Cisco Cisco Email Security Appliance X1070 정보 가이드

Contributed by Cisco TAC Engineers.

Oct 14, 2014

Introduction
How are SMTP authentication events logged?
     Inbound SMTP Authentication
     Outbound SMTP Authentication
Related Information

This document describes how SMTP authentication events are logged for inbound and outbound
authentication.

On the Cisco Email Security Appliance (ESA), authentication attempts made during inbound connections (in
order to gain relay access) are logged in the mail_logs when successful and unsuccessful. All relevant entries
will be associated with the ICID in question.

Successful:

Wed Apr 22 11:43:59 2009 Info: New SMTP ICID 450 interface IncomingMail (172.16.155.16)

 address 172.16.155.102 reverse dns host unknown verified no

Wed Apr 22 11:43:59 2009 Info: ICID 450 ACCEPT SG None match ALL SBRS None

Wed Apr 22 11:44:48 2009 Info: SMTP Auth: (ICID 450) succeeded for user: ironport

 using AUTH mechanism: PLAIN with profile: IncomingAuthentication

Wed Apr 22 11:46:14 2009 Info: ICID 450 close

Unsuccessful:

Wed Apr 22 11:47:30 2009 Info: New SMTP ICID 451 interface mail (172.16.155.16)

 address 172.16.155.102 reverse dns host unknown verified no

Wed Apr 22 11:47:30 2009 Info: ICID 451 ACCEPT SG None match ALL SBRS None

Wed Apr 22 11:47:47 2009 Info: SMTP Auth: (ICID 451) failed for user: ironport

 using AUTH mechanism: PLAIN with profile: IncomingAuthentication

Wed Apr 22 11:47:56 2009 Info: ICID 451 close

From the ESA, when SMTP authentication is required for deliveries to a specific host (configured via an
"Outgoing" SMTP authentication profile and an SMTP route referencing said profile), both successful and
unsuccessful authentication attempts will be logged in the mail_logs. All entries will be associated with the