======IDS Log Event Numbers======

The VPOP3 [[smtp_ids_ips|SMTP IDS logging facility]] logs SMTP events in a form which may be useful to Intrusion Protection Systems, or security monitoring software.

One of the fields in the log file is the **Log Event Number**

These are:

  * 0 = SMTP authentication failure
  * 1 = Relay denied
  * 2 = Relay allowed (not bad in itself, but a large number may indicate an open relay or spambot, etc)
  * 3 = Bad local recipient
  * 4 = Good local recipient (not bad in itself, but a large number may indicate a spammer)
  * 5 = Message detected as spam
  * 6 = Message detected as containing a virus
  * 7 = SMTP Rule matched
  * 8 = Realtime DNS Blacklist match
  * 9 = SMTP Syntax error (commonly spam software is badly written, so these can happen if error handling is poor in the sending software)
  * 10 = Message is bigger than the maximum size limit specified in VPOP3
  * 11 = Message contained a filtered attachment
  * 12 = Message contained a partial attachment (these are often an indication of something trying to bypass virus scanners)
  * 900 = IP address blocked