Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3018 Source: MSExchangeTransport

Level
Description
A non-delivery report with a status code of 5.4.0 was generated for recipient <recipient> (Message-ID  <ID>).
Causes: This message indicates a DNS problem or an IP address configuration problem.
Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4 literal format.
Comments
 
The SMTP status code 5.4.0 means DNS Problem. Check the Smart host, or check your DNS. In other words there is no DNS server that can resolve the email address indicated in the message. In several cases when this message was reported, doing an NSLOOKUP for the domain mentioned in the event would return an invalid IP address.

Possible causes include:
- Authoritative host not found in DNS.
- Smart host entry is incorrect.
- Fully qualified domain name (FQDN) in HOSTS file (fixed in Windows 2000 SP3).
- DNS failure occurred, or you configured an invalid IP address as your smart host.
- SMTP virtual server does not have a valid FQDN or lookup of your SMTP virtual server.
- A contact's SMTP domain does not resolve to any SMTP address spaces.
See ME933663 for a hotfix applicable to Duet for Microsoft Office and SAP.

As per Microsoft: "This event is logged when a non-delivery report is generated because of a problem with DNS or an IP address. The numeric code is generally 5.4.0. This indicates that an "Authoritative Host was not found". See MSEX2KDB for additional information on this event.
This usually indicates the recipient's DNS address couldn't be resolved; maybe the sender mistyped the address. Try nslookup on the domain part of “user@domain”. It's also possible a literal IP address was used, and the IP address was invalid.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...