執行訊息追蹤和檢視結果Run a Message Trace and View Results

身為管理員,您可以找出有何電子郵件訊息在 Exchange 系統管理中心 (EAC) 中執行郵件追蹤。之後執行郵件追蹤,您在清單中,檢視結果,然後檢視特定郵件的相關詳細資料。郵件追蹤資料是提供過去 90 天。如果郵件超過 7 天,則結果只能檢視中下載。CSV 檔案。As an administrator, you can find out what happened to an email message by running a message trace in the Exchange admin center (EAC). After running the message trace, you can view the results in a list, and then view the details about a specific message. Message trace data is available for the past 90 days. If a message is more than 7 days old, the results can only be viewed in a downloadable .CSV file.

郵件追蹤和疑難排解工具其他郵件流程影片逐步解說,請參閱找出並修正為商務系統的 Office 365 的電子郵件傳遞問題For a video walkthrough of message trace and other mail flow troubleshooting tools, see Find and fix email delivery issues as an Office 365 for business admin.

開始之前有哪些須知?What do you need to know before you begin?

  • 如需資料何時可用及可用期間,請參閱Reporting and Message Trace in Exchange Online Protection中的 「 報告和郵件追蹤資料可用性和延遲 」 一節。For information about when data is available and for how long, see the "Reporting and message trace data availability and latency" section in Reporting and Message Trace in Exchange Online Protection.

  • 您必須獲得權限才能執行此程序或程序。若您需要哪些權限,請參閱的功能權限在 Exchange Online主題中的 「 郵件追蹤 」 項目。You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Message trace" entry in the Feature permissions in Exchange Online topic.

  • 如需適用於此主題中程序的快速鍵相關資訊,請參閱 Exchange 系統管理中心的鍵盤快速鍵For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

提示

有問題嗎?尋求 Exchange 論壇中的協助。請造訪在Exchange ServerExchange OnlineExchange Online Protection論壇。> 如果您是商務系統的 Office 365,您可以連絡 Office 365 商務支援Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server,Exchange Online, or Exchange Online Protection. > If you're an Office 365 for business admin, you can contact Office 365 for business support.

從 Office 365 系統管理中心移至 [郵件追蹤Go to message trace from the Office 365 admin center

  1. 使用工作或學校帳戶,登入 Office 365Sign in to Office 365 with your work or school account.

  2. 選取 [應用程式啟動器圖示Office 365 應用程式啟動器左上角中選擇 [系統管理Select the app launcher icon Office 365 app launcher in the upper-left and choose Admin.

  3. 左下瀏覽窗格中展開 [系統管理,並選擇 [ ExchangeIn the lower-left navigation, expand Admin and choose Exchange.

  4. 在 Exchange 系統管理中心 (EAC) 中,移至 [郵件流程 > 郵件追蹤In the Exchange admin center (EAC), go to mail flow > message trace

    Exchange 系統管理中心的螢幕擷取畫面顯示從郵件流程瀏覽功能表中選取了訊息追蹤。

執行郵件追蹤Run a message trace

  1. 在 EAC 中,瀏覽至 [郵件流程 > 郵件追蹤In the EAC, navigate to mail flow > message trace.

    Exchange 系統管理中心的螢幕擷取畫面顯示從郵件流程瀏覽功能表中選取了訊息追蹤。

  2. 視搜尋的內容而定,您可以在下列欄位中輸入值。針對低於 7 天的郵件,則不需要這些欄位。只要按一下 [搜尋],即可擷取預設期間 (過去 48 小時) 的所有郵件追蹤資料。Depending on what you are searching for, you can enter values in the following fields. None of these fields are required for messages that are less than 7 days old. You can simply click Search to retrieve all message trace data over the default time period, which is the past 48 hours.

  3. 日期範圍使用下拉式清單中,選取要搜尋的傳送或接收過去 24 小時內,48 小時] 或 [7 天的郵件。您也可以選取自訂的時間圖文框的過去 90 天內包含的任何範圍。自訂搜尋您也可以變更時區的國際標準時間 (UTC)。Date range Using the drop-down list, select to search for messages sent or received within the past 24 hours, 48 hours, or 7 days. You can also select a custom time frame that includes any range within the past 90 days. For custom searches you can also change the time zone, in Coordinated Universal Time (UTC).

  4. 傳遞狀態使用下拉式清單中,選取您要檢視的相關資訊的郵件狀態。保留預設值的所有以涵蓋所有的狀態。其他可能的值為:Delivery status Using the drop-down list, select the status of the message you want to view information about. Leave the default value of All to cover all statuses. Other possible values are:

    • 傳遞郵件已成功傳遞至預定目的地。Delivered The message was successfully delivered to the intended destination.

    • 失敗未傳送郵件。[遭到嘗試並失敗或未傳送因為篩選服務所採取的動作。例如,如果郵件已決定要包含惡意程式碼。Failed The message was not delivered. Either it was attempted and failed or it was not delivered as a result of actions taken by the filtering service. For example, if the message was determined to contain malware.

