Re: Exchange 2003 - Event ID 3030 Source MSExchangeTransport[Scanned]
- From: "Periyasamy, Raj" <Raj.Periyasamy@xxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 3 Feb 2004 11:52:21 -0500
It sounds like you may have the MyDoom virus going around. My Doom tries
to spoof sender IDs and recipient IDs. It may not be that the actual
virus originated from your user, but might have spoofed elsewhere. In
any case run a thorough check of your user PC, and the Exchange server.
Regards,
Raj
-----Original Message-----
From: simon whale [mailto:swhale@xxxxxxxxxxxxxx]
Sent: Tuesday, February 03, 2004 11:41 AM
To: [ExchangeList]
Subject: [exchangelist] Re: Exchange 2003 - Event ID 3030 Source
MSExchangeTransport[Scanned]
http://www.MSExchange.org/
Zoran,
Thanks for your time. There is no logging switched on in the smtp
connector. I have just received another.
Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3030
Date: 03/02/2004
Time: 16:35:25
User: N/A
Computer: JUPITER
Description:
A non-delivery report with a status code of 5.1.8 was generated for
recipient rfc822;jack@xxxxxxxxxx (Message-ID
<16a201c3ea73$b8b9d170$02010a0a@xxxxxxxxxxxx>).
But at the same time my anti virus also reported a virus from the same
person:
A suspicious mail was processed.
Event: infection
Action: Message quarantined
Message ID: <200402031631.i13GVdv25012@xxxxxxxxxxxxxxxxx>
Message subject: test
Sender: "jack@xxxxxxxxxx" <jack@xxxxxxxxxx>
Recipient: "fred@xxxxxxxxxxxxxx" <fred@xxxxxxxxxxxxxx>
=============================================================
Attachment information:
Event: infection
Action: Unable to disinfect
Filename: data.zip
Virus: W32/MyDoom-A
=============================================================
Attachment information:
Event: infection
Action: Unable to disinfect
Filename: data.zip
Virus: W32/MyDoom-A
=============================================================
Can I assume that these events logged for addresses that don't exist? O
runalbe ot contact?
Regards
Simon Whale
-----Original Message-----
From: Zoran [mailto:zmarjanovic@xxxxxxxx]
Sent: 03 February 2004 16:52
To: [ExchangeList]
Subject: [exchangelist] Re: Exchange 2003 - Event ID 3030 Source
MSExchangeTransport[Scanned]
http://www.MSExchange.org/
Hi Simon,
check diagnostics logging level for MSExchangeTransport.
Zoran
> All,
>
> I have just noticed the following in the event viewer, can anybody
> shed any light on the matter?
>
> Event Type: Error
> Event Source: MSExchangeTransport
> Event Category: NDR=20
> Event ID: 3030
> Date: 03/02/2004
> Time: 15:35:34
> User: N/A
> Computer: JUPITER
> Description:
> A non-delivery report with a status code of 5.1.8 was generated for
> recipient rfc822;joe@xxxxxxxxxxxxxxxxxx (Message-ID
> <168401c3ea6b$5ad73780$02010a0a@xxxxxxxxxxxx>). =20
>
> Have checked on google groups, eventid.net and microsoft to no
success.
>
> Setup as follows
>
> Windows 2003 (patched upto date)
> Exchange 2003 (patched upto date)
> Sophos Anti Virus - Mail monitor (up to date)
>
> Many Thanks
> Simon
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 ISA
Server Resource Site: http://www.isaserver.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 ISA
Server Resource Site: http://www.isaserver.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
Other related posts:
