Local Mail Transfer Protocol Messages | LogRhythm Documentation

Classification

Rule Name	Rule Type	Common Event	Classification
Local Mail Transfer Protocol Messages	Base Rule	Message Transfer Out	Information
DSN 2.0.0 - Success : Unknown Status	Sub Rule	General Message Information	Information
DSN 2.1.0 - Success : Other Address Status	Sub Rule	General Message Information	Information
DSN 2.1.1 - Success : Bad Dst Mailbox Addr	Sub Rule	Bad Destination Mailbox Address	Warning
DSN 2.1.2 - Success : Bad Dst System Addr	Sub Rule	Bad Destination System Address	Warning
DSN 2.1.3 - Success : Bad Dst Mailbox Syntax	Sub Rule	Bad Destination Mailbox Syntax	Warning
DSN 2.1.4 - Success : Dst Mailbox Addr Ambiguous	Sub Rule	Destination Mailbox Address Ambiguous	Warning
DSN 2.1.5 - Success : Dst Address Valid	Sub Rule	Destination Address Valid	Information
DSN 2.1.6 - Success : Dst Addr Moved No Fwd Addr	Sub Rule	Destination Address Moved With No Forwarding	Warning
DSN 2.1.7 - Success : Bad Sender Mbox Addr Syntax	Sub Rule	Bad Sender Mailbox Address Syntax	Warning
DSN 2.1.8 - Success : Bad Sender System Address	Sub Rule	Bad Sender System Address	Warning
DSN 2.2.0 - Success : Undefined Mbox Status	Sub Rule	General Email Delivery Information	Information
DSN 2.2.1 - Success : Mailbox Disabled	Sub Rule	Mailbox Disabled	Warning
DSN 2.2.2 - Success : Mailbox Full	Sub Rule	Mailbox Full	Error
DSN 2.2.3 - Success : Msg Len Exceeds Admin Limit	Sub Rule	Message Length Exceeds Administrative Limit	Warning
DSN 2.2.4 - Success : Mailing List Expansion Prob	Sub Rule	Mailing List Expansion Problem	Error
DSN 2.3.0 - Success : Undefined Mail System Status	Sub Rule	General Email Delivery Information	Information
DSN 5.3.1 - Failure : Mail System Full	Sub Rule	Mail System Full	Critical
DSN 2.3.2 - Success : System Not Accepting Msgs	Sub Rule	System Not Accepting Messages	Warning
DSN 2.3.3 - Success : System Missing Features	Sub Rule	System Missing Required Features	Warning
DSN 2.3.4 - Success : Message Too Big	Sub Rule	Message Too Large	Warning
DSN 2.3.5 - Success : System Incorrect Config	Sub Rule	System Incorrectly Configured	Warning
DSN 2.4.0 - Success : Undefined Network Status	Sub Rule	General Email Delivery Information	Information
DSN 2.4.1 - Success : No Answer From Host	Sub Rule	No Answer From Host	Warning
DSN 2.4.2 - Success : Bad Connection	Sub Rule	Bad Connection	Warning
DSN 2.4.3 - Success : Directory Server Failure	Sub Rule	Host Not Found	Warning
DSN 2.4.4 - Success : Unable To Route	Sub Rule	Unable To Route	Warning
DSN 2.4.5 - Success : Mail System Congestion	Sub Rule	Mail System Congestion	Warning
DSN 2.4.6 - Success : Routing Loop Detected	Sub Rule	Routing Loop Detected	Warning
DSN 2.4.7 - Success : Delivery Time Expired	Sub Rule	Delivery Time Expired	Warning
DSN 2.5.0 - Success : Undefined Protocol Status	Sub Rule	General Email Delivery Information	Information
DSN 2.5.1 - Success : Invalid Command	Sub Rule	Suspicious Activity	Suspicious
DSN 2.5.2 - Success : Syntax Error	Sub Rule	Syntax Error	Warning
DSN 2.5.3 - Success : Too Many Recipients	Sub Rule	Suspicious Activity	Suspicious
DSN 2.5.4 - Success : Invalid Command Arguments	Sub Rule	Invalid Options	Warning
DSN 2.5.5 - Success : Wrong Protocol Version	Sub Rule	Wrong Protocol Version	Error
DSN 2.6.0 - Success : Undefined Media Error	Sub Rule	Email Delivery Message Queued	Information
