Bad Mail Black Hole
It'll take some careful investigation to figure out why bad mail on your Exchange server is eating up disk space.
- By Bill Boswell
- November 03, 2003
I recently took over the tech support for a small
mortgage company. They are running two Dell 4600 servers both with Windows
Server 2000. One server is configured as an Exchange 2000 server, data
and print server and the other is set up as a RightFAX and Citrix server.
My issue is that the Exchange server "badmail" directory has
more than 230,000 files (1.8GB) in it.
I am looking for suggestions on how to remove these files and manage
their removal more frequently in the future. This is a production server
and the client wants minimal downtime. Appreciate any suggestions. Google
and Experts Exchange haven't been as helpful as I would have hoped.
Help from Bill
Got a Windows or Exchange question or need troubleshooting
help? Or maybe you want a better explanation than provided
in the manuals? Describe your dilemma in an e-mail
to Bill at mailto:email@example.com;
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.)
David: The first thing to do is delete the BadMail folder.
To do this, stop the SMTP service, rename the BadMail folder to BadMailOld,
create a new BadMail folder, then start the SMTP service again. You should
be able to send and receive messages without a problem.
Next, pick through the messages in BadMailOld to figure out why you have
so many items. The files with the BAD extension are text files that you
can read with Notepad.
If this is a public-facing Exchange server, or it is accessible from
the Internet, you may have been targeted as an SMTP relay. If you find
lots and lots of messages sent to outside recipients with content that
could not have originated in your organization, check your SMTP relay
setting to make sure you have not inadvertently permitted unauthenticated
entities. Correct this quickly, as you could be blacklisted by one or
more anti-spam service providers.
Also, scan for viruses to make sure you haven't been infected with a
worm that installs an open proxy, which is becoming a favorite exploit.
Run netstat -an and verify that you can account
for each open port. The Tcpview utility from www.sysinternals.com
is handy for this work because it lists the executable that listens on
each open port. The fport utility from www.foundstone.com
is also useful for port identification.
If this is not a public-facing server and it is not infected or otherwise
exploited, you may have a public folder replication problem that is causing
hierarchy and backfill content to build up in BadMail. Or the items may
be coming from the RightFax server, which might be storing old copies
of faxes in BadMail.
Once you determine the cause of the buildup, delete the BadMailOld folder
and you'll get back your 1.8GB of storage.
There's no way to automate this process that I know of other than to
write a batch file to go through these same steps. The batch file might
look like this, assuming that your Exchange files are on the E drive:
Net stop smtpsvc
cd "e:\program files\exchsrvr\mailroot\vsi 1"
Ren badmail badmailold
Move badmailold \\server\share\badmailanalysis
Net start smtpsvc
Hope this helps.
Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.