fi8224
asked on
Badmail directory is bad news
I manage many Exchange boxes for various clients. This past year the badmail directory has become a cronic problem because it is filling up and wreaking havoc on server performance and even causing the backup jobs to fail.
The question is how to best deal with this. Just deleting this badmail folder full of files is not the answer, because it just keeps filling back up. I would like to have a solution that deals with the cause of all this "badmail", which I assume is just lost spam. I have written batch files that automatically delete the badmail contents by executing a couple of times a day to keep it from building up, but I'd really like to see this stuff bounced from the server before it became "badmail".
Some of my clients use a server based spam software that keeps the folder manageable, but they too would allow the badmail directory to grow if it wasn't monitored.
The question is how to best deal with this. Just deleting this badmail folder full of files is not the answer, because it just keeps filling back up. I would like to have a solution that deals with the cause of all this "badmail", which I assume is just lost spam. I have written batch files that automatically delete the badmail contents by executing a couple of times a day to keep it from building up, but I'd really like to see this stuff bounced from the server before it became "badmail".
Some of my clients use a server based spam software that keeps the folder manageable, but they too would allow the badmail directory to grow if it wasn't monitored.
ASKER
Thanks for the reply. I used to do this, but I found that there were actually hackers out there that must have been guessing user accounts and passwords, because the bad mail spam was still filtering through and filling up the "badmail" directory. It was only when I explicity entered the mail domain name and the server ip address in the relay restrictions button. To do this, I checked off "Allow only the list below", and clicked the "add" button and entered the email domain name and the email server's ip address (seperately). You can't get any more explicit than this. This way nobody besides the server and the email domain can relay. At least that's what I was thinking when I did this.
Now here's the rub. This directory still gets email filtered into it, though it's much more manageable. And that's what I don't understand....HOW, and how do I keep it from happening. So I now make a batch file to run everyday and delete the contents to keep it from growing. That's a work arround, not a fix.
Now here's the rub. This directory still gets email filtered into it, though it's much more manageable. And that's what I don't understand....HOW, and how do I keep it from happening. So I now make a batch file to run everyday and delete the contents to keep it from growing. That's a work arround, not a fix.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Okay I've done all of the above. I have created scripts to dump bad mail, I've updated all the patches on my server, I have worked with symantec on updating my SMSMSE to the latest version, I made everyone create complex passwords, I have created in excess of 25 dummy accounts with complex passwords and disabled them, I have reapplied service packs, I have restricted the smtp relays down to very specific computers and only our domain and I am still up to 20,000 emails in my badmail directory a day. Anything else?????? I am doing all of this on a windows 2k with exchange 2k.
I forgot to add to my comment above that I have also added another exchange box with more horsepower in the hopes of retiring the original box that seems to have been stricken with the explosive smtp queue. I am trying to retire the original box, change my IP settings on my zone file to the new server all in the hopes of alluding the smtp pirates. Good Idea???
WOW!! Yeah the Ip settings on the Zone will work for what you said.
If the stuff in your badmail directory is spoofed then I'm not sure this will help as you'll still have the same domain name. Considered any anti-spam software?
http://support.microsoft.com/default.aspx?scid=kb;en-us;321825&Product=exchange
Once I did this the amount of bad mail slowed.
Good luck.