Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
A non-delivery report with a status code of 5.2.3 was generated for recipient <rfc822user>@<domain>(Message-ID <ID>).
Cause: The message size was large or the local quota exceeded. For example remote Exchange user might have delivery restrictions set with maximum incoming message size.
Solution: Check access permissions as well as the message size.
|English: Request a translation of the event description in plain English.|
This problem can occur on Exchange 2003 SP2 with Antigen 9.0 SP1 rollup4 installed. The SMTP stack with Antigen SMTP eventsink installed will NDR messages that are of a large size and have had MIME conversion at some point through the delivery process. The cause seems to be the Antigen eventsink dropping the message because it is too large even though the delivery rule allows any size. Re-releasing or forwarding this message from perimeter system queues into the organization will generate the same NDR. A restart of the SMTP service is required to reinitialize the eventsink.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated