Messages Going to Badmail without a reason
KenCraft
I've got a Small Business Server 2003 system setup running Exchange
2003. For the most part everything runs fine, and has for awhile now.
Recently, we've noticed a problem with attachments not reaching
recipients and upon tracking them, find that they've been routed to
badmail without an NDR.
The Tracking messages read like this:
3/21/2008: 4:44pm SMTP: Message Submitted to Advanced Queuing
3/21/2008: 4:44pm SMTP: Started Message Submission to Advanced Queue
3/21/2008: 4:44pm SMTP: Message Sent to Badmail
There is no NDR sent, there is no file in Badmail. I've tried
increasing limits throughout the system, user, global, connector and
virtual server limits.... I'm beating my head against the wall.
It does not happen on all emails... Earlier today we had someone send
a 4MB attachment, that message was never received. The same sender and
the same reciever, a 5MB file was sent 2 minutes later and that file
was delivered normally....
Any ideas on what I need to check would be very helpful.
Thanks,
Ken
Jamestechman
look at the delivery failure message. Keep in eye on the badmail so it
does not fill up. Also you can crank up diagnostic logging for SMTP
and msexchangetransport.
MaxBadMailFolderSize (Set this from 0 to a value) Article below shows
the registry key
The Badmail folder is disabled in Exchange Server 2003 SP1
http://support.microsoft.com/kb/884068
Exchange 2000 Diagnostics Logging
http://www.msexchange.org/tutorials/Diagnostics-Logging.html
James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com
![Rich Matheisen [MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Rich Matheisen [MVP]
[ snip ]
>The Tracking messages read like this:
>
>3/21/2008: 4:44pm SMTP: Message Submitted to Advanced Queuing
>3/21/2008: 4:44pm SMTP: Started Message Submission to Advanced Queue
>3/21/2008: 4:44pm SMTP: Message Sent to Badmail
>
>There is no NDR sent, there is no file in Badmail.
The reason a message would be sent to the badmail directory is that it
could not be delivered and the NDR couldn't be delivered, either.
As someone else already pointed out, the use of the badmail directory
was stopped in SP1.
[ snip ]
>Any ideas on what I need to check would be very helpful.
Assuming the sender of those emails was in your AD and had a valid
mailbox, the NDR should have been sent. But if the sender is using a
SMTP clinet it's reall easy to spoof the sender's address.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.p...@getronics.com
Or to these, either: mailto:h.p...@pinkroccade.com mailto:melvin.mcp...@getronics.com mailto:melvin.mcp...@pinkroccade.com
KenCraft
<richn...@rmcons.com.NOSPAM.COM> wrote:
> KenCraft <kwcr...@gmail.com> wrote:
>
> [ snip ]
>
> >The Tracking messages read like this:
>
> >3/21/2008: 4:44pm SMTP: Message Submitted to Advanced Queuing
> >3/21/2008: 4:44pm SMTP: Started Message Submission to Advanced Queue
> >3/21/2008: 4:44pm SMTP: Message Sent to Badmail
>
> >There is no NDR sent, there is no file in Badmail.
>
> The reason a message would be sent to the badmail directory is that it
> could not be delivered and the NDR couldn't be delivered, either.
>
> As someone else already pointed out, the use of the badmail directory
> was stopped in SP1.
>
> [ snip ]
>
> >Any ideas on what I need to check would be very helpful.
>
> Assuming the sender of those emails was in your AD and had a valid
> mailbox, the NDR should have been sent. But if the sender is using a
> SMTP clinet it's reall easy to spoof the sender's address.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
I had turned on the badmail feature after I posted this. I found one
message that was sent to badmail and it looks like an NDR for a 9MB
email. It says the email is to large for the server, which doesn't
make any sense.
I found documentation in the past about SBS2003 exchange runs
different than a regular exchange server when it comes to limiting
file sizes... I can't find that document again, so I'm wondering if it
were true or not. That document said to limit using the SMTP Virtual
Server, not the Connector. It said to leave the connector at its
default... On Microsofts site I found a doc telling me there are 4
size limits for email... I've bumped all of them up high enough to
accept 50MB files, but that doesn't seem to help.