    • 暫止正在郵件的傳送嘗試或重新嘗試。Pending Delivery of the message is being attempted or re-attempted.

    • 延伸郵件已傳送至通訊群組清單,並已展開,所以可個別檢視清單的成員。Expanded The message was sent to a distribution list and was expanded so the members of the list can be viewed individually.

    • 未知在此階段是未知的郵件傳遞狀態。當列查詢的結果時,請傳遞的詳細資料欄位不會包含任何資訊。Unknown The message delivery status is unknown at this time. When the results of the query are listed, the delivery details fields will not contain any information.

      重要

      如果您是針對超過 7 天的項目執行郵件追蹤,則無法選取 [擱置][未知]If you are running a message trace for items that are greater than 7 days old, you cannot select Pending or Unknown.

  5. 郵件識別碼這是與郵件標頭中找到的網際網路郵件識別碼 (也稱為用戶端識別碼) 」 訊息識別碼:"token。使用者可以提供您使用此資訊以調查特定的郵件。Message ID This is the Internet message ID (also known as the Client ID) found in the header of the message with the "Message-ID:" token. Users can provide you with this information in order to investigate specific messages.

    此識別碼的形式傳送的郵件系統而異。以下是範例: <08f1e0f6806a47b4ac103961109ae6ef@server.domain>。The form of this ID varies depending on the sending mail system. The following is an example: <08f1e0f6806a47b4ac103961109ae6ef@server.domain>.

    注意

    請務必包含完整的訊息識別碼字串。這可能會包含角括弧 (<>)。Be sure to include the full Message ID string. This may include angle brackets (<>).

    此識別碼應該是唯一的。不過,取決於傳送的郵件系統產生的並不是所有傳送的郵件系統的行為方式相同。因此,有您可能會結果取得多個郵件時於單一的訊息識別碼查詢可能性This ID should be unique; however, it is dependent on the sending mail system for generation and not all sending mail systems behave the same way. As a result, there's a possibility that you may get results for multiple messages when querying upon a single Message ID.

  6. 寄件者您可以按一下 [寄件者] 欄位旁的 [新增寄件者] 按鈕來縮小搜尋特定的寄件者。在隨後出現的對話方塊中,從您的公司使用者選擇清單中選取一或多個寄件者] 和 [新增]。若要新增寄件者不在清單上,輸入其電子郵件地址,按一下 [檢查名稱。在此方塊中的電子郵件地址格式支援萬用字元: *@contoso.com。指定之萬用字元時, 不能使用其他地址。當您完成您的選擇時,按一下 [確定]Sender You can narrow the search for specific senders by clicking the Add sender button next to the Sender field. In the subsequent dialog box, select one or more senders from your company from the user picker list and then click Add. To add senders who aren't on the list, type their email addresses and click Check names. In this box, wildcards are supported for email addresses in the format: *@contoso.com. When specifying a wildcard, other addresses can't be used. When you're done with your selections, click OK.

  7. 收件者您可以按一下 [收件者] 欄位旁的 [新增收件者] 按鈕會逐漸特定收件者的搜尋。在隨後出現的對話方塊中,從您的公司使用者選擇清單中選取一或多個收件者] 和 [新增]。若要新增的收件者不在清單上,輸入其電子郵件地址,按一下 [檢查名稱。在此方塊中的電子郵件地址格式支援萬用字元: *@contoso.com。指定之萬用字元時, 不能使用其他地址。當您完成您的選擇時,按一下 [確定]Recipient You can narrow the search for specific recipients by clicking the Add recipient button next to the Recipient field. In the subsequent dialog box, select one or more recipients from your company from the user picker list and then click Add. To add recipients who aren't on the list, type their email addresses and click Check names. In this box, wildcards are supported for email addresses in the format: *@contoso.com. When specifying a wildcard, other addresses can't be used. When you're done with your selections, click OK.

  8. 如果您搜尋超過 7 天的郵件,指定下列參數值 (否則您可以略過此步驟):If you're searching for messages that are greater than 7 days old, specify the following parameter values (otherwise you can skip this step):

  9. 包含郵件事件及使用報表的路由詳細資料建議您選取此核取方塊只有當您想採用一或數個特定郵件,因為包括事件詳細資料會導致較大報表的程序花費的時間。Include message events and routing details with report We recommend selecting this check box only if you're targeting one or a few specific messages, because including event details will result in a larger report that takes longer to process.

  10. 方向使用下拉式清單中,選取您要搜尋的所有郵件 (這是預設值),輸入訊息傳送給您的組織或從您的組織傳送的輸出郵件。Direction Using the drop-down list, select whether you want to search for All messages (this is the default), Inbound messages sent to your organization, or Outbound messages sent from your organization.

  11. 原始用戶端 IP 位址指定寄件者的用戶端的 IP 位址。Original client IP address Specify the IP address of the sender's client.

