It sounds like you may have the MyDoom virus going around. My Doom tries to spoof sender IDs and recipient IDs. It may not be that the actual virus originated from your user, but might have spoofed elsewhere. In any case run a thorough check of your user PC, and the Exchange server. Regards, Raj -----Original Message----- From: simon whale [mailto:swhale@xxxxxxxxxxxxxx] Sent: Tuesday, February 03, 2004 11:41 AM To: [ExchangeList] Subject: [exchangelist] Re: Exchange 2003 - Event ID 3030 Source MSExchangeTransport[Scanned] http://www.MSExchange.org/ Zoran, Thanks for your time. There is no logging switched on in the smtp connector. I have just received another. Event Type: Error Event Source: MSExchangeTransport Event Category: NDR Event ID: 3030 Date: 03/02/2004 Time: 16:35:25 User: N/A Computer: JUPITER Description: A non-delivery report with a status code of 5.1.8 was generated for recipient rfc822;jack@xxxxxxxxxx (Message-ID <16a201c3ea73$b8b9d170$02010a0a@xxxxxxxxxxxx>). But at the same time my anti virus also reported a virus from the same person: A suspicious mail was processed. Event: infection Action: Message quarantined Message ID: <200402031631.i13GVdv25012@xxxxxxxxxxxxxxxxx> Message subject: test Sender: "jack@xxxxxxxxxx" <jack@xxxxxxxxxx> Recipient: "fred@xxxxxxxxxxxxxx" <fred@xxxxxxxxxxxxxx> ============================================================= Attachment information: Event: infection Action: Unable to disinfect Filename: data.zip Virus: W32/MyDoom-A ============================================================= Attachment information: Event: infection Action: Unable to disinfect Filename: data.zip Virus: W32/MyDoom-A ============================================================= Can I assume that these events logged for addresses that don't exist? O runalbe ot contact? Regards Simon Whale -----Original Message----- From: Zoran [mailto:zmarjanovic@xxxxxxxx] Sent: 03 February 2004 16:52 To: [ExchangeList] Subject: [exchangelist] Re: Exchange 2003 - Event ID 3030 Source MSExchangeTransport[Scanned] http://www.MSExchange.org/ Hi Simon, check diagnostics logging level for MSExchangeTransport. Zoran > All, > > I have just noticed the following in the event viewer, can anybody > shed any light on the matter? > > Event Type: Error > Event Source: MSExchangeTransport > Event Category: NDR=20 > Event ID: 3030 > Date: 03/02/2004 > Time: 15:35:34 > User: N/A > Computer: JUPITER > Description: > A non-delivery report with a status code of 5.1.8 was generated for > recipient rfc822;joe@xxxxxxxxxxxxxxxxxx (Message-ID > <168401c3ea6b$5ad73780$02010a0a@xxxxxxxxxxxx>). =20 > > Have checked on google groups, eventid.net and microsoft to no success. > > Setup as follows > > Windows 2003 (patched upto date) > Exchange 2003 (patched upto date) > Sophos Anti Virus - Mail monitor (up to date) > > Many Thanks > Simon ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------