Legitimate emails are moved to the FailedMails folder, are not shown in the Dashboard logs, and cannot be released from quarantine. How to reprocess these emails and prevent this behavior in the future?
Legitimate emails can be flagged by the different content filtering engines like the Decompression Engine or the Attachment Filtering Engine. If this process fails, these emails will not be shown in the Dashboard logs, and cannot be released from quarantine.
If the content filter engines fail while they process emails, those emails will be moved to the FailedMails folder. This is by design. To reprocess these emails, please follow the instructions from the Reprocessing Emails Wrongly Moved to the FailedMails Folder article.
To prevent the unwanted behavior in the future, the following solutions may be implemented:
- Emails that are blocked by the Attachment Filtering are blocked by the rule "Block all potentially malicious attachments". To avoid this you would need to update the existing rules as detailed in the Modifying Attachment Filtering Rules article, and remove the file types in question, or disable the rule if you feel it is convenient.
- Emails blocked by the Decompression Engine are caused by password-protected archives. Since the Decompression Engine does not allow exceptions, the workaround to exclude these files is detailed in the following support article Creating a Whitelist Policy for Password Protected Files, or to disable the rule if you feel it is convenient.