Kaspersky Secure Mail Gateway
2.1 VA
English
Email notifications of the application  >  Using macros in notification templates

Using macros in notification templates

A macro is a fill element used in event notification templates. In the text of a notification generated based on the template, the macro is replaced with a certain value.

Macro syntax: %MACRO_NAME%

Macro values are automatically inserted in English. Language switching for macros is not available.

You can use the following macros in the body of rule triggering notifications (see the table below).

Macros for notification templates

 

Macro

Description

%NODE_IP%

IP address of the cluster node that processed the message.

%NODE_PORT%

Connection port of the cluster node that processed the message.

%PRODUCT_NAME%

Application name — Kaspersky Secure Mail Gateway.

%SMTP_MESSAGE_ID%

Message-ID message header.

%SENDER%

Mail sender's address.

%SENDER_IP%

IP address of the message sender

%ALL_RECIPIENTS%

Addresses of all recipients of the original message.

%AFFECTED_RECIPIENTS%

Addresses of the original message recipients affected by the event described in the notification.

%AFFECTED_RULES%

List of triggered rule IDs.

%MESSAGE_ID%

ID assigned to the message by KSMG.

%SUBJECT%

Subject of an original message.

%DATE%

Date when the message was received.

%MESSAGE_ACTION%

Action performed on the message by the application.

Possible values:

  • Skipped.
  • Disinfected.
  • AttachmentDeleted.
  • Deleted.
  • Rejected.

If the message was placed in Backup, the action is followed by a comma and the words backed up.

%DATA_BEGIN%

Service macro for designating the beginning of the list of attachments.

%DATA_END%

Service macro for designating the end of the list of attachments.

%OBJECT_NAME%

Name of the detected object.

The value of the macro depends on its position in the notification body:

  • Between the %DATA_BEGIN% and %DATA_END% macros:
    • If a Content Filtering module expression triggers and it contains a condition for the Attachment type or Attachment name attributes, the macro is replaced with the Message value and the name of the attachment.
    • If a Content Filtering module expression triggers and it contains a condition for other attributes, or if the Anti-Phishing, Link scanning, or KATA Protection modules are triggered, the macro is replaced with the Message value.
    • If the Anti-Virus module is triggered and the application could get a status for the entire message, but could not identify the specific attachment that this status was assigned to, the macro is replaced with the Message value.
    • If the Anti-Virus module is triggered, the macro is replaced with the name of the message attachment.
  • Outside the %DATA_BEGIN% and %DATA_END% macros, the Message value is inserted.

In the notification subject, the macro is always replaced with the Message value.

%OBJECT_SIZE%

Size of the whole message or individual attachments.

The value of the macro depends on its position in the notification body:

  • Between the %DATA_BEGIN% and %DATA_END% macros:
    • If a Content Filtering module expression triggers and it contains a condition for the Attachment type or Attachment name attributes, the macro is replaced with the the size of the entire message and the size of the attachment.
    • If a Content Filtering module expression triggers and it contains a condition for other attributes, or if the Anti-Phishing, Link scanning, or KATA Protection modules are triggered, the macro is replaced with the size of the entire message.
    • If the Anti-Virus module is triggered and the application could get a status for the entire message, but could not identify the specific attachment that this status was assigned to, the macro is replaced with the size of the entire message.
    • If the Anti-Virus module is triggered, the macro is replaced with the size of the message attachment.
  • Outside %DATA_BEGIN% and %DATA_END% macros, the size of the whole message is inserted.

In the notification subject, the macro is always replaced with the size of the whole message.

%STATUS%

Scan result for the message or attachment.

The value of the macro depends on its position in the notification body:

  • Between the %DATA_BEGIN% and %DATA_END% macros:
    • The macro is replaced with the statuses assigned by the Content Filtering module based on the results of scanning the entire message and the results of scanning attachments by name or attachment type.
    • The macro is replaced with the statuses assigned based on the results of scanning the entire message by the Content Filtering module using other criteria, as well as by the Anti-Phishing, Link scanning, or KATA Protection modules.
    • If the Anti-Virus module is triggered and the application could get a status for the entire message, but could not identify the specific attachment that this status was assigned to, the macro is replaced with the status assigned by the scan of the entire message.
    • If the Anti-Virus module is triggered, the macro is replaced with the status assigned based on the scan results for this attachment.
  • Outside the %DATA_BEGIN% and %DATA_END% macros, statuses assigned by scanning the entire message are inserted.

In the notification subject, the macro is always replaced with statuses based on scanning the entire message.

A status is inserted instead of the macro if notifications are enabled in settings of modules that assigned this status. If there are multiple statuses, they are inserted as a comma-separated list.

%OBJECT_ACTION%

Action performed on the message or attachment by the application.

The value of the macro depends on its position in the notification body:

  • Between the %DATA_BEGIN% and %DATA_END% macros:
    • If the application was able to get the status of the Content Filtering module scan by attachment type or name, the macro is replaced with the actions performed on the entire message and on attachments ( Blocked, Not blocked).
    • If the application was able to get the status of the Content Filtering module scan based on other criteria or the status of the Anti-Phishing, Link scanning, or KATA Protection scan, the macro is replaced with the action performed on the entire message.
    • If the application was able to get the status of the Anti-Virus module scan for the entire message, but was unable to identify the specific attachment that this status was assigned to, the macro is replaced with the action performed on the entire message.
    • If the application was able to get the status of the Anti-Virus module scan for attachments, the macro is replaced with the action performed on the attachments (Blocked, Not blocked, Disinfected).
  • Outside %DATA_BEGIN% and %DATA_END% macros, the action performed on the whole message is inserted.

In the notification subject, the action performed on the whole message is always inserted.

 

Article ID: 56706, Last review: Mar 13, 2025
Page top