?
Solved

Exchange 2000 keeps generating " Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ " emails.

Posted on 2006-06-23
8
Medium Priority
?
301 Views
Last Modified: 2010-03-06
My exchange server 2000 keeps generating the following emails. This is a virus but I can't remove it. I have Symantec 9.0 with latest virus definitions but I just can't get rid of it. It just generates these emails before every 10 minutes. Please help.



From: System Administrator Sent: Fri 6/23/2006 5:45 PM
To: kissmegus@daum.net
Subject: Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ

From:      kyunghea2@daum.net [kyunghea2@daum.net]      Sent:      Wed 6/21/2006 9:19 PM      
To:      beh36a0001ozvz@mydomain.com                  
Cc:                        
Subject:      ¾È³ç¿ä ³ªÄ¡¹ÇÆÄ                  

Your message did not reach some or all of the intended recipients.

Subject: ¾È³ç¿ä ÁÖÃ÷¼­Ä¡
Sent: 6/21/2006 9:19 PM

The following recipient(s) could not be reached:

rhz38j31831dt@mydomain.com on 6/21/2006 9:19 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mydomain.com #5.1.1>  

¢º,.¹Ù,¢¾·Î °¡¢Ü¡Û..,´É,,.ÇբĴϴ٢ϿÀ,,.õ,¡à.¸¸³Í ±îÁö¡ä¡Ý °¡,.´É¡à ÇÕ¢»¡ß´Ï´Ù <http://ul.donga.ac.kr/index/plus/board.php3?table=stuclub_land_board&query=view&l=421&p=1&go=0>

"


Thank you very much,
hn
0
Comment
Question by:weesterex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 16973303
First install a SPAM filter if you have not done so already.

Microsoft has a free one called "Intelligent Message Filter". It's OK.
http://www.microsoft.com/downloads/details.aspx?familyid=C1B08F7B-8CAF-4147-B074-8C9C8F277071&displaylang=en

What version of Antivirus are you using? Symantec has a E-Mail filtering component that needs to be installed with the regular antivirus which filters the email.

You should also register your server here
http://www.us.sorbs.net/

Give me some more info so i can help.


0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 16974830
I doubt whether this is a virus.

You are either an open relay or under an NDR attack.
NDR attack is where messages are sent to your domain with an invalid email address on purpose, the server then tries to bounce the email message to the "sender", except the sender is spoofed and is the real target of the spam message.

You can check whether you are an open relay here: http://www.amset.info/exchange/smtp-openrelay.asp

If you are under an NDR attack then a look at your queues will quickly show this. There will be a large number of messages in the queues waiting to be delivered. To deal with the problem you will have to look at third party options as Exchange 2000 doesn't have the lookup facility that Exchange 2003 has. GFI Mail Essentials and Vamsoft ORF both have an LDAP lookup facility. That will stop these messages stone dead.

If you need to clear the queues of the duff messages, then I have some techniques listed on my web site: http://www.amset.info/exchange/spam-cleanup.asp

IMF is not an option for you as you are on Exchange 2000.

Simon.
0
 

Author Comment

by:weesterex
ID: 16975797
Thank you very much for your help, Chris and Simon. Simon, I have tested open relay and it is secured. Chris, I also registered my exchange server on this website http://www.us.sorbs.net/. It still won't help much. I have Symantec Corp 9.0 with outgoing and incoming email scanning enabled. Here is exact problem that I am having.

On every 10 mintues, the administrator account get undeliverable message as following.

"From: System Administrator Sent: Fri 6/23/2006 8:39 PM
To: dltndusdlekt@daum.net
Subject: Undeliverable:ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:   Attachments may contain viruses that are harmful to your computer. Attachments may not display correctly.
 ÇÏÀÌ ¸ÓÈ£¸®Ãß(1KB)  

Your message did not reach some or all of the intended recipients.

  Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
  Sent: 6/23/2006 8:39 PM
The following recipient(s) could not be reached:

  b2p45q8009jzh@mycompanydomain.com on 6/23/2006 8:39 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <mycompanydomain.com #5.1.1> "

The content of the email as this:

" From: dltndusdlekt@daum.net [dltndusdlekt@daum.net] Sent: Fri 6/23/2006 8:39 PM
To: b2p45q8009jzh@mycompanydomain.com
Cc:  
Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:  

¿À,,.¡Û¢Äõ,.¢Ã¢·¸¸¢¸³Í ±îÁö °¡¢¼,.¡Ú´É¡Û¢À ÇÕ´Ï´Ù¡Û
Á÷¢Ï,Àö¢¾,,ÀÎ ¤§¡à¡ä¤ÀÃô¡ß Àü¹®,.

"
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 104

Expert Comment

by:Sembee
ID: 16975915
If you are getting just the NDR, then you are probably being spoofed. There is virtually nothing that you can do about spoofing - that is what things like SPF are supposed to deal with - but their take up is not high enough to make it worthwhile using it.

Simon.
0
 
LVL 3

Assisted Solution

by:Chris_Picciotto
Chris_Picciotto earned 500 total points
ID: 16976032
OK....well at least going forward you will be a little more invisible that you registered your server.

You may want to consider using a 3rd party filtering solution like http://www.mxlogic.net/ or http://www.globalrelay.com/ 

Did you say you are running a SPAM filter?

I am running Symantec 10.2 on the exchange server along with X-WALL and Microsoft IMF. SPAM Still comes is so get used to it.

You can also shut exchange services down and clear all queues to give you a fresh start.

0
 

Author Comment

by:weesterex
ID: 17015243
Well, regardless what I have tried. I still get spam emails that I mentioned above. thanks very much for all your help.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question