Hi there community,
I got a strange problem that we cant solve:
We got a user defined group Called "Legal Addresses" with a bunch of IP addresses.
We have two rules, one for successfull logins to a switch made from an adress not in the "Legal addresses" list.
If a successfull connection is made from an illegal address(not in Legal Addresses) an email is send to an email address.
The other rule is for unsuccessfull logins to the same switch made from an adress not in the "Legal addresses" list.
If an unsuccessfull connection is made from an illegal address(not in Legal Addresses) an email is send to an email address.
The problem is as soon as i add UserLogon.SourceMachine or UserLogonFailure.SourceMachine in the message being sent the email gets rejected
from the exchange server and two InternalInfo messages in SEM is made.
The first message says:
Mail server xxx.xxx.xx:25 encountered problems sending the message; '5002' - Mail send failed : Failed messages: com.sun.mail.smtp.SMTPSendFailedException: 452 4.3.1 Insufficent system resources (UsedDiskSpace[Path to QUeue])
The other InternalInfo message says:
Message could not be delivered. Invalid E-mail Addresses or Mail Host: <null>
It is not an exchange problem, all works as soon as the SourceMachine fields are removed from the message body, the email gets delivered.
The email message consists of sourceip(the computer that made the attempt), destinationip(switch), time and account used.
And as i said as soon as SourceMachine is removed from the email everything works.