Bad, Bad, BadMail

How to handle the growing problem that is the BadMail folder.

Bill: I have two Exchange 2003 servers, a front-end server and a back-end server. Both servers have been up and running since April 2004. I have noticed the C:\ drive on both servers is slowly losing disk space.

I think the cause is the accumulation of files to the following path:

     C:\ProgramFiles\Exchsrvr\Mailroot\vsi 1\BadMail\

This BadMail folder has three types of files in it: .BAD, .BDP, and .BDR. Is it safe to delete some or all of these files? Is there a configuration setting to delete them automatically? What are these files?
—George

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:boswell@101com.com; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

George: Questions about how to deal with the contents of the BadMail folder top the list of e-mails I get every week. Microsoft has finally decided to help out by issuing a script that either clears the files out of the BadMail folder or archives the files to a specified location.

You can download the BadMail Archival and Deletion script at the Microsoft Download Center (click here), but I'd recommend downloading it as part of the newly updated bundle of Exchange 2003 tools (click here).

The script, named Badmailadmin.wsf, is a Windows Script Host file that you can use on a server running Exchange 2003 or Exchange 2000. The script also works on a Windows 2003 or 2000 server that is not running Exchange but is simply acting as an SMTP server.

The script combines both VBScript and Jscript code to do the following:

  • Accepts a command line argument for either archiving or deleting the contents of the BadMail folder. If you want to archive the contents, you must specify the path to an archive folder of your choice. Archiving BadMail files can help you figure out why your server is receiving invalid e-mail messages, but the archive folder can take up quite a bit of space. If you have no diagnostic reason to save the BadMail files, simply tell the script to delete them.
  • Determines if the total content of the BadMail folder exceeds a value specified on the command line of the script. The default value is 0, meaning that all files in BadMail are either archived or deleted. Another command line switch tells the script to delete older files until the specified size is reached. This is a useful compromise to archiving. You can choose to simply delete older messages until some arbitrary size is reached, such as 100MB. This leaves a quantity of recent files to help you with diagnostics.
  • Determines the path to the BadMail folder on the specified server, either by searching the SMTP Protocol entries for the server in Active Directory (Exchange servers) or by searching through the IIS Metabase (Windows servers). If a server has more than one SMTP virtual server, the script can clear out BadMail for all of the virtual servers or for a selected virtual server.
  • Performs the desired action, either archiving or deleting the BadMail files.

The script also has options for disabling the BadMail folder by setting the NTFS permissions so that the server can no longer write to the folder. This is a drastic action but one that can help you avoid building up massive amounts of BadMail files during a worm outbreak or spam attack.

Here's a listing of the command line options:

     badmailadmin.wsf - Deletes, archives, or disables SMTP
                      badmail folder content.

SYNTAX:
     badmailadmin.wsf [-A DELETE | ARCHIVE | DISABLE]
                    [-V <VSI#> | ALL]
                    [-F LARGEST | OLDEST]
                    [-L OFF | VERBOSE | EVENTS]
                    [-M <Max MB size>]
                    [-S <server/cluster resource name>]
                    [-P <archive path>]

DEFAULT PARAMETERS:
     badmailadmin.wsf -A DELETE -F OLDEST -V ALL
                    -L OFF -M 0 -S <localhost>

I especially like the -L VERBOSE option because it prints out each step taken by the script, an invaluable diagnostic aid. I wish more Microsoft scripts had this feature.

You can use the Task Scheduler to run the script on a regular basis. The document that accompanies the script shows how to configure the job.

The BadMail script is a welcome addition to any Exchange administrator's arsenal of tools. Although you can make a case that the functionality should have been built into Exchange itself, with triggers based on the size of the BadMail folder or the number of items, it's still good to have a standardized way of dealing with the contents of the BadMail folder.

