Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Emails 3

Status
Not open for further replies.

Animasu

Technical User
Aug 5, 2005
23
GB
Hi, One persons account seems to be sending out random emails to random people, ive tried running a virus scan, ad/spy ware scan, and though these came up with some results, (which were sorted) the problem with the emails being sent randomly hasn’t, one of the emails in enclosed below.

------------------------------------------------------------
From: System Administrator
To: x
Subject: Undeliverable: SECURITY MEASURES

Your message did not reach some or all of the intended recipients.

Subject: SECURITY MEASURES
Sent: 19/09/2005 11:47

The following recipient(s) could not be reached:

serg@frudd.co.uk on 19/09/2005 11:50
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mailhost.frudd.co.uk #5.1.1>
------------------------------------------------------------
------------------------------------------------------------
From: System Administrator
To: x
Subject: Undeliverable: *WARNING* Your Email Account Will Be Closed

Your message did not reach some or all of the intended recipients.

Subject: *WARNING* Your Email Account Will Be Closed
Sent: 19/09/2005 11:11

The following recipient(s) could not be reached:

fred@frudd.co.uk on 19/09/2005 11:14
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mailhost.frudd.co.uk #5.1.1>
------------------------------------------------------------

All of them are from the system administrator, and keep getting more frequent. Also they all keep getting delivered to the same person.
Hope someone can help, and thank you for any feedback that i receive!

-Animasu
 
It sounds like some sort of worm...

First, unplug the machine from the network. Theres no reason to risk infection of other computers or swamp your ISP with e-mail. I

My suggestion is uninstalling your antivirus software and reloading it. Most viruses now a days are programed to find your AV (especially nortons and mcaffee) and disable it once infected. Reinstalling it makes sure that your AV is sound.

If that doesn't work, my next step would be to bite the bullet and reload the machine.

Justin

 
Hi Animasu,

Fortunately, this isn't really your problem..but it is annoying.

It's the fall out from the virus Mytob in one of its many guises. Your user has an entry in somebody elses address book, and they have the virus - its just spoofing the Sysadmin return address. Make sure your antivirus software is up to date and you should be OK.

We deal a lot with educational establishments and as a result get about 150 of these each day - they're just a nuisance.
 
mobyduck is right. The way i read it sounded like one of your machines were sending the e-mail.

Only thing you can do is ignore it.
 
Another thought occurs..

Do you use any anti spam software that can blacklist mails ?

We are using GFI MailEssentials and have blacklisted any mail that seems to come from System Administrator or Administrator, and it has reduced the amount that need to be manually deleted considerably.

Don't do this of course if you genuinely use the Admin account to mail users.....

 
We had the same problems. We have Open Relay Filter for our Spam filter, we had to put some keywords in the filter. Thank goodness it used mostly the same verbage.
 
I do use a Antispam/ad software program but as far as i know it dosent blacklist emails, also if we blacklisted the system admin account, this account also sends reminders, and messages to people about there account, i may be able to move all these to the Admin account, and block the Sysadmin account, would be worth a try! Thanks for all the replys!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top