Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3017 Source: MSExchangeTransport

Level
Description
A non-delivery report with a status code of 5.3.5 was generated for recipient rfc822;<user>@<domain> (Message-ID <ID>).

Causes: A looping condition was detected. (The server is configured to route mail back to itself). If you have multiple SMTP Virtual Servers configured on your Exchange server, make sure they are defined by a unique incoming port and that the outgoing SMTP port configuration is valid to avoid looping between local virtual servers.

Solution: Check the configuration of the virtual serverÆs connectors for loops and ensure each virtual server is defined by a unique incoming port.
Comments
 
As per Microsoft: "This typically indicates that the server is configured to route mail back to itself". See MSEX2KDB for additional information about this event.
As per Microsoft: "This is due to a loop-back situation where the server is configured to loop back on itself and a non-delivery report with a status code of 5.3.5 was generated for recipient". See ME555418 to find out how to solve this problem.
From a newsgroup post: On the SMTP connector, you can have any domain you want, but refrain from having yours or a domain you are authoritative for. The address space denotes SMTP domains that you will like to send mail to. In essence, the SMTP connector in Exchange 2003 is only used outbound, no concept of an inbound SMTP connector really. So having your local domain as an address space is causing you that 5.3.5 loop which means on an attempt to send mail the destination resolved back to the local server. Remove the address space on the connector, and put just a ‘*’ there, so you can "send" to everyone out there on the internet. On inbound, to allow your server to only accept mail for your specific domain name, either on your initial install or manually, you can do this in the recipient policies by having your domain listed there as authoritative or "Exchange is responsible for mail delivery to this organization".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...