Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3020 Source: MSExchangeTransport

Level
Description
A non-delivery report with a status code of 5.4.6 was generated for recipient <recipient> (Message-ID
<<ID>>). Cause: A forward loop was detected by the categorizer. This is a common hosting configuration problem caused when someone uses the provisioning tool to create a contact in one organization unit and creates a user in a different organization user that share the same e-mail address. Solution: Verify that you do not have a user in organizational unit and a contact in a different organizational unit that have the same e-mail address.
Comments
 
I generated this error by switching a user in another network and creating a contact to forward emails with the old address. The account and postbox were deleted before creating the contact, but Exchange was configured to save deleted objects for 30 days. I set it back to 0 days, restarted the server, and the problem was gone.
As per Microsoft: "This Error event is logged when a non-delivery report (NDR) is generated because of a detected message loop. This event can also be logged if a contact object exists in one organizational unit (OU) that has the same e-mail address as a user in another OU". See MSEX2K3DB for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...