Hope this helps.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

comments powered by Disqus

Reader Comments:

Sat, Oct 29, 2005 Ben Morrisson Australia

Thanks Bill! very concise article that certainly got me ontrack to a fix faster than the MS Docs. I have a specific problem where once executing the script it fails due to (i believe) such a large number of files in the badmail directory (about 70000) it causes and overflow error and aborts during teh following step:
OK: Get Badmail Folder: C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail
ERROR: C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail: bytes total.
Err.Number: 6
Err.Description: Overflow
Err.Source: Microsoft VBScript runtime error

Anyway thanks again fro a great article.

Mon, Aug 15, 2005 qs qq

adewe

Wed, Aug 18, 2004 lewis Anonymous

its cool.it work for me. now im free.

Tue, Aug 17, 2004 Mark Fugatt Anonymous

It might also be worth noting that with Exchange 2003 SP1 the BadMail function is disabled by default.

Mon, Jul 19, 2004 Anonymous Anonymous

Very helpful. We all need more real world solutions to common proplems.

Fri, Jul 16, 2004 Anonymous Anonymous

I've given up trying to find a solution and have written a bad mail monitor service to monitor the folder and clean up the files on a schedule while analyzing the reports to look for problems.

Thu, Jun 17, 2004 Manish Ohio

Nice help. I had this problem & help me lot to fix it.
Thanks

Tue, Jun 15, 2004 Anonymous Anonymous

But you didn't address how to stop the attack or NDR's

Mon, Jun 14, 2004 Greg Anonymous

Matt's right... However, if you don't want to change the default script host from WScript.EXE to CScript.EXE, you can execute explictly through cscript via task scheduler by specifying a command line similar to %windir%\system32\cscript.exe badmailadmin.wsf

Mon, Jun 14, 2004 Matt Anonymous

The command "cscript //H:CScript" changes the default script host to CScript.exe. CScript prints messages to the console instead of using a popup dialog. This will allow you to automate the task.

Fri, Jun 11, 2004 Bob Pittsburgh

I commented earlier that this was a great tool. However, after trying it, I discovered that it cannot be used to automate the cleanup because WSH pops up a confirmation box that requires manual acknowledgement. I'm not familiar with WSH, but a search on the internet about how to get around this yields lots of questions and only some home-brew 'work-arounds'. Unless you can complete these instructions with some way around this, I'd say it's back to the drawing board.

Wed, Jun 9, 2004 David Boston

Good information, but incomplete. I still don't understand what the badmail folder is for in the first place. What can you do with those files other than delete them?

Tue, Jun 8, 2004 James Sacramento

The badmail folder is where all the messages that were sent to a non existant recipient in the SMTP domain are stored. This folder can be used as a form of DOS attack in that a spammer can use a fake return email address at mycompany.com to spam thousands of guessed email recipients at theircompany.com, most of which are nonexistant recipients in that SMTP domain. theircompany.com SMTP server is going to send an NDR to the fake recipient at mycompany.com for each nonexistant recipeint in theircompany.com and you guessed it, stores a copy of each NDR message recieved from theircompany.com in the badmail folder and if you installed Exchange on the C: drive it will crash your server if you do not keep an eye on it. If you installed it on another drive it will only crash Exchange. This can double the trouble if theircomapny.com uses antispam to block your smtp domain, also loading up your queue folder with messages waiting to be accepted by the theircompany.com domain. I have been dealing with this for months now. I just created a simple batch file to clean the badmail folder out and keep an eye on the queue folder as normal maintanence. Also I am in the habbit of installing Exchange on a different drive or partition than the system drive or partition so I don't loose the whole server.

Tue, Jun 8, 2004 Dana Anonymous

Thanks a million !

Tue, Jun 8, 2004 Mark Seattle

I ran in to this problem the hard way earlier this year. My only recourse was to delete the bad mail files. I had to run delete command from a command line to free space up on the C drive. This utility would have saved me at lot of time. Bill thanks for exposing this great tool!

Tue, Jun 8, 2004 Bob Pittsburgh

I like this article. It addresses an administrative nuisance I've had for a long time. It is short, to the point and provides the tools to accomplish what it describes.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.