Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4001 Source: MSExchangeTransport

Level
Description
Message delivery to the remote domain '<domain>' failed. The error message is 'An SMTP protocol error occurred'. , MAIL, 553 5.3.0 Mail from <IP address> refused, see http://mail-abuse.org/rbl+/lookup.cgi?<IP address>.
Comments
 
According to Microsoft, the most common causes are:
1. Internet facing Network Card is lower in the binding order than the Internal facing Network Card.
2. The Domain Name System (DNS) server does not support TCP queries.
3. The DNS server is unable to resolve names.
4. The SMTP Virtual Server or SMTP Connector may be misconfigured.
See MSEX2K3DB for additional information about this event.
As per Microsoft: "This behavior may occur when your Microsoft Exchange 2000 Server computer is listed as a messaging server that sends unsolicited commercial e-mail (UCE, also known as spam). This behavior may occur if your Exchange 2000 computer is an open mail relay". See ME300580 and ME895853 to resolve this problem.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...