- A new problem arose yesterday... Someone sending from a Yahoo
account DID receive an NDR for an 18MB file. That NDR said :
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
Reporting-MTA: dns;our-domain.com
Received-From-MTA: dns;web50405.mail.re2.yahoo.com
Arrival-Date: Tue, 25 Mar 2008 08:31:52 -0400
But that is all...
note: I replaced our domain name with our-domain.com to avoid incoming
spam.
Thanks
Ken
Rich Matheisen [MVP]
[ snip ]
>I had turned on the badmail feature after I posted this. I found one
>message that was sent to badmail and it looks like an NDR for a 9MB
>email. It says the email is to large for the server, which doesn't
>make any sense.
>
>I found documentation in the past about SBS2003 exchange runs
>different than a regular exchange server when it comes to limiting
>file sizes...
SBS may have tweaked some configuration settings and given you wizards
to help set things up, but Exchange is still Exchange.
>I can't find that document again, so I'm wondering if it
>were true or not. That document said to limit using the SMTP Virtual
>Server, not the Connector.
It's easy enough to check what you SMTP VS is set to:
telnet <your-server> 25
EHLO <your-domain>
You'll get back a series of keywords and values that you server will
use and/or accept. The one you're looking for is "250-SIZE
<some-number>". That's the size (in bytes) of the largest message your
SMTP server will accept.
Of course, if the sender only uses SMTP (not ESMTP) they'll send the
whole message to your server which will then send a NDR to the sender.
The NDR will contain the original email.
>It said to leave the connector at its
>default...
The SMTP Connector should, usually, have the same value as the SMTP
VS. There are exceptions to this, but in a single-server Exchange
organization I don't think any apply.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.p...@getronics.com
Or to these, either: mailto:h.p...@pinkroccade.com mailto:melvin.mcp...@getronics.com mailto:melvin.mcp...@pinkroccade.com
KenCraft
<richn...@rmcons.com.NOSPAM.COM> wrote:
Thanks for the response Rich.
The EHLO response I received was :
size: 209715200
That translates to 200MB which should be more than sufficient for
them.
Yesterday I worked for about 3 hours on the second issue, where the
sender actually received a response. Turned out she was sending a 22MB
file, and I had set one of the limits to 20MB. I increased that
yesterday and sent the same file 4 times to test and all 4 times it
transfered perfectly.
I got in this morning, checked the "Badmail" folder and found a 23MB
file sitting there. The time it came in does not correlate with the
log, I actually could not find this message in the log file... So I'm
stumped. The server is being selective, and I don't know what the
criteria is for it to dump a large message into the badmail folder.
Thanks,
Ken
KenCraft
>
> - Show quoted text -
I have 4 more items in badmail now... Neither log file is showing
them.. 2 are 2MB files 1 is 6MB and the 4th is 4MB....
I'm really having trouble figuring out why this is happening.
thanks,
Ken
Jamestechman
Practice Analzyer so it can examine your limits configured.
Global
Connector
SMTP Virtual Server
Mailbox (For the users in question)
How to set size limits for messages in Exchange Server
http://support.microsoft.com/kb/322679
James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com
KenCraft
> What is your limits set for each place? Also can you run Exchange Best
> Practice Analzyer so it can examine your limits configured.
>
> Global
> Connector
> SMTP Virtual Server
> Mailbox (For the users in question)
>
>
> - Show quoted text -
40960 global
204800 for the Virtual Server
204800 for the Connector
102400 for the Users (All users are set the same)
Best Practices shows 0 issues...
I just got a report and found another file made its way to badmail
with no NDR... And no reason why it went there. The user forwarded me
the original email as an attachment, and it came through fine along
with the attachment... I must be looking in the wrong place... Should
I try re-running the service pack?
Thanks,
Ken
Rich Matheisen [MVP]
[ snip ]
>I have 4 more items in badmail now... Neither log file is showing
>them.. 2 are 2MB files 1 is 6MB and the 4th is 4MB....
>
>I'm really having trouble figuring out why this is happening.
You need to stop obsessing over message sizes. Find out why the
messages are in the badmail directory. Have a look at the contents of
the three files for each of the messages. One of them is the MTA
report that will tell you why the message was rejected. That was
supposed to inform the sender.
