SMTP Virtual Server Uncovered

by Amit Zinman [Published on 22 Aug. 2003 / Last Updated on 22 Aug. 2003]

Mastering the inner workings of Exchange 2000's SMTP service can be very useful when configuring servers to deal with mail problems such SPAM attacks and virus outbreaks. This article will provide some insight into better SMTP queue management to improve your ability to cope when your queues get swamped with spam and virus outbreaks.

The entire Exchange 2000 architecture is built as high end scalable system. However, for a lot of administrators this means some layers of complexity that are unneeded. Most administrators just want to see their SMTP queues but have to go through lots of drilling down to get to the right queue. They don't care that Exchange 2000 can host more than one SMTP virtual server and supports IMAP, POP3 and NNTP. This has, to some extent, been improved in Exchange 2003 where you have a decent, easy to view, queue manager.

Also, some of Exchange's architecture holds it back. Windows operating system, IIS and the Exchange Jet Engine sometimes find it difficult to operate in some scenarios. Of course, there are lots of large Exchange deployments out there, but are not that easy to maintain, and require special knowledge in order to provide true scalability. For small Exchange 2000 servers this might not be such an issue, until problems occur. Viruses, Spammers, DNS problems and the like can cause hundreds, sometimes thousands of e-mails to hog the SMTP queues and suddenly you are faced with a large scale epidemic that is not easy to solve.

Some knowledge of the inner workings of Exchange 2000's SMTP Virtual Server, IIS and NTFS is required. First of all, unlike mailbox and public folder items that are kept in a Jet database, the SMTP queue is simply a directory with files representing mail items in it. The default (when installing on drive C:\) is C:\Program Files\Exchsrvr\Mailroot\Vsi 1. Inside this directory you will find three directories: Pickup, Queue and Badmail. Pickup is where mail items are placed when a mail item is received from there a mail item is placed in the Queue directory. If Exchange doesn't know what to do with the mail item, after a while it is placed in the Badmail directory as an attachment of an Non Delivery (NDR) mail item.

Sometimes you would want to move the directories containing the queue, for example when you run out of disk space on drive C:\ or when installing Exchange on a cluster. In Exchange 2003 you can do this from the properties of the Default SMTP Virtual Server, by choosing the 'Messages' tab. From there, you can easily relocate the SMTP queue to a different location by using the browse button.

With Exchange 2000,  you need to use the Metaedit utility available on the Windows 2000 Resource Kit. "Windows 2000?", you might ask. Yes, because SMTP directories are part of IIS and the utility can also be used to change regular IIS settings. Basically, it has a similar function as the Registry Editor, only for IIS.

The advantages of having a file based queue is that you can view all the mail items in the queue using notepad or Outlook Express, or simply delete the items if you required. However, if for some reason too many mail items are in the queue, for example, due to Spam, it becomes a difficult task to delete items from the queue. I've had some customers who had configured their Exchange to be an open mail relay by mistake and have been heavily bombarded by Spam. When we stopped the server from being an open mail relay, much of the mail was stuck in the queue. Also, the server insisted on sending NDRs for all the mail it wouldn't accept due to the type of attack. We told the server not to send NDRs by changing the Global Settings, Internet Message Format, Default Properties Advanced settings, but by then it was too late – the mail queue was flooded with hundreds of items.

Also, if only a few queues exist, you can delete the queue and not send any NDRs, like this:

You can also choose Custom Filter if you know who sent the SPAM or to whom it was sent or when. You can also delete NDRs if they already exit (they are called Delivery failure here).

However, if you have lots of multiple queues this might not be as easy. Also, sometimes the queue could fill up as it did with our client so the SMTP Virtual Server would not start so we had to delete hundreds of files from the queue directory. Windows 2000 cannot handle this amount of files with Windows Explorer. One of the reasons is that Explorer tries to catalog all the files, determine their extension types, create an icon for them, etc. Trying to delete so many files could be a nightmare, and takes too long. To delete files from a flooded mail queue, I recommend to renaming the mailroot directory and creating a new one so the Exchange Virtual Server will be able to load.  Then, delete the files by using the command prompt. It still takes an awfully long time but less than with Explorer.

To conclude, although SMTP is usually configured well by default, the steps above might be useful when encountering problems that are becoming more common everyday. Some of the problems can be mitigated by using a mail relay but, not getting into specific products, most mail relays use similar mechanisms to transfer mail (File based queues, etc) and you would still need to know the techniques mentioned above when Internet mail troubles come knocking on your doorsteps.

See Also

Advertisement

Featured Links