Solved

Exchange 2000 keeps generating " Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ " emails.

Posted on 2006-06-23
8
291 Views
Last Modified: 2010-03-06
My exchange server 2000 keeps generating the following emails. This is a virus but I can't remove it. I have Symantec 9.0 with latest virus definitions but I just can't get rid of it. It just generates these emails before every 10 minutes. Please help.



From: System Administrator Sent: Fri 6/23/2006 5:45 PM
To: kissmegus@daum.net
Subject: Undeliverable:ÇÏÀÌ ½Ã³Ê¼ÒÆÛ

From:      kyunghea2@daum.net [kyunghea2@daum.net]      Sent:      Wed 6/21/2006 9:19 PM      
To:      beh36a0001ozvz@mydomain.com                  
Cc:                        
Subject:      ¾È³ç¿ä ³ªÄ¡¹ÇÆÄ                  

Your message did not reach some or all of the intended recipients.

Subject: ¾È³ç¿ä ÁÖÃ÷¼­Ä¡
Sent: 6/21/2006 9:19 PM

The following recipient(s) could not be reached:

rhz38j31831dt@mydomain.com on 6/21/2006 9:19 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mydomain.com #5.1.1>  

¢º,.¹Ù,¢¾·Î °¡¢Ü¡Û..,´É,,.ÇբĴϴ٢ϿÀ,,.õ,¡à.¸¸³Í ±îÁö¡ä¡Ý °¡,.´É¡à ÇÕ¢»¡ß´Ï´Ù <http://ul.donga.ac.kr/index/plus/board.php3?table=stuclub_land_board&query=view&l=421&p=1&go=0>

"


Thank you very much,
hn
0
Comment
Question by:weesterex
  • 2
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 16973303
First install a SPAM filter if you have not done so already.

Microsoft has a free one called "Intelligent Message Filter". It's OK.
http://www.microsoft.com/downloads/details.aspx?familyid=C1B08F7B-8CAF-4147-B074-8C9C8F277071&displaylang=en

What version of Antivirus are you using? Symantec has a E-Mail filtering component that needs to be installed with the regular antivirus which filters the email.

You should also register your server here
http://www.us.sorbs.net/

Give me some more info so i can help.


0
 
LVL 104

Accepted Solution

by:
Sembee earned 125 total points
ID: 16974830
I doubt whether this is a virus.

You are either an open relay or under an NDR attack.
NDR attack is where messages are sent to your domain with an invalid email address on purpose, the server then tries to bounce the email message to the "sender", except the sender is spoofed and is the real target of the spam message.

You can check whether you are an open relay here: http://www.amset.info/exchange/smtp-openrelay.asp

If you are under an NDR attack then a look at your queues will quickly show this. There will be a large number of messages in the queues waiting to be delivered. To deal with the problem you will have to look at third party options as Exchange 2000 doesn't have the lookup facility that Exchange 2003 has. GFI Mail Essentials and Vamsoft ORF both have an LDAP lookup facility. That will stop these messages stone dead.

If you need to clear the queues of the duff messages, then I have some techniques listed on my web site: http://www.amset.info/exchange/spam-cleanup.asp

IMF is not an option for you as you are on Exchange 2000.

Simon.
0
 

Author Comment

by:weesterex
ID: 16975797
Thank you very much for your help, Chris and Simon. Simon, I have tested open relay and it is secured. Chris, I also registered my exchange server on this website http://www.us.sorbs.net/. It still won't help much. I have Symantec Corp 9.0 with outgoing and incoming email scanning enabled. Here is exact problem that I am having.

On every 10 mintues, the administrator account get undeliverable message as following.

"From: System Administrator Sent: Fri 6/23/2006 8:39 PM
To: dltndusdlekt@daum.net
Subject: Undeliverable:ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:   Attachments may contain viruses that are harmful to your computer. Attachments may not display correctly.
 ÇÏÀÌ ¸ÓÈ£¸®Ãß(1KB)  

Your message did not reach some or all of the intended recipients.

  Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
  Sent: 6/23/2006 8:39 PM
The following recipient(s) could not be reached:

  b2p45q8009jzh@mycompanydomain.com on 6/23/2006 8:39 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <mycompanydomain.com #5.1.1> "

The content of the email as this:

" From: dltndusdlekt@daum.net [dltndusdlekt@daum.net] Sent: Fri 6/23/2006 8:39 PM
To: b2p45q8009jzh@mycompanydomain.com
Cc:  
Subject: ÇÏÀÌ ¸ÓÈ£¸®Ãß
Attachments:  

¿À,,.¡Û¢Äõ,.¢Ã¢·¸¸¢¸³Í ±îÁö °¡¢¼,.¡Ú´É¡Û¢À ÇÕ´Ï´Ù¡Û
Á÷¢Ï,Àö¢¾,,ÀÎ ¤§¡à¡ä¤ÀÃô¡ß Àü¹®,.

"
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 104

Expert Comment

by:Sembee
ID: 16975915
If you are getting just the NDR, then you are probably being spoofed. There is virtually nothing that you can do about spoofing - that is what things like SPF are supposed to deal with - but their take up is not high enough to make it worthwhile using it.

Simon.
0
 
LVL 3

Assisted Solution

by:Chris_Picciotto
Chris_Picciotto earned 125 total points
ID: 16976032
OK....well at least going forward you will be a little more invisible that you registered your server.

You may want to consider using a 3rd party filtering solution like http://www.mxlogic.net/ or http://www.globalrelay.com/ 

Did you say you are running a SPAM filter?

I am running Symantec 10.2 on the exchange server along with X-WALL and Microsoft IMF. SPAM Still comes is so get used to it.

You can also shut exchange services down and clear all queues to give you a fresh start.

0
 

Author Comment

by:weesterex
ID: 17015243
Well, regardless what I have tried. I still get spam emails that I mentioned above. thanks very much for all your help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now