My work with products Microsoft Exchange, Lync, TMG, Powershell: Examples for search in Exchage anti-spam log and Report

Example: search Exchange anti-spam log by recipients:

Get-AgentLog | where {$_.recipients -like "myuser@mydomain.com"}

Example: search Exchange anti-spam log by sender:

Get-AgentLog | where {$_.P1FromAddress -like "user@contoso.com" -or $_.P2FromAddresses -like "user@corp.com"}

What different from P1FromAddress and P2FromAddresses? Example in telnet command:

"helo me
ehlo me
mail from:P1FromAddress
rcpt to:myuser@mydomain.com
data
mail from:P2FromAddresses
subject:test1
.
quit"

Example: search Exchange anti-spam log by sender domain:

Get-AgentLog | where {$_.P1FromAddress -like "*contoso.com" -or $_.P2FromAddress -like "*corp.com"}

Example: search Exchange anti-spam log by sender IP:

Get-AgentLog | where {$_.IPAddress -eq "7.7.7.7"}

Example: search Exchange anti-spam log by Reason: BlockListProvider:

Get-AgentLog | where {$_.Reason -eq "BlockListProvider"}

Example: search Exchange anti-spam log by Reason SclAtOrAboveQuarantineThreshold:

Get-AgentLog | where {$_.Reason -eq "SclAtOrAboveQuarantineThreshold"}

Example: search Exchange anti-spam log by Agent: Connection Filtering Agent:

Get-AgentLog | where {$_.Agent -eq "Connection Filtering Agent"}

Example: search Exchange anti-spam log by Agent: SenderID Agent:

Get-AgentLog | where {$_.Agent -eq "SenderID Agent"}

Example: search Exchange anti-spam log by Agent: Sender Filter Agent:

Get-AgentLog | where {$_.Agent -eq "Sender Filter Agent"}

Example: search Exchange anti-spam log by Agent: Recipient Filter Agent:

Get-AgentLog | where {$_.Agent -eq "Recipient Filter Agent"}

Example: search Exchange anti-spam log by Agent: Edge Rules Agent:

Get-AgentLog | where {$_.Agent -eq "Edge Rules Agent"}

And the mail report daily and weekly statistics:

Dowload spam_report.ps1

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.E2010
$HTMLReport = ".\report.html"
$MailTo = "myuser@mydomain.com"
$MailServer = "internal server ip"
$MailFrom = "mystat@mydomain.com"

$a1 = Get-AgentLog -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date)
$a2 = $a1 | where { $_.Action -like "RejectMessage" -or $_.Action -like "RejectCommand" -or $_.Action -like "QuarantineMessage" }
$a3 = $a1 | where { $_.Action -like "AcceptMessage" }

$b1 = Get-AgentLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date)
$b2 = $b1 | where { $_.Action -like "RejectMessage" -or $_.Action -like "RejectCommand" -or $_.Action -like "QuarantineMessage" }
$b3 = $b1 | where { $_.Action -like "AcceptMessage" }

$Output = "<html> 
<body> 
<font size=""1"" face=""Arial,sans-serif""> 
<h3 align=""center"">Exchange Antispam Report</h3> 
<h5 align=""center"">Generated $((Get-Date).ToString())</h5> 
</font> 
<table border=""0"" cellpadding=""3"" style=""font-size:8pt;font-family:Arial,sans-serif""> 
<tr bgcolor=""#009900""> 
<th><font color=""#ffffff"">Recieved Messages per day:</font></th> 
<th><font color=""#ffffff"">Rejected Messages per day:</font></th> 
<th><font color=""#ffffff"">% Rejected Messages per day:</font></th> 
<th><font color=""#ffffff"">Accepted Messages per day:</font></th> 
<th><font color=""#ffffff"">% Accepted Messages per day:</font></th></tr>
<tr bgcolor=""#dddddd""><th>$($a1.count)</th>
<th>$($a2.count)</th>
<th>$([math]::Round(($a2.count/$a1.count)*100))</th>
<th>$($a3.count)</th>
<th>$([math]::Round(($a3.count/$a1.count)*100))</th>
</tr></table>
<table border=""0"" cellpadding=""3"" style=""font-size:8pt;font-family:Arial,sans-serif""> 
<tr bgcolor=""#009900""> 
<th><font color=""#ffffff"">Recieved Messages per week:</font></th> 
<th><font color=""#ffffff"">Rejected Messages per week:</font></th> 
<th><font color=""#ffffff"">% Rejected Messages per week:</font></th> 
<th><font color=""#ffffff"">Accepted Messages per week:</font></th> 
<th><font color=""#ffffff"">% Accepted Messages per week:</font></th></tr>
<tr bgcolor=""#dddddd""><th>$($b1.count)</th>
<th>$($b2.count)</th>
<th>$([math]::Round(($b2.count/$b1.count)*100))</th>
<th>$($b3.count)</th>
<th>$([math]::Round(($b3.count/$b1.count)*100))</th>
</tr></table>
</body></html>";

$Output | Out-File $HTMLReport

Send-MailMessage -Attachments $HTMLReport -To $MailTo -From $MailFrom -Subject "Exchange Antispam Report" -BodyAsHtml $Output -SmtpServer $MailServer

My work with products Microsoft Exchange, Lync, TMG, Powershell

Friday, November 15, 2013

Examples for search in Exchage anti-spam log and Report

Example: search Exchange anti-spam log by recipients:

Example: search Exchange anti-spam log by sender:

Example: search Exchange anti-spam log by sender domain:

Example: search Exchange anti-spam log by sender IP:

Example: search Exchange anti-spam log by Reason: BlockListProvider:

Example: search Exchange anti-spam log by Reason SclAtOrAboveQuarantineThreshold:

Example: search Exchange anti-spam log by Agent: Connection Filtering Agent:

Example: search Exchange anti-spam log by Agent: SenderID Agent:

Example: search Exchange anti-spam log by Agent: Sender Filter Agent:

Example: search Exchange anti-spam log by Agent: Recipient Filter Agent:

Example: search Exchange anti-spam log by Agent: Edge Rules Agent:

And the mail report daily and weekly statistics:

No comments:

Post a Comment