Solved

Exchange 2000 keeps generating " Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ " emails.

Posted on 2006-06-23
8
290 Views
Last Modified: 2010-03-06
My exchange server 2000 keeps generating the following emails. This is a virus but I can't remove it. I have Symantec 9.0 with latest virus definitions but I just can't get rid of it. It just generates these emails before every 10 minutes. Please help.

"

From: System Administrator Sent: Fri 6/23/2006 5:45 PM
To: kissmegus@daum.net
Subject: Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ

From:      kyunghea2@daum.net [kyunghea2@daum.net]      Sent:      Wed 6/21/2006 9:19 PM      
To:      beh36a0001ozvz@mydomain.com                  
Cc:                        
Subject:      ¾È³ç¿ä ³ªÄ¡¹ÇÆÄ                  

Your message did not reach some or all of the intended recipients.

Subject: ¾È³ç¿ä ÁÖÃ÷¼­Ä¡
Sent: 6/21/2006 9:19 PM

The following recipient(s) could not be reached:

rhz38j31831dt@mydomain.com on 6/21/2006 9:19 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mydomain.com #5.1.1>  

¢º,.¹Ù,¢¾·Î °¡¢Ü¡Û..,´É,,.ÇբĴϴ٢ϿÀ,,.õ,¡à.¸¸³Í ±îÁö¡ä¡Ý °¡,.´É¡à ÇÕ¢»¡ß´Ï´Ù <http://ul.donga.ac.kr/index/plus/board.php3?table=stuclub_land_board&query=view&l=421&p=1&go=0>

"


Thank you very much,
hn
0
Comment
Question by:weesterex
  • 2
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 16973303
First install a SPAM filter if you have not done so already.

Microsoft has a free one called "Intelligent Message Filter". It's OK.
http://www.microsoft.com/downloads/details.aspx?familyid=C1B08F7B-8CAF-4147-B074-8C9C8F277071&displaylang=en

What version of Antivirus are you using? Symantec has a E-Mail filtering component that needs to be installed with the regular antivirus which filters the email.

You should also register your server here
http://www.us.sorbs.net/

Give me some more info so i can help.


0
 
LVL 104

Accepted Solution

by:
Sembee earned 125 total points
ID: 16974830
I doubt whether this is a virus.

You are either an open relay or under an NDR attack.
NDR attack is where messages are sent to your domain with an invalid email address on purpose, the server then tries to bounce the email message to the "sender", except the sender is spoofed and is the real target of the spam message.

You can check whether you are an open relay here: http://www.amset.info/exchange/smtp-openrelay.asp

If you are under an NDR attack then a look at your queues will quickly show this. There will be a large number of messages in the queues waiting to be delivered. To deal with the problem you will have to look at third party options as Exchange 2000 doesn't have the lookup facility that Exchange 2003 has. GFI Mail Essentials and Vamsoft ORF both have an LDAP lookup facility. That will stop these messages stone dead.

If you need to clear the queues of the duff messages, then I have some techniques listed on my web site: http://www.amset.info/exchange/spam-cleanup.asp

IMF is not an option for you as you are on Exchange 2000.

Simon.
0
 

Author Comment

by:weesterex
ID: 16975797
Thank you very much for your help, Chris and Simon. Simon, I have tested open relay and it is secured. Chris, I also registered my exchange server on this website http://www.us.sorbs.net/. It still won't help much. I have Symantec Corp 9.0 with outgoing and incoming email scanning enabled. Here is exact problem that I am having.

On every 10 mintues, the administrator account get undeliverable message as following.

"From: System Administrator Sent: Fri 6/23/2006 8:39 PM
To: dltndusdlekt@daum.net
Subject: Undeliverable:ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:   Attachments may contain viruses that are harmful to your computer. Attachments may not display correctly.
 ÇÏÀÌ ¸ÓÈ£¸®Ãß(1KB)  

Your message did not reach some or all of the intended recipients.

  Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
  Sent: 6/23/2006 8:39 PM
The following recipient(s) could not be reached:

  b2p45q8009jzh@mycompanydomain.com on 6/23/2006 8:39 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <mycompanydomain.com #5.1.1> "

The content of the email as this:

" From: dltndusdlekt@daum.net [dltndusdlekt@daum.net] Sent: Fri 6/23/2006 8:39 PM
To: b2p45q8009jzh@mycompanydomain.com
Cc:  
Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:  

¿À,,.¡Û¢Äõ,.¢Ã¢·¸¸¢¸³Í ±îÁö °¡¢¼,.¡Ú´É¡Û¢À ÇÕ´Ï´Ù¡Û
Á÷¢Ï,Àö¢¾,,ÀÎ ¤§¡à¡ä¤ÀÃô¡ß Àü¹®,.

"
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 104

Expert Comment

by:Sembee
ID: 16975915
If you are getting just the NDR, then you are probably being spoofed. There is virtually nothing that you can do about spoofing - that is what things like SPF are supposed to deal with - but their take up is not high enough to make it worthwhile using it.

Simon.
0
 
LVL 3

Assisted Solution

by:Chris_Picciotto
Chris_Picciotto earned 125 total points
ID: 16976032
OK....well at least going forward you will be a little more invisible that you registered your server.

You may want to consider using a 3rd party filtering solution like http://www.mxlogic.net/ or http://www.globalrelay.com/

Did you say you are running a SPAM filter?

I am running Symantec 10.2 on the exchange server along with X-WALL and Microsoft IMF. SPAM Still comes is so get used to it.

You can also shut exchange services down and clear all queues to give you a fresh start.

0
 

Author Comment

by:weesterex
ID: 17015243
Well, regardless what I have tried. I still get spam emails that I mentioned above. thanks very much for all your help.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now