  12. 報表標題指定此報表的唯一識別碼。這會也可作為的主旨行文字的電子郵件通知。預設值為 「 郵件追蹤報告<日當週的>、<目前日期><目前時間>"。例如,「 郵件追蹤報告 2013 年 10 月 17、 星期四 7:21:09 AM"。Report title Specify the unique identifier for this report. This will also be used as the subject line text for the email notification. The default is "Message trace report <day of the week>, <current date> <current time>". For example, "Message trace report Thursday, October 17, 2013 7:21:09 AM".

  13. 通知電子郵件地址 指定想要在郵件追蹤完成時接收到通知的電子郵件地址。此地址必須位於公認的網域清單內。Notification email address Specify the email address that you want to receive the notification when the message trace completes. This address must reside within your list of accepted domains.

  14. 按一下 [搜尋] 執行郵件追蹤]。您將會收到警告如果您正在接近您要允許透過在 24 小時期間內執行的追蹤項目數量的臨界值。Click Search to run the message trace. You'll be warned if you're nearing the threshold of the amount of traces you're allowed to run over a 24 hour period.

在執行您的郵件追蹤,視您要搜尋之郵件的小於或超過 7 天後繼續執行其中下列各節來了解如何檢視您的結果。After running your message trace, depending on whether you're searching for messages that are less than or greater than 7 days old, proceed to one of the next sections to read about how to view your results.

注意

若要搜尋不同的郵件,您可以按一下 [清除] 按鈕,然後指定新的搜尋準則。To search for a different message, you can click the Clear button and then specify new search criteria.

檢視低於 7 天之郵件的郵件追蹤結果View message trace results for messages that are less than 7 days old

提示

如需檢視超過 7 天之郵件的郵件追蹤結果的詳細資訊,請參閱 <檢視郵件追蹤結果會超過 7 天的郵件For information about viewing message trace results for messages that are greater than 7 days old, see View message trace results for messages that are more than 7 days old.

在 EAC 中執行郵件追蹤後,將會依照日期列出結果,最近的郵件會最先出現。您可以按一下欄標頭,依照所列的任何欄位排序。再按一下欄標頭,就會反轉排序順序。檢視郵件追蹤結果時,系統會提供每封郵件的下列資訊:After running the message trace in the EAC, the results will be listed, sorted by date, with the most recent message appearing first. You can sort on any of the listed fields by clicking their headers. Clicking a column header a second time will reverse the sort order. When viewing message trace results, the following information is provided about each message:

  • 日期日期和時間的收到郵件服務,使用設定的 UTC 時區。Date The date and time at which the message was received by the service, using the configured UTC time zone.

  • 寄件者表單別名的寄件者的電子郵件地址 @ 網域Sender The email address of the sender in the form alias @ domain .

  • 收件者收件者或收件者的電子郵件地址。傳送至多個收件者的郵件,有收件者每一列。如果收件者的通訊群組清單、 通訊群組清單會是第一個收件者和通訊群組清單的每一個成員則將會包含在單獨的一行,讓您可以檢查狀態的所有收件者。Recipient The email address of the recipient or recipients. For messages sent to more than one recipient, there is one line per recipient. If the recipient is a distribution list, the distribution list will be the first recipient, and then each member of the distribution list will be included on a separate line so that you can check the status for all recipients.

  • 主旨郵件的主旨行文字。如有必要,這是無條件捨去至前 256 個字元。Subject The subject line text of the message. If necessary, this is truncated to the first 256 characters.

  • 狀態此欄位會指定郵件是否已傳遞至收件者或預定的目的地,傳遞至收件者的失敗(可以是因為它無法到達其目的地或被篩選)、擱置中傳遞 (它是其中一個程序會傳遞或傳遞已延遲,但已重新嘗試),已Expanded (有無傳遞因為將郵件傳送給 DL 的收件者已展開通訊群組清單 (DL)),或具有(有無狀態的訊息傳遞給收件者因為郵件已拒絕或重新導向至不同的收件者) 的狀態。Status This field specifies whether the message was Delivered to the recipient or the intended destination, Failed to be delivered to the recipient (either because it failed to reach its destination or because it was filtered), is Pending delivery (it is either in the process of being delivered or the delivery was deferred but is being re-attempted), was Expanded (there was no delivery because the message was sent to a distribution list (DL) that was expanded to the recipients of the DL), or has a status of None (there is no status of delivery for the message to the recipient because the message was either rejected or redirected to a different recipient).

注意

郵件追蹤的顯示上限為 500 個項目。依預設,使用者介面每頁會顯示 50 個項目,而且您可以瀏覽這些頁面。您也可以變更每頁的項目數多寡,最多可到 500 個。The message trace can display a maximum of 500 entries. By default, the user interface displays 50 entries per page, and you can navigate through the pages. You can also change the entry size of each page up to 500.