DSN 2.6.1 - Success : Media Not Supported	Sub Rule	Media Not Supported	Warning
DSN 2.6.2 - Success : Conversation Req And Denied	Sub Rule	Conversation Required And Denied	Error
DSN 2.6.3 - Success : Conv Req But Not Supported	Sub Rule	Conversation Required But Not Supported	Error
DSN 2.6.4 - Success : Conv With Loss Performed	Sub Rule	Conversation With Loss Performed	Warning
DSN 2.6.5 - Success : Conversation Failed	Sub Rule	Conversation Failed	Error
DSN 2.7.0 - Success : Undefined Security Status	Sub Rule	Undefined Security Status	Activity
DSN 2.7.1 - Success : Message Refused	Sub Rule	Message Refused	Warning
DSN 2.7.2 - Success : Mailing List Expansion Deny	Sub Rule	Mailing List Expansion Denied	Error
DSN 2.7.3 - Success : Security Conversation Failed	Sub Rule	Conversation Failed	Error
DSN 2.7.4 - Success : Features Not Supported	Sub Rule	Feature Not Supported	Warning
DSN 2.7.5 - Success : Cryptographic Failure	Sub Rule	Cryptographic Failure	Error
DSN 2.7.7 - Success : Message Integrity Failure	Sub Rule	Message Failed Validation	Error
DSN 2.7.6 - Success : Missing Crypto Algorithm	Sub Rule	Cryptographic Algorithm Missing	Error
DSN 5.1.7 - Failure : Bad Sender Mbox Addr Syntax	Sub Rule	Bad Sender Mailbox Address Syntax	Warning
DSN 5.1.8 - Failure : Bad Sender System Address	Sub Rule	Bad Sender System Address	Warning
DSN 5.2.0 - Failure : Undefined Mbox Status	Sub Rule	General Email Delivery Information	Information
DSN 5.0.0 - Failure : Unknown Status	Sub Rule	General Message Information	Information
DSN 5.1.0 - Failure : Other Address Status	Sub Rule	General Message Information	Information
DSN 5.1.1 - Failure : Bad Dst Mailbox Addr	Sub Rule	Bad Destination Mailbox Address	Warning
DSN 5.1.2 - Failure : Bad Dst System Addr	Sub Rule	Bad Destination System Address	Warning
DSN 5.1.3 - Failure : Bad Dst Mailbox Syntax	Sub Rule	Bad Destination Mailbox Syntax	Warning
DSN 5.1.4 - Failure : Dst Mailbox Addr Ambiguous	Sub Rule	Destination Mailbox Address Ambiguous	Warning
DSN 5.1.5 - Failure : Dst Address Valid	Sub Rule	Destination Address Valid	Information
DSN 5.1.6 - Failure : Dst Addr Moved No Fwd Addr	Sub Rule	Destination Address Moved With No Forwarding	Warning
DSN 5.2.1 - Failure : Mailbox Disabled	Sub Rule	Mailbox Disabled	Warning
DSN 5.2.2 - Failure : Mailbox Full	Sub Rule	Mailbox Full	Error
DSN 5.2.3 - Failure : Msg Len Exceeds Admin Limit	Sub Rule	Message Length Exceeds Administrative Limit	Warning
DSN 5.2.4 - Failure : Mailing List Expansion Prob	Sub Rule	Mailing List Expansion Problem	Error
DSN 5.3.0 - Failure : Undefined Mail System Status	Sub Rule	General Email Delivery Information	Information
DSN 2.3.1 - Success : Mail System Full	Sub Rule	Mail System Full	Critical
DSN 5.3.2 - Failure : System Not Accepting Msgs	Sub Rule	System Not Accepting Messages	Warning
DSN 5.3.3 - Failure : System Missing Features	Sub Rule	System Missing Required Features	Warning
DSN 5.3.4 - Failure : Message Too Big	Sub Rule	Message Too Large	Warning
DSN 5.3.5 - Failure : System Incorrect Config	Sub Rule	System Incorrectly Configured	Warning
DSN 5.4.0 - Failure : Undefined Network Status	Sub Rule	General Email Delivery Information	Information
DSN 5.4.1 - Failure : No Answer From Host	Sub Rule	No Answer From Host	Warning
DSN 5.4.2 - Failure : Bad Connection	Sub Rule	Bad Connection	Warning
DSN 5.4.3 - Failure : Directory Server Failure	Sub Rule	Host Not Found	Warning