The messages are in the badmail directory because the DSN can't be
delivered. I think you're assuming that the original NDR was becasue
the message size was a problem, but /assuming/ isn't a good idea. I
also think you're /assuming/ that the reason you find the message in
the badmail directory is becasue of its size. That may not be the
case. It may be that the server that /should/ receive the NDR simply
doesn't accept mail for the "null sender" (the address in the MAIL
FROM command that all DSN's use is just "<>"), and that's a problem
beyond your control. It may also be that the sender's address is
forged -- it doesn't really exist. This is also a problem beyond your
control. You need to have a look at the reason the DSN's are being
sent, and then go to the SMTP protocol log and find the reason why. It
may be something as simple as the message retry time has expired.
And just to make you feel better (maybe), the reason MS disabled the
use of badmail was that it was causing too many people to thing that
they had a problem when, in fact, the problem lay elsewhere. I, for
one, was grateful when badmail collection was stopped. I used to have
hundreds of megabytes of messages in badmail every day -- all from
forged addresses. It wasn't pretty.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.p...@getronics.com
Or to these, either: mailto:h.p...@pinkroccade.com mailto:melvin.mcp...@getronics.com mailto:melvin.mcp...@pinkroccade.com
Rich Matheisen [MVP]
[ snip ]
>40960 global
>204800 for the Virtual Server
>204800 for the Connector
>102400 for the Users (All users are set the same)
Don't you think that's a bit nonsensical? Messages you accept at your
gateway (200MB) can't be delivered because they exceed the global
limitation (40MB)?
Is the 100MB limit on the mailboxes for sending, receiving, or both?
>Best Practices shows 0 issues...
>
>I just got a report and found another file made its way to badmail
>with no NDR...
The reason it's in the badmail directory is /because/ the NDR couldn't
be delivered.
>And no reason why it went there.
You'll find the MTA report in one of the three files for the
message-id.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.p...@getronics.com
Or to these, either: mailto:h.p...@pinkroccade.com mailto:melvin.mcp...@getronics.com mailto:melvin.mcp...@pinkroccade.com
KenCraft
<richn...@rmcons.com.NOSPAM.COM> wrote:
> KenCraft <kwcr...@gmail.com> wrote:
>
> [ snip ]
>
> >40960 global
> >204800 for the Virtual Server
> >204800 for the Connector
> >102400 for the Users (All users are set the same)
>
> Don't you think that's a bit nonsensical? Messages you accept at your
> gateway (200MB) can't be delivered because they exceed the global
> limitation (40MB)?
>
> Is the 100MB limit on the mailboxes for sending, receiving, or both?
>
> >Best Practices shows 0 issues...
>
> >I just got a report and found another file made its way to badmail
> >with no NDR...
>
> The reason it's in the badmail directory is /because/ the NDR couldn't
> be delivered.
>
> >And no reason why it went there.
>
> You'll find the MTA report in one of the three files for the
> message-id.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
Thanks for the reply. I am definately on-board with the "not being a
file size issue" statements. And thanks for pointing out the 40MB
global, 100Mb+ everything else, I didn't think about that, just so
frustrated with this issue that I did what I could to get the files to
flow and that seemed to do it, so I left it.
As for the 3 files in badmail, 2 of them are hard to read, the third
is the actual message so I don't know what I'm looking at to find the
MTA report. This is just an inexperience issue. I did however get the
time of the email from the .bad file, looked in the log, but couldn't
find it anywhere in the log.
Is it possible for me to send you the 3 files, or snippets of and for
you to point out what I should be looking for? I know this might be a
huge task to ask, but I am slamming my head into a wall trying to
solve it and my lack of knowledge is really slowing me down.
Thanks,
Ken
Rich Matheisen [MVP]
[ snip ]
>Thanks for the reply. I am definately on-board with the "not being a
>file size issue" statements. And thanks for pointing out the 40MB
>global, 100Mb+ everything else, I didn't think about that, just so
>frustrated with this issue that I did what I could to get the files to
>flow and that seemed to do it, so I left it.
>
>As for the 3 files in badmail, 2 of them are hard to read, the third
>is the actual message so I don't know what I'm looking at to find the
>MTA report. This is just an inexperience issue. I did however get the
>time of the email from the .bad file, looked in the log, but couldn't
>find it anywhere in the log.
>
>Is it possible for me to send you the 3 files, or snippets of and for
>you to point out what I should be looking for?
