When IIS SMTP service encounters delivery failures due to relay security misconfigurations, emails get quarantined in the Badmail folder (typically located at C:\Inetpub\mailroot\Badmail). These are .BAD files containing the original message and an .BDQ file with delivery failure details.
For immediate recovery, follow these steps:
1. Navigate to the Badmail directory:
cd C:\Inetpub\mailroot\Badmail
2. Identify files with matching timestamps:
*.BAD - Message content
*.BDQ - Delivery failure details
3. Copy .BAD files to the Pickup folder:
copy *.BAD C:\Inetpub\mailroot\PickupFor bulk processing or recurring issues, use this PowerShell script:
# IIS SMTP Badmail Recovery Script
$badmailPath = "C:\Inetpub\mailroot\Badmail"
$pickupPath = "C:\Inetpub\mailroot\Pickup"
Get-ChildItem -Path $badmailPath -Filter "*.bad" | ForEach-Object {
try {
$destination = Join-Path -Path $pickupPath -ChildPath $_.Name
Move-Item -Path $_.FullName -Destination $destination
Write-Host "Resent: $($_.Name)"
}
catch {
Write-Warning "Failed to resend $($_.Name): $_"
}
}Modify relay restrictions in IIS SMTP settings:
1. Open IIS Manager
2. Navigate to SMTP Virtual Server properties
3. Access "Access" tab → "Relay" button
4. Add authorized IP ranges or domains
5. Enable "Allow all computers..." if internal relay onlyExamine SMTP logs (%WinDir%\System32\LogFiles\SMTPSVC1) to identify patterns:
# Sample log parser for relay errors
Select-String -Path "C:\Windows\System32\LogFiles\SMTPSVC1\*.log" -Pattern "550 5.7.1" |
Group-Object -Property Line |
Sort-Object -Property Count -DescendingSometimes restarting the service resolves temporary relay issues:
net stop SMTPSVC
net start SMTPSVCWhen Microsoft IIS SMTP server fails to deliver messages due to relay security restrictions or other errors, it moves them to the Badmail folder (typically located at C:\inetpub\mailroot\Badmail). These are dead-letter emails that won't be automatically retried.
Here are two technical approaches to handle this:
1. Using SMTP Pickup Directory
IIS can resend emails by placing properly formatted .eml files in the Pickup folder. Here's a PowerShell script to automate badmail processing:
# PowerShell: Convert badmail files to pickup format
$badmailPath = "C:\inetpub\mailroot\Badmail"
$pickupPath = "C:\inetpub\mailroot\Pickup"
Get-ChildItem $badmailPath -Filter *.bad | ForEach-Object {
$newName = [System.IO.Path]::ChangeExtension($_.Name, ".eml")
$content = Get-Content $_.FullName -Raw
# Fix missing headers if needed
if (-not $content.Contains("From:")) {
$content = "From: sender@domain.comrn" + $content
}
$content | Out-File (Join-Path $pickupPath $newName) -Encoding ASCII
Remove-Item $_.FullName
}2. Direct SMTP Resend via API
For programmatic control, use .NET's System.Net.Mail:
// C#: Parse and resend badmail messages
using System.Net.Mail;
using System.IO;
string badmailDir = @"C:\inetpub\mailroot\Badmail";
foreach (var file in Directory.GetFiles(badmailDir, "*.bad"))
{
var message = new MailMessage();
message.From = new MailAddress("resender@yourdomain.com");
// Parse recipients from original file
var lines = File.ReadAllLines(file);
foreach (var line in lines.Where(l => l.StartsWith("To:")))
{
message.To.Add(line.Substring(3).Trim());
}
// Attach original content as attachment
message.Attachments.Add(new Attachment(file));
// Send via SMTP client
using (var client = new SmtpClient("localhost"))
{
try {
client.Send(message);
File.Delete(file); // Remove if successful
} catch (SmtpException ex) {
File.Move(file, Path.Combine(badmailDir, "retry_failed_" + Path.GetFileName(file)));
}
}
}- Relay Configuration: Ensure
IIS SMTP Virtual Server > Access > Relayincludes your authorized IPs - Queue Monitoring: Implement scheduled tasks to monitor queue folders
- Error Handling: Add application-level retry logic before handing off to SMTP
For enterprise scenarios, consider:
- SMTP Log Analyzer: Parses IIS logs to identify delivery patterns
- MailEnable: Professional SMTP service with better queue management