Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4001 Source: smtpsvc

Source
Level
Description
Message delivery to the remote domain '<domain name>' failed. The error message is "An SMTP protocol error occurred. '. The SMTP verb which caused the error is '<smtp command>'. The response from the remote server is '<server response>'
Comments
 
- Server response: "550 This system has been configured to reject your mail" - From a newsgroup post: "A program called Mailsweeper caused the issue; the client had added our email address to the list of banned address".

- Server response: "553 malformed address" - See ME284442.
RCPT - '550 Unable to relay for <domain name>' - the remote server does not allow SMTP relay so the message was not accepted. In certain conditions, this happens because the remote smtp server is configured to reject emails from certain servers in order to avoid spam. For example, if the IP adress of the host does not resolve to a domain name, than the server will drop the connection.

MAIL - '501 bogus mail from' - no info - it could be that the email address of the sender (mail from) is invalid (wrong format)

MAIL - '452 <email address>... DNS lookup for domain failed --- try again later' - Cause: there is no reverse name resolution for the sender domain and the remote mail server is configured to only allow mail from servers whose IP address resolve.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...