Stay above the SMTP queue floods

There are many reasons why SMTP queues become clogged, but the primary reason is spam.

If your Exchange Server is configured to act as an open mail relay, then your SMTP queues will be constantly filled with thousands of messages. Likewise, if someone is simply bombarding your organization with spam, the queues will tend to fill up as well. Not only does the in-bound spam consume space in the queue, but if your server is configured to generate non-delivery reports (NDRs) when spam is sent to an invalid e-mail address within your organization, then those NDRs will also consume space within the queue.

It is completely normal for your SMTP queues to have messages in them. Normally these messages won't cause a problem. What does cause a problem, though, is when messages come into the queue faster than they can be processed and the mail flow never eases up enough to allow the server time to catch up. In this situation, it's only a matter of time before the disk volume housing the SMTP queues runs out of space.

To understand how to combat SMTP queue flooding problems, you need to understand about the anatomy of an SMTP queue. As you probably know, just about everything in Exchange is database driven. This isn't the case with the SMTP queues. An SMTP queue is nothing more than a folder on the hard disk. Each message within the queue exists as an individual file within the folder.

By default, the SMTP queue is located at \Program Files\exchsrvr\Mailroot\vsi 1\. This folder contains three sub folders: BadMail, Pickup and Queue. When a message is initially received, it is placed in the PickUp folder. Exchange then determines whether or not it knows what to do with the message. If the message is valid, it is placed in...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Spam and virus protection How to install Forefront Security for Exchange Server Block Web beacons and protect OWA users from spam Controlling spam in Exchange 2007 at the edge transport server level How file-level antivirus software can harm your Exchange Server Problems with email spoofing on SBS 2003 Exchange Insider e-zine Securing your Exchange Server 2007 journaling archives Troubleshooting Outlook Web Access issues on a 64-bit system Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 Spam and virus protection Research Exchange Security Tips How to install Forefront Security for Exchange Server Is full email encryption the solution to Exchange security? Lock down direct file access and protect OWA users Controlling spam in Exchange 2007 at the edge transport server level When to use a self-signed certificate with Exchange Server 2007 Obtaining and verifying SSL certificates in Exchange Server How file-level antivirus software can harm your Exchange Server Understanding Exchange Server 2007 SP1 mobile security settings Which ActiveSync authentication method is best for your mobile device? Why you should secure Exchange 2007 using administrative policies Email Protocols Exchange Mailbag: POP3 settings and Outlook issues Preventing duplicate SMTP addresses on Exchange Email issues after configuring hosted Exchange server on laptop Looking for a hosted Exchange provider that allows email auditing Problems receiving email from outside a Exchange Server 2003 domain Exchange Server 2003 collects email from only specific POP3 domains Changing email address formats in Exchange Server 2003 Stop personal calendar appointments from showing on Exchange Server Exchange users receiving email addressed to legacy users Email mistakenly marked as 'read' when received on BlackBerry devices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter spam  (SearchExchange.com) greylist  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) Vouch by Reference (VBR)  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

the Queue folder. If the message is invalid, it is attached to an NDR and placed in the BadMail folder. (Remember that Exchange 2003 Service Pack 1 disables the BadMail folder in the interest of reducing the effects of spam.)

Determine what's causing the jam-up
So what do you do if your SMTP queues get all jammed up? First determine whether or not the queue is jammed with spam and spam-related NDRs or if it's clogged with legitimate mail. If the queue is clogged with legitimate mail, then your best bet is to move the queue to a disk volume that offers more space and better performance.

In Exchange Server 2003, you can change the queue directory directly through System Manager. To do so, open System Manager and navigate to Administrative Groups | your administrative group | Servers | your server | Protocols | SMTP | Default SMTP Virtual Server. Right click on the Default SMTP Virtual Server container and select the Properties command from the resulting shortcut menu. When you do, you will see the virtual SMTP server's properties sheet. The Properties sheet's Messages tab contains the options for moving the queue directory. If you have Exchange 2000 Server, this option does not exist. Instead, you will have to use the IIS Metabase Editor to move the queue.

If your SMTP queues are all jammed up because of spam, then I recommend beginning on the SMTP Virtual Server's properties sheet. First, use the Relay button on the Access tab to verify that the Mail Relay feature is disabled. Next, close the Default SMTP Virtual Server's properties sheet. Navigate to Global Settings | Internet Message Formats. Right click on the default Internet message format (in the pane to the right) and select the Properties command from the resulting shortcut menu. This will cause Windows to display the Default Properties sheet. Select the Advanced tab and clear the Allow Non Delivery Reports check box.

How to clear the queue – now
The steps that I have shown you so far will help prevent too much mail from building up in the queue in the future, but there is still the matter of clearing the queue right now. You can manually clear the queue by deleting the files contained in the queue folder. If you choose to go that route though, there are two things to keep in mind. First, you may delete legitimate SMTP mail in the process. Second, the deletion will take forever if you use Windows Explorer. Deleting files from the queue will still take a long time, but will happen much more quickly if done through a command prompt window instead of Windows Explorer.

If you are using Exchange 2003 then you can clear the queue directly through system manager. Navigate to the Queues folder beneath the Default SMTP Virtual Server, right click on the queue that you want to clear, and select the Delete All Messages (No NDR) command from the resulting shortcut menu.

If you really get desperate, Microsoft has a tool called aqadmcli.exe that can be used to manipulate SMTP queues from a command line. The tool was originally designed for internal Exchange testing, but is available for outside use. The only way to get this tool is to call Microsoft's Product Support Service and ask for it. Microsoft's policy if you call Product Support Service is to ask for a credit card number, but to not actually charge the credit card if you are simply asking to download a support tool.

As you can see, there are a variety of situations that can cause an SMTP queue to become flooded. However, it is usually fairly easy to clear the flooded queue so that your server can continue to function normally.

Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at www.brienposey.com.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.