Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2000 keeps generating " Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ " emails.

Posted on 2006-06-23
8
Medium Priority
?
304 Views
Last Modified: 2010-03-06
My exchange server 2000 keeps generating the following emails. This is a virus but I can't remove it. I have Symantec 9.0 with latest virus definitions but I just can't get rid of it. It just generates these emails before every 10 minutes. Please help.



From: System Administrator Sent: Fri 6/23/2006 5:45 PM
To: kissmegus@daum.net
Subject: Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ

From:      kyunghea2@daum.net [kyunghea2@daum.net]      Sent:      Wed 6/21/2006 9:19 PM      
To:      beh36a0001ozvz@mydomain.com                  
Cc:                        
Subject:      ¾È³ç¿ä ³ªÄ¡¹ÇÆÄ                  

Your message did not reach some or all of the intended recipients.

Subject: ¾È³ç¿ä ÁÖÃ÷¼­Ä¡
Sent: 6/21/2006 9:19 PM

The following recipient(s) could not be reached:

rhz38j31831dt@mydomain.com on 6/21/2006 9:19 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mydomain.com #5.1.1>  

¢º,.¹Ù,¢¾·Î °¡¢Ü¡Û..,´É,,.ÇբĴϴ٢ϿÀ,,.õ,¡à.¸¸³Í ±îÁö¡ä¡Ý °¡,.´É¡à ÇÕ¢»¡ß´Ï´Ù <http://ul.donga.ac.kr/index/plus/board.php3?table=stuclub_land_board&query=view&l=421&p=1&go=0>

"


Thank you very much,
hn
0
Comment
Question by:weesterex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 16973303
First install a SPAM filter if you have not done so already.

Microsoft has a free one called "Intelligent Message Filter". It's OK.
http://www.microsoft.com/downloads/details.aspx?familyid=C1B08F7B-8CAF-4147-B074-8C9C8F277071&displaylang=en

What version of Antivirus are you using? Symantec has a E-Mail filtering component that needs to be installed with the regular antivirus which filters the email.

You should also register your server here
http://www.us.sorbs.net/

Give me some more info so i can help.


0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 16974830
I doubt whether this is a virus.

You are either an open relay or under an NDR attack.
NDR attack is where messages are sent to your domain with an invalid email address on purpose, the server then tries to bounce the email message to the "sender", except the sender is spoofed and is the real target of the spam message.

You can check whether you are an open relay here: http://www.amset.info/exchange/smtp-openrelay.asp

If you are under an NDR attack then a look at your queues will quickly show this. There will be a large number of messages in the queues waiting to be delivered. To deal with the problem you will have to look at third party options as Exchange 2000 doesn't have the lookup facility that Exchange 2003 has. GFI Mail Essentials and Vamsoft ORF both have an LDAP lookup facility. That will stop these messages stone dead.

If you need to clear the queues of the duff messages, then I have some techniques listed on my web site: http://www.amset.info/exchange/spam-cleanup.asp

IMF is not an option for you as you are on Exchange 2000.

Simon.
0
 

Author Comment

by:weesterex
ID: 16975797
Thank you very much for your help, Chris and Simon. Simon, I have tested open relay and it is secured. Chris, I also registered my exchange server on this website http://www.us.sorbs.net/. It still won't help much. I have Symantec Corp 9.0 with outgoing and incoming email scanning enabled. Here is exact problem that I am having.

On every 10 mintues, the administrator account get undeliverable message as following.

"From: System Administrator Sent: Fri 6/23/2006 8:39 PM
To: dltndusdlekt@daum.net
Subject: Undeliverable:ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:   Attachments may contain viruses that are harmful to your computer. Attachments may not display correctly.
 ÇÏÀÌ ¸ÓÈ£¸®Ãß(1KB)  

Your message did not reach some or all of the intended recipients.

  Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
  Sent: 6/23/2006 8:39 PM
The following recipient(s) could not be reached:

  b2p45q8009jzh@mycompanydomain.com on 6/23/2006 8:39 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <mycompanydomain.com #5.1.1> "

The content of the email as this:

" From: dltndusdlekt@daum.net [dltndusdlekt@daum.net] Sent: Fri 6/23/2006 8:39 PM
To: b2p45q8009jzh@mycompanydomain.com
Cc:  
Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:  

¿À,,.¡Û¢Äõ,.¢Ã¢·¸¸¢¸³Í ±îÁö °¡¢¼,.¡Ú´É¡Û¢À ÇÕ´Ï´Ù¡Û
Á÷¢Ï,Àö¢¾,,ÀÎ ¤§¡à¡ä¤ÀÃô¡ß Àü¹®,.

"
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 104

Expert Comment

by:Sembee
ID: 16975915
If you are getting just the NDR, then you are probably being spoofed. There is virtually nothing that you can do about spoofing - that is what things like SPF are supposed to deal with - but their take up is not high enough to make it worthwhile using it.

Simon.
0
 
LVL 3

Assisted Solution

by:Chris_Picciotto
Chris_Picciotto earned 500 total points
ID: 16976032
OK....well at least going forward you will be a little more invisible that you registered your server.

You may want to consider using a 3rd party filtering solution like http://www.mxlogic.net/ or http://www.globalrelay.com/ 

Did you say you are running a SPAM filter?

I am running Symantec 10.2 on the exchange server along with X-WALL and Microsoft IMF. SPAM Still comes is so get used to it.

You can also shut exchange services down and clear all queues to give you a fresh start.

0
 

Author Comment

by:weesterex
ID: 17015243
Well, regardless what I have tried. I still get spam emails that I mentioned above. thanks very much for all your help.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question