Back to All Scenarios
PASSEDinfrastructure / journaling_mailbox_full
Journaling Mailbox Full — Compliance Risk
The Exchange journaling mailbox reaches its storage quota, causing journal reports to be NDR'd back to the sender. Email journaling stops functioning, creating a compliance gap for regulatory requirements (HIPAA, SEC Rule 17a-4).
Pattern
EXCHANGE_EVENT
Severity
CRITICAL
Confidence
95%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | EXCHANGE_EVENT | EXCHANGE_EVENT | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 4 linked | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
Exchange Server 2019 with journal rule for all users. Journaling mailbox quota 50GB reached. Journal reports generating NDRs. Compliance gap: 72 hours of unjournaled email. Regulatory audit scheduled in 2 weeks.
Injected Error Messages (1)
Exchange journaling mailbox full — journal reports failing with NDR, exchange journal mailbox at 50GB quota limit, 72 hours of email not journaled, compliance gap for HIPAA and SEC Rule 17a-4, exchange event ID 5009: journal report NDR generated, all exchange journal rules affected, regulatory audit in 2 weeks
Neural Engine Root Cause Analysis
The Exchange journaling mailbox has reached its 50GB storage quota limit, causing journal reports to fail with Non-Delivery Reports (NDRs) and generating Event ID 5009. This is preventing proper email archiving for compliance purposes, creating a 72-hour gap in journaling that violates HIPAA and SEC Rule 17a-4 requirements. The issue is storage capacity exhaustion rather than a service failure, affecting all Exchange journal rules and creating significant regulatory compliance risk.
Remediation Plan
1. Immediately increase the journaling mailbox quota or move archived journals to secondary storage to free space. 2. Export and archive the existing 50GB of journal data to compliant long-term storage. 3. Implement automated journal mailbox maintenance with size monitoring and alerts at 80% capacity. 4. Review and adjust journal retention policies to prevent future quota exhaustion. 5. Verify journal rule functionality after space is freed and document the compliance gap for the upcoming regulatory audit.
Tested: 2026-03-30Monitors: 1 | Incidents: 1Test ID: cmnck1s6q0675obqezqrcdduq