Email Spam Information
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Email Spam Information | Base Rule | General Email Handling Message | Information |
| Email Accepted | Sub Rule | Email Accepted | Information |
| Anti-Spoofing Lockout Messages | Sub Rule | Failed Spoofing Activity | Failed Attack |
| Message Loop Detected Messages | Sub Rule | Infinite Loop Detected | Warning |
| Connection Attempt Messages | Sub Rule | Connection Information | Information |
| Invalid Recipient Address Messages | Sub Rule | Blocked Message No Valid Recipients | Failed Activity |
| IP Found In RBL Messages | Sub Rule | Blocked Message RBL Match | Failed Activity |
| DMARC Sender Invalid Messages | Sub Rule | Blocked Message Sender Address Rejected | Failed Activity |
| Email Rejected | Sub Rule | Email Session Disposed - Reject | Information |
| Virus Signature Detection Messages | Sub Rule | General Email Virus Detection Message | Information |
| Manual Envelope Rejection Messages | Sub Rule | ReadFromMessage : Unable To Get Message Envelope | Error |
| Envelope Rejected Messages | Sub Rule | Couldn't Get Envelope Of Message In Folder | Error |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| aCode | <vmid> | Text/String |
| SpamLimit | <quantity> | Number |
| IP | <dip> | IP Address |
| RejType | <status> <tag2> | Text/String |
| Error | <reason> | Text/String |
| Dir | <object> | Text/String |
| MsgId | <url> | Text/String |
| Subject | <subject> | Text/String |
| headerFrom | <login> | Text/String |
| Sender | <sender> | Text/String |
| Rcpt | <recipient> | Text/String |
| Act | <tag1> <action> | Text/String |
| TlsVer | <protname> | Text/String |
| Cphr | <hash> | Text/String |
| SpamScore | <amount> | Number |