檢視低於 7 天之特定郵件的詳細資料View details about a specific message that is less than 7 days old

檢閱在 EAC 中執行郵件追蹤所傳回的項目清單之後,按兩下個別郵件,即可檢視有關郵件的下列詳細資料:After you review the list of items returned by running the message trace in the EAC, you can double-click an individual message to view the following additional details about the message:

  • 郵件大小Kb (KB) 含附件的郵件大小或如果郵件大小大於 999 kb 則 (mb)。Message size The size of the message, including attachments, in kilobytes (KB), or, if the message size is greater than 999 KBs, in megabytes (MB).

  • 郵件識別碼這是與郵件標頭中找到的網際網路郵件識別碼 (也稱為用戶端識別碼) 」 訊息識別碼:"token。形式傳送的郵件系統而異。以下是範例: * <08f1e0f6806a47b4ac103961109ae6ef* @ 伺服器網域>. Message ID This is the Internet message ID (also known as the Client ID) found in the header of the message with the "Message-ID:" token. The form of this varies depending on the sending mail system. The following is an example: <08f1e0f6806a47b4ac103961109ae6ef @ server . domain >.

    此 ID 必須是唯一的;但是,它的產生依存於傳送郵件系統,而且並非所有傳送郵件系統的行為都相同。因此,查詢單一郵件 ID 時,可能會取得多封郵件的結果。This ID should be unique, however, it is dependent on the sending mail system for generation and not all sending mail systems behave the same way. As a result, there is a possibility that you may get results for multiple messages when querying upon a single Message ID.

    這會以輸出形式提供,以便追蹤項目和有問題的郵件可以產生關聯。This is given as output so that trace entries and the messages in question can be co-related.

  • 至 IP要服務會嘗試將郵件傳遞的 IP 位址或位址。如果有多個收件者,則會顯示這些。內送郵件傳送至 Exchange Online,這個值是空白的。To IP The IP address or addresses to which the service attempted to deliver the message. If there are multiple recipients, these are displayed. For inbound messages sent to Exchange Online, this value is blank.

  • 來自 IP傳送訊息的電腦 IP 位址。從 Exchange Online 傳送輸出的郵件,這個值是空白的。From IP The IP address of the computer that sent the message. For outbound messages sent from Exchange Online, this value is blank.

在事件區段中,下列欄位提供當郵件通過訊息管線時所發生事件的相關資訊:In the events section, the following fields provide information about the events that occurred to the message as it passed through the messaging pipeline:

  • 日期日期與時間會發生此事件。Date The date and time that the event occurred.

  • 事件此欄位簡要通知您有何變化,例如若收到郵件服務,如果它已傳遞或無法傳遞至預定的收件者、 等等。以下是可能會列出的事件的範例:Event This field briefly informs you of what happened, for example if the message was received by the service, if it was delivered or failed to be delivered to the intended recipient, and so on. The following are examples of events that may be listed:

    • 接收服務所收到郵件。RECEIVE The message was received by the service.

    • 傳送服務已傳送郵件。SEND The message was sent by the service.

    • 失敗郵件無法傳遞。FAIL The message failed to be delivered.

    • 傳遞郵件已傳遞至信箱。DELIVER The message was delivered to a mailbox.

    • 展開郵件已傳送至展開的通訊群組。EXPAND The message was sent to a distribution group that was expanded.

    • 傳輸收件者已移至緣故郵件由於內容轉換、 郵件收件者限制或代理程式。TRANSFER Recipients were moved to a bifurcated message because of content conversion, message recipient limits, or agents.

    • DEFER郵件傳遞已延遲,且可以稍後再試。DEFER The message delivery was postponed and may be re-attempted later.

    • 已解決郵件已重新導向至新的收件者地址根據 Active Directory 查詢。當發生這種情況的原始收件者地址會列在郵件追蹤郵件最終的傳遞狀態中的個別資料列。RESOLVED The message was redirected to a new recipient address based on an Active Directory look up. When this happens, the original recipient address is listed in a separate row in the message trace along with the final delivery status for the message.

      提示

      可能會出現其他事件 ;如需這些的詳細資訊,請參閱 「 郵件追蹤記錄檔中的事件類型 」 一節中郵件追蹤Additional events may appear; for more information about these, see the "Event types in the message tracking log" section in Message Tracking.

  • 巨集指令此欄位會顯示如果郵件因為惡意程式碼或垃圾郵件偵測符合規則篩選所執行的動作。例如,它會讓您知道如果郵件遭到刪除或其已傳送至隔離區。Action This field shows the action that was performed if the message was filtered due to a malware or spam detection or a rule match. For example, it will let you know if the message was deleted or if it was sent to the quarantine.

