Search filter

From Halon, SMTP software for hosting providers
Revision as of 08:44, 23 July 2019 by Erik (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Please visit the Knowledge base article for the latest updates.

Boolean search queries can be used when searching the history logs, queues and archives. It's implemented using three[1] logical operators; and, or and not. The and operator have precedence over or, and is implicit if not specified. The query

condition or condition2 condition3

therefore means "true if just condition match, or both condition2 and condition3 matches". Each condition has to be an comparison eq.

[email protected] or ip=

The following comparison operator are available.

Operator Type Example Description
= Equal [email protected] Requires an equal match
~ Like from~support Requires support to be found in the from field
~ Like from~support% Requires the from field to begin with support
~ Like Requires the from field to end with
> Greater time>0 Requires time to be greater than 0
< Less time<10 Requires time to be less than 10
not Not equal not [email protected] Requires an negative match

The following fields are available.

Field Type Example Description
messageid string messageid=b70a2fea-683a-11e1-91e4-000c294da5fc:32 Searches for the message ID
queueid number queueid=10003 Searches for the queue id
historyid number historyid=1234 Searches for the history id (log row)
actionid number actionid=1 Searches for the action id
server string server=mailserver:1 Searches for message arriving on mailserver:1
transport string transport=mailtransport:1 Searches for message sent to mailtransport:1
from string [email protected] Searches for message from [email protected]
to string [email protected] Searches for message to [email protected]
ip string ip= Searches for message from the IP
helo string Searches for the message sent with HELO/EHLO ""
sasl string sasl=john.doe Searches for the message sent by SASL username "john.doe"
subject string subject~test Searches for the message containing "test"
rawsubject string rawsubject~test Searches for the message containing "test" without decoding
action QUARANTINE, DELIVER, DELETE, BOUNCE, REJECT, DEFER, ERROR action=BOUNCE Searches for messages that has failed delivery (outbound)
time unix timestamp (UTC) time>1332235771 Searches for messages received after Tue Mar 20 10:29:31 CET 2012
quarantine string quarantine=mailquarantine:1 Limit search to one particular quarantine (only for queues)
rpdscore number rpdscore=spam Searches for messages with RPD score (support both textual and numeric scores)
rpdrefid string rpdrefid~str=000... Searches for messages with RPD refid
sascore number sascore>5 Searches for messages with SA score
retry number retry=0 Searches for messages in queue with specific retry count, delayed delivery in this case
retryts number retry>1332235771 Searches for messages in queue with specific retry timestamp (there is a special value available of "now", to represent current timestamp)
size number size>1M Searches for messages larger than 1 MiB (in bytes). Both "K" and "M" suffixes are supported
metadata.* string Searches for messages with metadata key foo and value bar

On the Operations > Activity > History and queue page, there are time input fields, in which you may specify the start and end time within the capabilities of PHP's strtotime function. They are available due to the fact that a time query may otherwise be very inconvenient to use.


Search for messages from or to or

Footnotes and references

  1. Regardless of and and or operator precedence, it's possible add different and grouped match groups with the && operator, in order to enforce a specific pre-condition; for example to restrict all searches from/to a specific domain.