reference:ids_event_number
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
| Previous revision | |||
| — | reference:ids_event_number [2018/11/14 10:45] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ======IDS Log Event Numbers====== | ||
| + | The VPOP3 [[smtp_ids_ips|SMTP IDS logging facility]] logs SMTP events in a form which may be useful to Intrusion Protection Systems, or security monitoring software. | ||
| + | |||
| + | One of the fields in the log file is the **Log Event Number** | ||
| + | |||
| + | These are: | ||
| + | |||
| + | * 0 = SMTP authentication failure | ||
| + | * 1 = Relay denied | ||
| + | * 2 = Relay allowed (not bad in itself, but a large number may indicate an open relay or spambot, etc) | ||
| + | * 3 = Bad local recipient | ||
| + | * 4 = Good local recipient (not bad in itself, but a large number may indicate a spammer) | ||
| + | * 5 = Message detected as spam | ||
| + | * 6 = Message detected as containing a virus | ||
| + | * 7 = SMTP Rule matched | ||
| + | * 8 = Realtime DNS Blacklist match | ||
| + | * 9 = SMTP Syntax error (commonly spam software is badly written, so these can happen if error handling is poor in the sending software) | ||
| + | * 10 = Message is bigger than the maximum size limit specified in VPOP3 | ||
| + | * 11 = Message contained a filtered attachment | ||
| + | * 12 = Message contained a partial attachment (these are often an indication of something trying to bypass virus scanners) | ||
| + | * 900 = IP address blocked | ||
reference/ids_event_number.txt · Last modified: 2018/11/14 10:45 by 127.0.0.1
Page Tools