  • 詳細資料此欄位上有何變化提供 elaborates 的詳細的資訊。例如,可能會通知已符合哪個特定傳輸規則,和何因為出現相符的郵件。它也可以通知您的特定的惡意程式碼偵測到的哪個特定的附件或為什麼郵件被視為垃圾郵件。如果已成功傳遞郵件,它會告訴您它已傳送的 IP 位址。Detail This field provides detailed information that elaborates on what happened. For example, it may inform you which specific transport rule was matched, and what happened to the message as a result of that match. It can also inform you which specific malware was detected in which specific attachment, or why a message was detected as spam. If the message was successfully delivered, it can tell you the IP address to which it was delivered.

檢視超過 7 天之郵件的郵件追蹤結果View message trace results for messages that are more than 7 days old

提示

如需檢視少於 7 天之郵件的郵件追蹤結果的詳細資訊,請參閱View message trace results for messages that are less than 7 days oldFor information about viewing message trace results for messages that are less than 7 days old, see View message trace results for messages that are less than 7 days old.

如果您執行的項目大於 7 天,當您按一下 [搜尋] 應該會出現訊息讓您知道郵件已成功送出、 郵件追蹤和電子郵件通知就會傳送給提供電子郵件地址時追蹤已完成。(如果在處理郵件追蹤和成功擷取符合搜尋準則的資料,此通知訊息將會包含追蹤和可下載連結的相關資訊。CSV 檔案。如果沒有資料所找到的相符的指定,將系統要求中已變更的準則與新要求送出的搜尋準則順序來取得有效的結果。)If you run a message trace for items that are greater than 7 days old, when you click Search a message should appear letting you know that the message was successfully submitted, and that an email notification will be sent to the supplied email address when the trace has completed. (If the message trace is processed and data that matches your search criteria is successfully retrieved, this notification message will include information about the trace and a link to the downloadable .CSV file. If no data was found that matched the search criteria you specified, you'll be asked to submit a new request with changed criteria in order to obtain valid results.)

在 EAC 中,您可以按一下 [檢視擱置或已完成追蹤],以檢視已針對超過 7 天的項目執行的追蹤清單。在產生的 UI 中,會根據提交日期和時間來排序追蹤清單,並且先顯示最新的提交。除了報告標題、追蹤提交日期和時間以及報告中的郵件數目之外,還會列出下列狀態值:In the EAC, you can click View pending or completed traces in order to view a list of traces that were run for items that are greater than 7 days old. In the resulting UI, the list of traces is sorted based on the date and time that they were submitted, with the most recent submissions appearing first. In addition to the report title, the date and time the trace was submitted, and the number of messages in the report, the following status values are listed:

  • 未啟動已送出但不是尚未執行追蹤。此時,您必須取消追蹤的選項。Not started The trace was submitted but is not yet running. At this point, you have the option to cancel the trace.

  • 取消已送出但已取消追蹤。Cancelled The trace was submitted but was cancelled.

  • 進行中追蹤執行,因此您無法取消追蹤或下載結果。In progress The trace is running and you cannot cancel the trace or download the results.

  • 完成完成追蹤,且您可以按一下 [下載這份報告來擷取的結果。CSV 檔案。請注意是否您的郵件追蹤結果超過 5000 訊息的摘要報告,它會截斷至第一次 5000 的郵件。如果您的郵件追蹤結果超過 3000 郵件的詳細報告,它會截斷至第一次 3000 的郵件。如果看不到您所需要的所有結果,我們建議該符號延展搜尋到多個查詢。Completed The trace has completed and you can click Download this report to retrieve the results in a .CSV file. Note that if your message trace results exceed 5000 messages for a summary report, it will be truncated to the first 5000 messages. If your message trace results exceed 3000 messages for a detailed report, it will be truncated to the first 3000 messages. If you do not see all the results that you need, we recommend that break your search out into multiple queries.

當您選取特定郵件追蹤時,其他資訊會顯示在右窗格中。根據指定的搜尋準則,這可能會包括詳細資料 (例如,執行追蹤的日期範圍,以及郵件的寄件者和預定收件者)。When you select a specific message trace, additional information appears in the right pane. Depending on what search criteria you specified, this may include details such as the date range for which the trace was run, and the sender and intended recipients of the message.

注意

在 EAC 中 10 天後自動刪除郵件追蹤資料包含超過 7 天的資料。他們無法手動刪除。Message traces containing data that is more than 7 days old are automatically deleted in the EAC after 10 days. They can't be manually deleted.

檢視報告詳細資料超過 7 天的特定訊息View report details about a specific message that is more than 7 days old

當您下載和檢視郵件追蹤報告時 (從 EAC 中的 [檢視擱置或已完成追蹤] UI 或通知電子郵件),其內容取決於是否已選取 [報告包括郵件事件和路由詳細資料] 選項。When you download and view a message trace report, either from the View pending or completed traces UI in the EAC or from a notification email, its contents depend on whether you have selected the Include message events and routing details with report option.

重要

若要檢視已下載的郵件追蹤報告,您必須指派給角色群組的 「 僅檢視收件者 」 RBAC 角色。根據預設,下列角色群組已指派給此角色: 相符性管理、 Help Desk、 檢疫管理、 組織管理、 View-Only Organization Management。In order to view the downloaded message trace report, you must have the "View-Only Recipients" RBAC role assigned to your role group. By default, the following role groups have this role assigned: Compliance Management, Help Desk, Hygiene Management, Organization Management, View-Only Organization Management.

檢視沒有路由詳細資料的郵件追蹤報告Viewing a message trace report without routing details

如果您沒有加入路由詳細資料執行郵件追蹤時中, 會包含下列資訊。CSV 檔案,您可以在像是 Microsoft Excel 的應用程式中開啟:If you didn't include routing details when running the message trace, the following information is included in the .CSV file, which you can open in an application such as Microsoft Excel:

  • origin_timestamp日期和時間的收到郵件服務,使用設定的 UTC 時區。origin_timestamp The date and time at which the message was received by the service, using the configured UTC time zone.

  • sender_address 採用表單別名的寄件者的電子郵件地址 @ 網域sender_address The email address of the sender in the form alias @ domain .

  • Recipient_status將郵件傳送至收件者的狀態。如果郵件傳送給多個收件者,它會顯示所有收件者並針對每個格式對應的狀態: <電子郵件地址>##<狀態>。例如,的狀態: Recipient_status The status of the delivery of the message to the recipient. If the message was sent to multiple recipients, it will show all the recipients and the corresponding status against each, in the format: < email address >##< status >. For example, a status of:

    • [##接收、傳送] 表示服務已接收到郵件,並將郵件傳送至預定目的地。##Receive, Send means that the message was received by the service and sent to the intended destination.

    • [##接收、失敗] 表示服務已接收到郵件,但無法將郵件傳遞至預定目的地。##Receive, Fail means that the message was received by the service but failed to be delivered to the intended destination.

    • ##Receive、 傳遞表示郵件已經服務接收到並傳遞至收件者的信箱。##Receive, Deliver means that the message was received by the service and delivered to the recipient's mailbox.

  • message_subject郵件的主旨行文字。如有必要,這是無條件捨去至前 256 個字元。message_subject The subject line text of the message. If necessary, this is truncated to the first 256 characters.

  • total_bytes以位元組為單位含附件的郵件大小。total_bytes The size of the message, including attachments, in bytes.

  • message_id這是與郵件標頭中找到的網際網路郵件識別碼 (也稱為用戶端識別碼) 」 訊息識別碼:"token。形式傳送的郵件系統而異。以下是範例: < 08f1e0f6806a47b4ac103961109ae6ef @ 伺服器網域>. message_id This is the Internet message ID (also known as the Client ID) found in the header of the message with the "Message-ID:" token. The form of this varies depending on the sending mail system. The following is an example: < 08f1e0f6806a47b4ac103961109ae6ef @ server . domain >.

    此 ID 必須是唯一的;但是,它的產生依存於傳送郵件系統,而且並非所有傳送郵件系統的行為都相同。因此,查詢單一郵件 ID 時,可能會取得多封郵件的結果。This ID should be unique, however, it is dependent on the sending mail system for generation and not all sending mail systems behave the same way. As a result, there is a possibility that you may get results for multiple messages when querying upon a single Message ID.

    這會以輸出形式提供,以便追蹤項目和有問題的郵件可以產生關聯。This is given as output so that trace entries and the messages in question can be co-related.

  • network_message_id這是可能會因為複本發送或通訊群組擴充而建立的郵件的副本會套用到唯一訊息識別碼值。範例值為 1341ac7b13fb42ab4d4408cf7f55890f。network_message_id This is a unique message ID value that persists across copies of the message that may be created due to bifurcation or distribution group expansion. An example value is 1341ac7b13fb42ab4d4408cf7f55890f.

  • original_client_ip寄件者的用戶端的 IP 位址。original_client_ip The IP address of the sender's client.

  • 方向此欄位表示郵件已傳送 (1),您的組織或送出 (2) 從您的組織。directionality This field denotes whether the message was sent inbound (1) to your organization, or whether it was sent outbound (2) from your organization.

  • connector_id來源或目的地的傳送連接器] 或 [接收連接器的名稱。例如, ServerName \ ConnectorName ** 。connector_id The name of the source or destination Send connector or Receive connector. For example, ServerName \ ConnectorName or ConnectorName .

  • delivery_priority表示是否傳送郵件]、 [] 或 [內文的優先順序。delivery_priority Denotes whether the message was sent with High, Low, or Normal priority.

