This shows you the differences between two versions of the page.
Previous revision | |||
— | reference:ids_event_number [2018/11/14 10:45] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ======IDS Log Event Numbers====== | ||
+ | The VPOP3 [[smtp_ids_ips|SMTP IDS logging facility]] logs SMTP events in a form which may be useful to Intrusion Protection Systems, or security monitoring software. | ||
+ | |||
+ | One of the fields in the log file is the **Log Event Number** | ||
+ | |||
+ | These are: | ||
+ | |||
+ | * 0 = SMTP authentication failure | ||
+ | * 1 = Relay denied | ||
+ | * 2 = Relay allowed (not bad in itself, but a large number may indicate an open relay or spambot, etc) | ||
+ | * 3 = Bad local recipient | ||
+ | * 4 = Good local recipient (not bad in itself, but a large number may indicate a spammer) | ||
+ | * 5 = Message detected as spam | ||
+ | * 6 = Message detected as containing a virus | ||
+ | * 7 = SMTP Rule matched | ||
+ | * 8 = Realtime DNS Blacklist match | ||
+ | * 9 = SMTP Syntax error (commonly spam software is badly written, so these can happen if error handling is poor in the sending software) | ||
+ | * 10 = Message is bigger than the maximum size limit specified in VPOP3 | ||
+ | * 11 = Message contained a filtered attachment | ||
+ | * 12 = Message contained a partial attachment (these are often an indication of something trying to bypass virus scanners) | ||
+ | * 900 = IP address blocked |