DSN 5.4.4 - Failure : Unable To Route	Sub Rule	Unable To Route	Warning
DSN 5.4.5 - Failure : Mail System Congestion	Sub Rule	Mail System Congestion	Warning
DSN 5.4.6 - Failure : Routing Loop Detected	Sub Rule	Routing Loop Detected	Warning
DSN 5.4.7 - Failure : Delivery Time Expired	Sub Rule	Delivery Time Expired	Warning
DSN 5.5.0 - Failure : Undefined Protocol Status	Sub Rule	General Email Delivery Information	Information
DSN 5.5.1 - Failure : Invalid Command	Sub Rule	Suspicious Activity	Suspicious
DSN 5.5.2 - Failure : Syntax Error	Sub Rule	Syntax Error	Warning
DSN 5.5.3 - Failure : Too Many Recipients	Sub Rule	Suspicious Activity	Suspicious
DSN 5.5.4 - Failure : Invalid Command Arguments	Sub Rule	Invalid Options	Warning
DSN 5.5.5 - Failure : Wrong Protocol Version	Sub Rule	Wrong Protocol Version	Error
DSN 5.6.0 - Failure : Undefined Media Error	Sub Rule	Undefined Media Error	Error
DSN 5.6.1 - Failure : Media Not Supported	Sub Rule	Media Not Supported	Warning
DSN 5.6.2 - Failure : Conversation Req And Denied	Sub Rule	Conversation Required And Denied	Error
DSN 5.6.3 - Failure : Conv Req But Not Supported	Sub Rule	Conversation Required But Not Supported	Error
DSN 5.6.4 - Failure : Conv With Loss Performed	Sub Rule	Conversation With Loss Performed	Warning
DSN 5.6.5 - Failure : Conversation Failed	Sub Rule	Conversation Failed	Error
DSN 5.7.0 - Failure : Undefined Security Status	Sub Rule	Undefined Security Status	Activity
DSN 5.7.1 - Failure : Message Refused	Sub Rule	Message Refused	Warning
DSN 5.7.2 - Failure : Mailing List Expansion Deny	Sub Rule	Mailing List Expansion Denied	Error
DSN 5.7.3 - Failure : Security Conversation Failed	Sub Rule	Conversation Failed	Error
DSN 5.7.4 - Failure : Features Not Supported	Sub Rule	Feature Not Supported	Warning
DSN 5.7.5 - Failure : Cryptographic Failure	Sub Rule	Cryptographic Failure	Error
DSN 5.7.6 - Failure : Missing Crypto Algorithm	Sub Rule	Cryptographic Algorithm Missing	Error
DSN 5.7.7 - Failure : Message Integrity Failure	Sub Rule	Message Failed Validation	Error
DSN 4.0.0 - Delayed : Unknown Status	Sub Rule	General Message Information	Information
DSN 4.1.0 - Delayed : Other Address Status	Sub Rule	General Message Information	Information
DSN 4.1.1 - Delayed : Bad Dst Mailbox Addr	Sub Rule	Bad Destination Mailbox Address	Warning
DSN 4.1.2 - Delayed : Bad Dst System Addr	Sub Rule	Bad Destination System Address	Warning
DSN 4.1.3 - Delayed : Bad Dst Mailbox Syntax	Sub Rule	Bad Destination Mailbox Syntax	Warning
DSN 4.1.4 - Delayed : Dst Mailbox Addr Ambiguous	Sub Rule	Destination Mailbox Address Ambiguous	Warning
DSN 4.1.5 - Delayed : Dst Address Valid	Sub Rule	Destination Address Valid	Information
DSN 4.1.6 - Delayed : Dst Addr Moved No Fwd Addr	Sub Rule	Destination Address Moved With No Forwarding	Warning
DSN 4.1.7 - Delayed : Bad Sender Mbox Addr Syntax	Sub Rule	Bad Sender Mailbox Address Syntax	Warning
DSN 4.1.8 - Delayed : Bad Sender System Address	Sub Rule	Bad Sender System Address	Warning
DSN 4.2.0 - Delayed : Undefined Mbox Status	Sub Rule	General Email Delivery Information	Information
DSN 4.2.1 - Delayed : Mailbox Disabled	Sub Rule	Mailbox Disabled	Warning
DSN 4.2.2 - Delayed : Mailbox Full	Sub Rule	Mailbox Full	Error
DSN 4.2.3 - Delayed : Msg Len Exceeds Admin Limit	Sub Rule	Message Length Exceeds Administrative Limit	Warning
DSN 4.2.4 - Delayed : Mailing List Expansion Prob	Sub Rule	Mailing List Expansion Problem	Error
DSN 4.3.0 - Delayed : Undefined Mail System Status	Sub Rule	General Email Delivery Information	Information
DSN 4.3.1 - Delayed : Mail System Full	Sub Rule	Mail System Full	Critical
DSN 4.3.2 - Delayed : System Not Accepting Msgs	Sub Rule	System Not Accepting Messages	Warning
DSN 4.3.3 - Delayed : System Missing Features	Sub Rule	System Missing Required Features	Warning
DSN 4.3.4 - Delayed : Message Too Big	Sub Rule	Message Too Large	Warning
DSN 4.3.5 - Delayed : System Incorrect Config	Sub Rule	System Incorrectly Configured	Warning
DSN 4.4.0 - Delayed : Undefined Network Status	Sub Rule	General Email Delivery Information	Information
DSN 4.4.1 - Delayed : No Answer From Host	Sub Rule	No Answer From Host	Warning
DSN 4.4.2 - Delayed : Bad Connection	Sub Rule	Bad Connection	Warning
DSN 4.4.3 - Delayed : Directory Server Failure	Sub Rule	Host Not Found	Warning
DSN 4.4.4 - Delayed : Unable To Route	Sub Rule	Unable To Route	Warning
DSN 4.4.5 - Delayed : Mail System Congestion	Sub Rule	Mail System Congestion	Warning
DSN 4.4.6 - Delayed : Routing Loop Detected	Sub Rule	Routing Loop Detected	Warning
DSN 4.4.7 - Delayed : Delivery Time Expired	Sub Rule	Delivery Time Expired	Warning
DSN 4.5.0 - Delayed : Undefined Protocol Status	Sub Rule	General Email Delivery Information	Information
DSN 4.5.1 - Delayed : Invalid Command	Sub Rule	Suspicious Activity	Suspicious
DSN 4.5.2 - Delayed : Syntax Error	Sub Rule	Syntax Error	Warning
DSN 4.5.3 - Delayed : Too Many Recipients	Sub Rule	Suspicious Activity	Suspicious
DSN 4.5.4 - Delayed : Invalid Command Arguments	Sub Rule	Invalid Options	Warning
DSN 4.5.5 - Delayed : Wrong Protocol Version	Sub Rule	Wrong Protocol Version	Error
DSN 4.6.0 - Delayed : Undefined Media Error	Sub Rule	Undefined Media Error	Error
DSN 4.6.1 - Delayed : Media Not Supported	Sub Rule	Media Not Supported	Warning
DSN 4.6.2 - Delayed : Conversation Req And Denied	Sub Rule	Conversation Required And Denied	Error
DSN 4.6.3 - Delayed : Conv Req But Not Supported	Sub Rule	Conversation Required But Not Supported	Error
DSN 4.6.4 - Delayed : Conv With Loss Performed	Sub Rule	Conversation With Loss Performed	Warning
DSN 4.6.5 - Delayed : Conversation Failed	Sub Rule	Conversation Failed	Error
DSN 4.7.0 - Delayed : Undefined Security Status	Sub Rule	Undefined Security Status	Activity
DSN 4.7.1 - Delayed : Message Refused	Sub Rule	Message Refused	Warning
DSN 4.7.2 - Delayed : Mailing List Expansion Deny	Sub Rule	Mailing List Expansion Denied	Error
DSN 4.7.3 - Delayed : Security Conversation Failed	Sub Rule	Conversation Failed	Error
DSN 4.7.4 - Delayed : Features Not Supported	Sub Rule	Feature Not Supported	Warning
DSN 4.7.5 - Delayed : Cryptographic Failure	Sub Rule	Cryptographic Failure	Error
DSN 4.7.6 - Delayed : Missing Crypto Algorithm	Sub Rule	Cryptographic Algorithm Missing	Error
DSN 4.7.7 - Delayed : Message Integrity Failure	Sub Rule	Message Failed Validation	Error

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<severity>	Text/String
N/A	<process>	Text/String
N/A	<protname>	String
N/A	<processid>	Numeric
N/A	<session>	Text/String
N/A	<recipient>	Text/String
N/A	<dname>	Text/String
N/A	<dip>	Numeric
N/A	<dport>	Numeric
N/A	<milliseconds>	Numeric
N/A	<vmid>	Numeric
N/A	<status>	Text/String
N/A	<responsecode>	Numeric