[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 307
  • Last Modified:

Exchange 2000 keeps generating " Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ " emails.

My exchange server 2000 keeps generating the following emails. This is a virus but I can't remove it. I have Symantec 9.0 with latest virus definitions but I just can't get rid of it. It just generates these emails before every 10 minutes. Please help.



From: System Administrator Sent: Fri 6/23/2006 5:45 PM
To: kissmegus@daum.net
Subject: Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ

From:      kyunghea2@daum.net [kyunghea2@daum.net]      Sent:      Wed 6/21/2006 9:19 PM      
To:      beh36a0001ozvz@mydomain.com                  
Cc:                        
Subject:      ¾È³ç¿ä ³ªÄ¡¹ÇÆÄ                  

Your message did not reach some or all of the intended recipients.

Subject: ¾È³ç¿ä ÁÖÃ÷¼­Ä¡
Sent: 6/21/2006 9:19 PM

The following recipient(s) could not be reached:

rhz38j31831dt@mydomain.com on 6/21/2006 9:19 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mydomain.com #5.1.1>  

¢º,.¹Ù,¢¾·Î °¡¢Ü¡Û..,´É,,.ÇբĴϴ٢ϿÀ,,.õ,¡à.¸¸³Í ±îÁö¡ä¡Ý °¡,.´É¡à ÇÕ¢»¡ß´Ï´Ù <http://ul.donga.ac.kr/index/plus/board.php3?table=stuclub_land_board&query=view&l=421&p=1&go=0>

"


Thank you very much,
hn
0
weesterex
Asked:
weesterex
  • 2
  • 2
  • 2
2 Solutions
 
Chris_PicciottoCommented:
First install a SPAM filter if you have not done so already.

Microsoft has a free one called "Intelligent Message Filter". It's OK.
http://www.microsoft.com/downloads/details.aspx?familyid=C1B08F7B-8CAF-4147-B074-8C9C8F277071&displaylang=en

What version of Antivirus are you using? Symantec has a E-Mail filtering component that needs to be installed with the regular antivirus which filters the email.

You should also register your server here
http://www.us.sorbs.net/

Give me some more info so i can help.


0
 
SembeeCommented:
I doubt whether this is a virus.

You are either an open relay or under an NDR attack.
NDR attack is where messages are sent to your domain with an invalid email address on purpose, the server then tries to bounce the email message to the "sender", except the sender is spoofed and is the real target of the spam message.

You can check whether you are an open relay here: http://www.amset.info/exchange/smtp-openrelay.asp

If you are under an NDR attack then a look at your queues will quickly show this. There will be a large number of messages in the queues waiting to be delivered. To deal with the problem you will have to look at third party options as Exchange 2000 doesn't have the lookup facility that Exchange 2003 has. GFI Mail Essentials and Vamsoft ORF both have an LDAP lookup facility. That will stop these messages stone dead.

If you need to clear the queues of the duff messages, then I have some techniques listed on my web site: http://www.amset.info/exchange/spam-cleanup.asp

IMF is not an option for you as you are on Exchange 2000.

Simon.
0
 
weesterexAuthor Commented:
Thank you very much for your help, Chris and Simon. Simon, I have tested open relay and it is secured. Chris, I also registered my exchange server on this website http://www.us.sorbs.net/. It still won't help much. I have Symantec Corp 9.0 with outgoing and incoming email scanning enabled. Here is exact problem that I am having.

On every 10 mintues, the administrator account get undeliverable message as following.

"From: System Administrator Sent: Fri 6/23/2006 8:39 PM
To: dltndusdlekt@daum.net
Subject: Undeliverable:ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:   Attachments may contain viruses that are harmful to your computer. Attachments may not display correctly.
 ÇÏÀÌ ¸ÓÈ£¸®Ãß(1KB)  

Your message did not reach some or all of the intended recipients.

  Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
  Sent: 6/23/2006 8:39 PM
The following recipient(s) could not be reached:

  b2p45q8009jzh@mycompanydomain.com on 6/23/2006 8:39 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <mycompanydomain.com #5.1.1> "

The content of the email as this:

" From: dltndusdlekt@daum.net [dltndusdlekt@daum.net] Sent: Fri 6/23/2006 8:39 PM
To: b2p45q8009jzh@mycompanydomain.com
Cc:  
Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:  

¿À,,.¡Û¢Äõ,.¢Ã¢·¸¸¢¸³Í ±îÁö °¡¢¼,.¡Ú´É¡Û¢À ÇÕ´Ï´Ù¡Û
Á÷¢Ï,Àö¢¾,,ÀÎ ¤§¡à¡ä¤ÀÃô¡ß Àü¹®,.

"
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
SembeeCommented:
If you are getting just the NDR, then you are probably being spoofed. There is virtually nothing that you can do about spoofing - that is what things like SPF are supposed to deal with - but their take up is not high enough to make it worthwhile using it.

Simon.
0
 
Chris_PicciottoCommented:
OK....well at least going forward you will be a little more invisible that you registered your server.

You may want to consider using a 3rd party filtering solution like http://www.mxlogic.net/ or http://www.globalrelay.com/ 

Did you say you are running a SPAM filter?

I am running Symantec 10.2 on the exchange server along with X-WALL and Microsoft IMF. SPAM Still comes is so get used to it.

You can also shut exchange services down and clear all queues to give you a fresh start.

0
 
weesterexAuthor Commented:
Well, regardless what I have tried. I still get spam emails that I mentioned above. thanks very much for all your help.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now