first time and its status is still being determined.  It might be a large email, or the destination server is busy, or waiting for a connection timeout.
Quarantined This is the default Status of everything classified as Spam, and indicates that we have halted delivery, but the message may be released.

For INBOUND mail logs, if messages are not showing up here, please verify the following:

  • Ensure that your MX record is appropriately pointed to the correct server.
  • Ensure that the sender has the recipient address correctly spelled
  • Make sure the sender has sent the message. You May want to request to have their mail provider show the logs from their side.
  • A reasonable amount of time has passed.  Email is not an instantaneous protocol, and although most emails are pretty quick, there are no guarantees.  Many factors may influence this: large emails and clients with low bandwidth or out-of-hours prioritization, greylisting on poorly-configured clients, sender's synchronizing with outbound servers only periodically, temporary DNS problems, other transient internet conditions, etc. 

For OUTBOUND mail logs, if messages are not showing up here, please verify the following:

  • Their SMTP server name configuration in their mail client.

 

Support's assistance with connection level rejection

There are connection level rejections that will only show in the logs for support. If you suspect a message you can not find in the logs was rejected, you will need to open a support ticket. If possible, we would need the following to search for the rejection(s):  sender address, recipient address, or IP address of sending server along with a time.