檢視含路由詳細資料的郵件追蹤報告View a message trace report with routing details

如果執行郵件追蹤時包含路由的詳細資訊,請中會包含來自郵件追蹤記錄檔的所有資訊。CSV 檔案,您可以在像是 Microsoft Excel 的應用程式中開啟。包含在此報告中的值的一些說明前] 區段中,而其他值可能會很有用調查用途的說明主題中的郵件追蹤」 欄位中的郵件追蹤記錄檔] 區段中。If you included routing details when running the message trace, all information from the message tracking logs is included in the .CSV file, which you can open in an application such as Microsoft Excel. Some of the values included in this report are described in the prior section, while other values that may be useful for investigative purposes are described in the "Fields in the message tracking log files" section in the Message Tracking topic.

custom_data 欄位The custom_data field

此外, custom_data欄位可能包含專屬的篩選服務的值。Custom_data 欄位 AGENTINFO 事件中的是各種不同的代理程式所使用的代理程式的處理郵件的記錄的詳細資訊。某些郵件資料保護與相關專員是下方所述。Additionally, the custom_data field may contain values that are specific to the filtering service. The custom_data field in an AGENTINFO event is used by a variety of different agents to log details from the agent's processing of the message. Some of the message data protection related agents are described below.

垃圾郵件篩選代理程式 (S:SFA)Spam Filter Agent (S:SFA)

開頭為 S:SFA 的字串是來自垃圾郵件篩選代理程式的項目,以及提供下列重要詳細資料:A string beginning with S:SFA is an entry from the spam filter agent and provides the following key details:

記錄資訊Log Information
描述Description
SFV=NSPMSFV=NSPM
郵件標記為非垃圾郵件,並傳送給預定的收件者。The message was marked as non-spam and was sent to the intended recipients.
SFV=SPMSFV=SPM
內容篩選已將郵件標記為垃圾郵件。The message was marked as spam by the content filter.
SFV=BLKSFV=BLK
已略過篩選,且郵件來自封鎖的寄件者,所以封鎖郵件。Filtering was skipped and the message was blocked because it originated from a blocked sender.
SFV=SKSSFV=SKS
內容篩選在處理郵件前,已將郵件標記為垃圾郵件。這包括符合傳輸規則因此自動標記為垃圾郵件,因而略過所有其他篩選的郵件。The message was marked as spam prior to being processed by the content filter. This includes messages where the message matched a Transport rule to automatically mark it as spam and bypass all additional filtering.
SCL = < 數目 >SCL= < number >
如需不同 SCL 值和其意義的詳細資訊,請參閱Spam Confidence LevelsFor more information about the different SCL values and what they mean, see Spam Confidence Levels.
PCL = < 數目 >PCL= < number >
郵件的網路釣魚信賴等級 (PCL) 值。這些值的解譯方式與Spam Confidence Levels中所記載的 SCL 值相同。The Phishing Confidence Level (PCL) value of the message. These can be interpreted the same way as the SCL values documented in Spam Confidence Levels.
DI=SBDI=SB
已封鎖郵件的寄件者。The sender of the message was blocked.
DI=SQDI=SQ
已隔離郵件。The message was quarantined.
DI=SDDI=SD
已刪除郵件。The message was deleted.
DI=SJDI=SJ
郵件已傳送給收件者的垃圾郵件] 資料夾。The message was sent to the recipient's Junk Email folder.
DI=SNDI=SN
郵件已透過較高風險傳遞集區。如需詳細資訊,請參閱 <的外寄郵件的較高風險傳遞集區The message was routed through the higher risk delivery pool. For more information, see Higher risk delivery pool for Outbound Messages.
DI=SODI=SO
已透過標準輸出傳遞集區路由傳送郵件。The message was routed through the normal outbound delivery pool.
SFS = []SFS=[a] SFS = [b] [SFS=[b]
IPV=CALIPV=CAL
因為 IP 位址指定於連線篩選的 [IP 允許] 清單中,所以已透過垃圾郵件篩選允許郵件。The message was allowed through the spam filters because the IP address was specified in an IP Allow list in the connection filter.
H=[helostring]H=[helostring]
連線郵件伺服器的 HELO 或 EHLO 字串。The HELO or EHLO string of the connecting mail server.
PTR = [ReverseDNS]PTR=[ReverseDNS]
傳送 IP 位址 (也稱為反向 DNS 位址) 的 PTR 記錄。The PTR record of the sending IP address, also known as the reverse DNS address.

篩選郵件是否為垃圾郵件時,範例 custom_data 項目會與下面類似:When a message is filtered for spam, a sample custom_data entry would look similar to the following:

S:SFA=SUM|SFV=SPM|IPV=CAL|SRV=BULK|SFS=470454002|SFS=349001|SCL=9|SCORE=-1|LIST=0|DI=SN|RD=ftmail.inc.com|H=ftmail.inc.com|CIP=98.129.140.74|SFP=1501|ASF=1|CTRY=US|CLTCTRY=|LANG=en|LAT=287|LAT=260|LAT=18;S:SFA=SUM|SFV=SPM|IPV=CAL|SRV=BULK|SFS=470454002|SFS=349001|SCL=9|SCORE=-1|LIST=0|DI=SN|RD=ftmail.inc.com|H=ftmail.inc.com|CIP=98.129.140.74|SFP=1501|ASF=1|CTRY=US|CLTCTRY=|LANG=en|LAT=287|LAT=260|LAT=18;

