Export (0) Print
Expand All

How to Export E-Mail Messages from a Queue to Replay Them Later in Exchange 2007

 

Topic Last Modified: 2009-03-19

This topic describes how to use the Exchange Management Shell in Microsoft Exchange Server 2007 to export e-mail messages from a message queue.

You may experience a situation in which an Exchange server that is configured as an open relay has been used to send unsolicited commercial e-mail (UCE), also known as spam, to the Internet. In this scenario, you may have to deal with the following issues:

  • You have a message queue that is filled with legitimate e-mail messages together with hundreds, thousands, or even hundreds of thousands of spam messages.

  • You cannot continue typical operations because the server will forward the spam messages to the Internet.

  • You must clear the message queues so that you can restore e-mail functionality to your organization as quickly as possible.

  • You must retain the e-mail messages from the queues so that you can later replay legitimate e-mail messages back into your messaging environment.

This topic is intended to help address these issues.

To perform the following procedures, the account you use must be delegated the following:

  • Exchange Server Administrator role and local Administrators group for the server

Additionally, there are certain things to consider when you perform the procedures that are described in this document.

  • You can export messages from the Exchange queues for later playback into Exchange. However, you cannot export messages from the Submission queue. To work around this issue, you can pause the Microsoft Exchange Transport service. This action allows the Submission queue to empty. However, depending on how many messages are queued, emptying the Submission queue could take a long time.

  • The procedure to extract legitimate e-mail messages from the message queue assumes that most of the spam messages are not addressed to recipients in your organization or are not from recipients in your organization. Therefore, the filters that are used to extract the messages are based on the domain or domains that your organization hosts. If spam messages are directed to or from your domains, you will export some spam messages together with legitimate e-mail messages.

To export e-mail messages from the Exchange 2007 queues, follow these general steps. (Each of these general steps is described in more detail later in this topic.)

  1. Pause the Microsoft Exchange Transport service.

  2. Suspend, and then export legitimate e-mail messages. To do this, use the following command:

    Get-Message <filter> | Suspend-Message | Export-Message -path <path>
    
  3. Stop the Microsoft Exchange Transport service.

  4. Rename the Queue folder.

  5. Start the Microsoft Exchange Transport service.

  6. Copy the exported messages into the Replay folder.

To pause the Microsoft Exchange Transport service
  1. Click Start, click Run, type services.msc, and then click OK.

  2. In the Services MMC snap-in, click Microsoft Exchange Transport, and then click Pause.

  3. Start the Exchange Management Console, and then click Toolbox.

  4. Under Mail Flow Tools, double-click Queue Viewer.

  5. Click the Queues tab, and then note the value that appears in the Message Count column for the Submission queue.

  6. Allow sufficient time for the message count to reach zero (0).

To suspend and then export legitimate e-mail messages
  1. Use Windows Explorer to create a destination folder for the exported e-mail messages. This folder must be created before you can export the messages successfully. The folder may be on a local hard disk drive or on a shared network drive.

  2. Start the Exchange Management Shell.

  3. At the shell prompt, export messages that have your domain specified in the From field. To do this, run the following command:

    Get-Message | where{$_.FromAddress -like "*@contoso.com"} | Suspend-Message | Export-Message -path <path>
    

    In this command, replace contoso.com with the appropriate domain and replace <path> with the path to which you want to export the messages, such as c:\export.

  4. At the shell prompt, export messages that have your domain specified in the To field. To do this, run the following command:

    Get-Message -IncludeRecipientInfo | where{$_.Recipients -like "*@contoso.com"} | Suspend-Message | Export-Message -path <path>
    
  5. Follow steps 2 through 3 for each domain for which your organization handles e-mail.

To stop the Microsoft Exchange Transport service
  1. Click Start, click Run, type services.msc, and then click OK.

  2. In the Services MMC snap-in, click Microsoft Exchange Transport, and then click Stop.

To rename the Queue folder
  1. Start Windows Explorer, and then locate the Queue folder. By default, this folder has the following path:

    C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue

  2. Right-click Queue, and then click Rename. Use a descriptive name, such as spam-Queue, to rename the folder.

  3. Start the Microsoft Exchange Transport service. The Microsoft Exchange Transport service automatically creates a new Queue folder together with the following files:

    • mail.que

    • tmp.edb

    • trn.chk

    • trn

    • trnres00001.jrs

    • trnres00002.jrs

    • trntmp

    Mail flow should now be successfully restored in the organization.

To replay the exported messages
  1. Use Windows Explorer to locate the Replay folder. By default, this folder has the following path:

    C:\Program Files\Microsoft\Exchange Server\TransportRoles\Replay

  2. Copy the messages that you exported earlier to the Replay folder.

By default, Exchange 2007 processes messages in the Replay folder at a rate of approximately 100 messages per minute. For more information about how to change the message processing rate and for more information about how to configure the Replay folder, see How to Configure the Replay Directory.

For more information about how to export and resubmit messages to Exchange, see How to Export and Resubmit Messages.

For more information, see the following topics:

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft