Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Badmail directory is bad news

Posted on 2004-03-25
7
Medium Priority
?
1,631 Views
Last Modified: 2009-05-22
I manage many Exchange boxes for various clients. This past year the badmail directory has become a cronic problem because it is filling up and wreaking havoc on server performance and even causing the backup jobs to fail.

The question is how to best deal with this. Just deleting this badmail folder full of files is not the answer, because it just keeps filling back up. I would like to have a solution that deals with the cause of all this "badmail", which I assume is just lost spam. I have written batch files that automatically delete the badmail contents by executing a couple of times a day to keep it from building up, but I'd really like to see this stuff bounced from the server before it became "badmail".
Some of my clients use a server based spam software that keeps the folder manageable, but they too would allow the badmail directory to  grow if it wasn't monitored.
0
Comment
Question by:fi8224
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Expert Comment

by:tabmpierce
ID: 10684606
When I was having this problem I found out that m exchange server was bein gused as a mail relay. You most likel have already looked into this but here is a acrticle at Microsoft just in case.

http://support.microsoft.com/default.aspx?scid=kb;en-us;321825&Product=exchange

Once I did this  the amount of bad mail slowed.

Good luck.
0
 
LVL 1

Author Comment

by:fi8224
ID: 10687162
Thanks for the reply. I used to do this, but I found that there were actually hackers out there that must have been guessing user accounts and passwords, because the bad mail spam was still filtering through and filling up the "badmail" directory. It was only when I explicity entered the mail domain name and the server ip address in the relay restrictions button. To do this, I checked off "Allow only the list below", and clicked the "add" button and entered the email domain name and the email server's ip address (seperately). You can't get any more explicit than this. This way nobody besides the server and the email domain can relay. At least that's what I was thinking when I did this.
Now here's the rub. This directory still gets email filtered into it, though it's much more manageable. And that's what I don't understand....HOW, and how do I keep it from happening. So I now make a batch file to run everyday and delete the contents to keep it from growing. That's a work arround, not a fix.
0
 
LVL 22

Accepted Solution

by:
kristinaw earned 1000 total points
ID: 10689203
fi,

I believe this is one of those 'this behavior is by design' MS things that we'll just have to deal with in this version of Exchange. I too use scripts to delete the contents of the folder on a daily basis (with task scheduler). See the following for a better explanation:

http://hellomate.typepad.com/exchange/2003/07/dealing_with_ba.html

Also, the following excerpt is from: http://www.microsoft.com/technet/prodtechnol/exchange/2000/maintain/13x2kadb.mspx

Handling Nondelivery, Bad Mail, and Unresolved Recipients

When a message is undeliverable or a fatal error occurs during delivery, Exchange Server generates a nondelivery report and attempts to deliver it to the sender. SMTP virtual server options provide several ways that you can configure how Exchange Server handles nondelivery.

For tracking purposes, you can send a copy of all nondelivery reports to a specific e-mail address, such as the organization's postmaster account. The e-mail address specified is also placed in the Reply-To field of the nondelivery report. This allows users to respond to the error message and potentially reach someone who can help resolve the problem.

If a nondelivery report can't be delivered to the sender, a copy of the original message is placed in the "bad" mail directory. Messages placed in the bad mail directory can't be delivered or returned. You can use the bad mail directory to track potential abuse of your messaging system. By default, the bad mail directory is located at root:\Exchsrvr\Mailroot\vsi#\BadMail, where root is the install drive for Exchange Server and # is the number of the SMTP virtual server, such as C:\Exchsrvr\Mailroot\vsi 1\BadMail. You can change the location of the bad mail directory at any time, but you should never place the directory on the M: drive, which is reserved for other types of Exchange Server data.

hth,
Kris.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Expert Comment

by:computernations
ID: 11124008
Okay I've done all of the above.  I have created scripts to dump bad mail, I've updated all the patches on my server, I have worked with symantec on updating my SMSMSE to the latest version, I made everyone create complex passwords, I have created in excess of 25 dummy accounts with complex passwords and disabled them, I have reapplied service packs, I have restricted the smtp relays down to very specific computers and only our domain and I am still up to 20,000 emails in my badmail directory a day.  Anything else??????  I am doing all of this on a windows 2k with exchange 2k.
0
 

Expert Comment

by:computernations
ID: 11124026
I forgot to add to my comment above that I have also added another exchange box with more horsepower in the hopes of retiring the original box that seems to have been stricken with the explosive smtp queue.  I am trying to retire the original box, change my IP settings on my zone file to the new server all in the hopes of alluding the smtp pirates.  Good Idea???
0
 

Expert Comment

by:tabmpierce
ID: 11126903
WOW!! Yeah the Ip settings on the Zone will work for what you said.
0
 
LVL 22

Expert Comment

by:kristinaw
ID: 11127149
If the stuff in your badmail directory is spoofed then I'm not sure this will help as you'll still have the same domain name. Considered any anti-spam software?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question