惡意程式碼篩選代理程式 (S:AMA)Malware Filter Agent (S:AMA)

開頭為 S:AMA 的字串是來自反惡意程式碼代理程式的項目,以及提供下列重要詳細資料:A string beginning with S:AMA is an entry from the anti-malware agent and provides the following key details:

記錄資訊Log Information
描述Description
AMA = SUMAMA=SUM v = 1v=1
Action=rAction=r
已取代郵件。The message was replaced.
Action=pAction=p
已略過郵件。The message was bypassed.
Action=dAction=d
已延遲郵件。The message was deferred.
Action=sAction=s
已刪除郵件。The message was deleted.
Action=stAction=st
已略過郵件。The message was bypassed.
Action=syAction=sy
已略過郵件。The message was bypassed.
Action=niAction=ni
已拒絕郵件。The message was rejected.
Action=neAction=ne
已拒絕郵件。The message was rejected.
Action=bAction=b
已封鎖郵件。The message was blocked.
名稱 =< 惡意程式碼 >Name=< malware >
偵測到之惡意程式碼的名稱。The name of the malware that was detected.
檔案 =< filename >File=< filename >
含有惡意程式碼之檔案的名稱。The name of the file that contained the malware.

郵件包含惡意程式碼時,範例 custom_data 項目會類似下面的內容:When a message contains malware, a sample custom_data entry would look similar to the following:

S:AMA = SUM | v = 1 | 巨集指令 = b | 錯誤 = | atch = 1;S:AMA=EV|engine=M|v=1|sig=1.155.974.0|name=DOS/Test_File|file=filename;S:AMA = EV | 引擎 = A | v = 1 | 簽章 = 201307282038 | 名稱 = Test_File | 檔案 = filenameS:AMA=SUM|v=1|action=b|error=|atch=1;S:AMA=EV|engine=M|v=1|sig=1.155.974.0|name=DOS/Test_File|file=filename;S:AMA=EV|engine=A|v=1|sig=201307282038|name=Test_File|file=filename

傳輸規則代理程式 (S:TRA)Transport Rule Agent (S:TRA)

開頭為 S:TRA 的字串是來自傳輸規則代理程式的項目,以及提供下列重要詳細資料:A string beginning with S:TRA is an entry from the transport rule agent and provides the following key details:

記錄資訊Log Information
描述Description
ETRETR ruleId = [guid]ruleId=[guid]
St=[datetime]St=[datetime]
規則比對時的日期和時間 (UTC)。The date and time (in UTC) when the rule match occurred.
動作 = [ActionDefinition]Action=[ActionDefinition]
所套用的動作。如需可用動作的清單,請參閱Mail flow 規則動作在 Exchange OnlineThe action that was applied. For a list of available actions, see Mail flow rule actions in Exchange Online.
Mode=EnforceMode=Enforce
規則的模式。可能的值為:The mode of the rule. Possible values are:
強制: 將強制執行規則上的所有動作。Enforce: All actions on the rule will be enforced.
搭配原則提示來測試: 會傳送任何 「 原則提示 」 動作,但在應對不到其他強制執行動作。Test with Policy Tips: Any Policy Tip actions will be sent, but other enforcement actions will not be acted on.
不搭配原則提示就測試: 動作將會列在記錄檔中,但是不會以任何方法通知寄件者,而且不會處理強制執行動作。Test without Policy Tips: Actions will be listed in a log file, but senders will not be notified in any way, and enforcement actions will not be acted on.

郵件符合傳輸規則時,範例 custom_data 項目會類似下面的內容:When a message matches a transport rule, a sample custom_data entry would look similar to the following:

S:TRA=ETR|ruleId=19a25eb2-3e43-4896-ad9e-47b6c359779d|st=7/17/2013 12:31:25 AM|action=ApplyHtmlDisclaimer|sev=1|mode=EnforceS:TRA=ETR|ruleId=19a25eb2-3e43-4896-ad9e-47b6c359779d|st=7/17/2013 12:31:25 AM|action=ApplyHtmlDisclaimer|sev=1|mode=Enforce

相關資訊For more information

郵件追蹤常見問題集呈現郵件使用者可能會有,以及可能的問題。它也會說明如何使用郵件追蹤工具才能取得這兩個回覆及疑難排解特定的郵件傳遞問題。Message Trace FAQ presents messaging questions that a user may have, along with possible answers. It also describes how to use the message trace tool in order to get those answers and troubleshoot specific mail delivery issues.

可以執行郵件追蹤透過遠端 Windows PowerShell 而不是使用者介面吗?讓您可以使用執行郵件追蹤的遠端 Windows PowerShell cmdlet 的相關資訊。Can I run a message trace via remote Windows PowerShell rather than the user interface? gives information about the remote Windows PowerShell cmdlets that you can use to run a message trace.