Put 'em in a zip file and send as an attachment. I won't get to them
until tomorrow night, though.
IIRC, the files are in UTF8, so their ugly to look at.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.p...@getronics.com
Or to these, either: mailto:h.p...@pinkroccade.com mailto:melvin.mcp...@getronics.com mailto:melvin.mcp...@pinkroccade.com
KenCraft
<richn...@rmcons.com.NOSPAM.COM> wrote:
> KenCraft <kwcr...@gmail.com> wrote:
>
> [ snip ]
>
> >Thanks for the reply. I am definately on-board with the "not being a
> >file size issue" statements. And thanks for pointing out the 40MB
> >global, 100Mb+ everything else, I didn't think about that, just so
> >frustrated with this issue that I did what I could to get the files to
> >flow and that seemed to do it, so I left it.
>
> >As for the 3 files in badmail, 2 of them are hard to read, the third
> >is the actual message so I don't know what I'm looking at to find the
> >MTA report. This is just an inexperience issue. I did however get the
> >time of the email from the .bad file, looked in the log, but couldn't
> >find it anywhere in the log.
>
> >Is it possible for me to send you the 3 files, or snippets of and for
> >you to point out what I should be looking for?
>
> Put 'em in a zip file and send as an attachment. I won't get to them
> until tomorrow night, though.
>
> IIRC, the files are in UTF8, so their ugly to look at.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
Sorry for not getting back to you on this. Got sidetracked from the
problem.
I checked all 3 files, and then checked 3 of the files from a spam
message that was sent to badmail... The MTA section on the problem
files is not there. I found it easily on the spam messages, and its
very clear why they were blocked. There is no MTA section in the files
associated with the files we're trying to send.
Wasn't sure if I was clear on this earlier or not, so just to clarify:
When an Internal user sends email to both external and internal users,
messages that have attachments will sometimes be sent to badmail
without returning an NDR, and the user doesn't know this has happened
until later in the day when he asks the recipients if they've received
them or not. The server that "Should" return an NDR to our internal
user is our own server. A few of these files were just internal only
and they never made it to the user, and the sender never received an
NDR.
Thanks,
Ken
Rich Matheisen [MVP]
[ snip ]
>When an Internal user sends email to both external and internal users,
>messages that have attachments will sometimes be sent to badmail
>without returning an NDR,
There was no NDR sent because the NDR was undeliverable. That's why
the message is in the badmail directory and not in the user's mailbox.
>and the user doesn't know this has happened
>until later in the day when he asks the recipients if they've received
>them or not. The server that "Should" return an NDR to our internal
>user is our own server. A few of these files were just internal only
>and they never made it to the user, and the sender never received an
>NDR.
By "internal only" do you mean that the sender and recipient are on
the same server? Or are they on different servers in the same routing
group? Or on servers in different routing groups?
SMTP isn't used to deliver email between users on the same server.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.p...@getronics.com
Or to these, either: mailto:h.p...@pinkroccade.com mailto:melvin.mcp...@getronics.com mailto:melvin.mcp...@pinkroccade.com
KenCraft
<richn...@rmcons.com.NOSPAM.COM> wrote:
> KenCraft <kwcr...@gmail.com> wrote:
>
> [ snip ]
>
> >When an Internal user sends email to both external and internal users,
> >messages that have attachments will sometimes be sent to badmail
> >without returning an NDR,
>
> There was no NDR sent because the NDR was undeliverable. That's why
> the message is in the badmail directory and not in the user's mailbox.
>
> >and the user doesn't know this has happened
> >until later in the day when he asks the recipients if they've received
> >them or not. The server that "Should" return an NDR to our internal
> >user is our own server. A few of these files were just internal only
> >and they never made it to the user, and the sender never received an
> >NDR.
>
> By "internal only" do you mean that the sender and recipient are on
> the same server? Or are they on different servers in the same routing
> group? Or on servers in different routing groups?
>
> SMTP isn't used to deliver email between users on the same server.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
Sorry for the long delay in response (wife had a baby). The users are
on the same server.
I have only seen the issue on messages that have multiple recipients
though, if its just one recipient, the message goes through everytime.
If there are multiple recipients, theres a 50% chance it will die.
None of the recipients will receive it.
thanks,
Ken