WinDeveloper IMF Tune

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Dealing with Exchange Badmail

Andrew Z. Tabona [BSc (Hons) Computing, MCSE, Network+, Security+ etc]

Andrew Z. Tabona [BSc (Hons) Computing, MCSE, Network+, Security+ etc] Photo

Andrew Z. Tabona, MBCS, MSc, BSc (Hons), ITILF v3, MCSE, Network+, Security+, etc, has over 10 years’ experience in Quality Assurance, Incident Management, and Pre- and Post-Sales Technical Support roles, as well as recent specialization in Digital Forensics and E-Discovery.

  • Published: Apr 17, 2007
  • Category: General
  • Votes: 4.8 out of 5 - 6 Votes
Cast your Vote
Poor Excellent

The main question about Badmail is what to do with it. Should I disable it completely or allow the folder to fill up so I have the option to view the e-mails, and then periodically delete them?

The main question about Badmail is what to do with it. Should I disable it completely or allow the folder to fill up so I have the option to view the e-mails, and then periodically delete them? In this article we look at the Badmail folder and how to control Badmail in your Exchange organization.

The Badmail Folder

Badmail is considered to be any message that for some reason or another couldn't be delivered (because of domain resolution issues or a problematic communications link for example). Such messages are stored in the Badmail folder which forms part of the SMTP virtual server mailroot directory and is usually located at \Exchsrvr\Mailroot\vsi 1\BadMail. "vsi 1" being the first virtual server instance. If you had multiple instances it would be "vsi 2", "vsi 3" and so on.

If you had to browse through the Badmail folder you would typically find it to be full of NDRs (Non-delivery reports) or unsolicited e-mail (especially if you have fallen victim to a SPAM attack). What happens with delivery reports is that, based on your settings in the SMTP virtual server Delivery tab, Exchange will keep trying to deliver a message until the specified amount of retries has been reached. At this point it will dump the e-mail into the Badmail folder.

Since writing to the Badmail folder can potentially cause a lot of disk activity and use a lot of space, it is recommended to change the location of the Badmail folder to be on a separate disk than the Exchange databases. TIP: For the same reasons, you can also change the location of the SMTP Pickup and Queue folders.

If left unattended, the Badmail folder will continue to fill up until you run out of disk space.

Exchange 2003 SP1 and the Badmail Folder

As from Service Pack 1 onwards the Badmail folder has been disabled. This was done to prevent it from hogging disk space and disk usage - which can also be considered as a Denial of Service attack since Exchange will fail to work if you run out of space. I'm guessing Microsoft also did this with the thinking that most Exchange Administrators hardly ever monitor this folder.

If you wish to enable it and start viewing undeliverable content again you will have to explicitly configure two registry entries to alter the default behaviour.

WARNING: Always make a backup of the registry before making any changes to it. Modify the registry at your own risk.

These entries are 'MaxBadMailFolderSize' and 'BadMailSyncPeriod'. They are used to specify the maximum size of the Badmail folder and control how often the size of the Badmail folder is checked.

To create these entries simply open regedit.exe and navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPSVC

Create a new key called "Queuing". Within this key create a DWORD entry called MaxBadMailFolderSize and specify the maximum size of the Badmail folder in KB (as Decimal). Now create another DWORD entry called BadMailSyncPeriod and specify, in minutes, how long the system should wait before checking the size of the Badmail folder (again, as Decimal). In figure 1 we can see that I have set the BadMailSyncPeriod value to 15 minutes with the MaxBadFolderSize being set to 10MB.

Registry Values

Figure 1 - Configuring Badmail folder settings from the registry

NOTE: If MaxBadMailFolderSize is set to 0 no files are written to the Badmail folder. This is the Exchange Server 2003 SP1 default behaviour. A value of -1 will revert to pre-SP1 settings and allow messages to be written to the Badmail folder until there is no disk space left.

Once the changes have been made, restart the SMTP service from the services console.

Managing the Badmail Folder

If you decide to revert to pre-2003 SP1 settings and enable the Badmail folder you will need a way of keeping this folder clean.

Microsoft offers a script to help automatically archive or delete the contents of the Badmail folder in Exchange 2003 and Exchange 2000 SP2 and above. Follow this link to download BadMailAdmin.wsf.

Using BadMailAdmin.wsf you can delete the files in the Badmail folder, archive and then delete the files in the Badmail folder or simply disable Badmail generation all together. You can select which SMTP virtual servers you wish to delete files in the Badmail folder from, whether you want to delete them by largest or oldest files first, and configure a maximum size threshold which will be used to determine how large the Badmail folder is allowed to grow.

For more information and usage instructions refer to "Badmail Deletion and Archival Script.doc" enclosed within the BadMailAdmin.exe file.

As an alternative you can run a batch file as a scheduled task with the following command:
del "C:\program files\exchsrvr\mailroot\vsi 1\badmail\*.*" /q

This will delete the contents of the Badmail folder in quiet mode (so that you are not prompted for confirmation). Personally I have found it to be just as effective.

Conclusion

You need to think about whether you want to maintain a Badmail free Exchange organization and disable Badmail or schedule regular clear outs of the Badmail folder. Using the methods explained in this article you can do both with relative ease.

References

The Badmail folder is disabled in Exchange Server 2003 SP1

How to automatically delete messages from the Badmail folder in Exchange Server 2003 and in Exchange 2000 Server

Copyright © 2005 - 2016 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation