Example: search Exchange anti-spam log by recipients:
Get-AgentLog | where {$_.recipients -like "myuser@mydomain.com"}
Example: search Exchange anti-spam log by sender:
Get-AgentLog | where {$_.P1FromAddress -like "user@contoso.com" -or $_.P2FromAddresses -like "user@corp.com"}
What different from P1FromAddress and P2FromAddresses? Example in telnet command:
"helo me ehlo me mail from:P1FromAddress rcpt to:myuser@mydomain.com data mail from:P2FromAddresses subject:test1 . quit"
Example: search Exchange anti-spam log by sender domain:
Get-AgentLog | where {$_.P1FromAddress -like "*contoso.com" -or $_.P2FromAddress -like "*corp.com"}
Example: search Exchange anti-spam log by sender IP:
Get-AgentLog | where {$_.IPAddress -eq "7.7.7.7"}
Example: search Exchange anti-spam log by Reason: BlockListProvider:
Get-AgentLog | where {$_.Reason -eq "BlockListProvider"}
Example: search Exchange anti-spam log by Reason SclAtOrAboveQuarantineThreshold:
Get-AgentLog | where {$_.Reason -eq "SclAtOrAboveQuarantineThreshold"}
Example: search Exchange anti-spam log by Agent: Connection Filtering Agent:
Get-AgentLog | where {$_.Agent -eq "Connection Filtering Agent"}
Example: search Exchange anti-spam log by Agent: SenderID Agent:
Get-AgentLog | where {$_.Agent -eq "SenderID Agent"}
Example: search Exchange anti-spam log by Agent: Sender Filter Agent:
Get-AgentLog | where {$_.Agent -eq "Sender Filter Agent"}
Example: search Exchange anti-spam log by Agent: Recipient Filter Agent:
Get-AgentLog | where {$_.Agent -eq "Recipient Filter Agent"}
Example: search Exchange anti-spam log by Agent: Edge Rules Agent:
Get-AgentLog | where {$_.Agent -eq "Edge Rules Agent"}
And the mail report daily and weekly statistics:
Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.E2010 $HTMLReport = ".\report.html" $MailTo = "myuser@mydomain.com" $MailServer = "internal server ip" $MailFrom = "mystat@mydomain.com" $a1 = Get-AgentLog -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date) $a2 = $a1 | where { $_.Action -like "RejectMessage" -or $_.Action -like "RejectCommand" -or $_.Action -like "QuarantineMessage" } $a3 = $a1 | where { $_.Action -like "AcceptMessage" } $b1 = Get-AgentLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) $b2 = $b1 | where { $_.Action -like "RejectMessage" -or $_.Action -like "RejectCommand" -or $_.Action -like "QuarantineMessage" } $b3 = $b1 | where { $_.Action -like "AcceptMessage" } $Output = "<html> <body> <font size=""1"" face=""Arial,sans-serif""> <h3 align=""center"">Exchange Antispam Report</h3> <h5 align=""center"">Generated $((Get-Date).ToString())</h5> </font> <table border=""0"" cellpadding=""3"" style=""font-size:8pt;font-family:Arial,sans-serif""> <tr bgcolor=""#009900""> <th><font color=""#ffffff"">Recieved Messages per day:</font></th> <th><font color=""#ffffff"">Rejected Messages per day:</font></th> <th><font color=""#ffffff"">% Rejected Messages per day:</font></th> <th><font color=""#ffffff"">Accepted Messages per day:</font></th> <th><font color=""#ffffff"">% Accepted Messages per day:</font></th></tr> <tr bgcolor=""#dddddd""><th>$($a1.count)</th> <th>$($a2.count)</th> <th>$([math]::Round(($a2.count/$a1.count)*100))</th> <th>$($a3.count)</th> <th>$([math]::Round(($a3.count/$a1.count)*100))</th> </tr></table> <table border=""0"" cellpadding=""3"" style=""font-size:8pt;font-family:Arial,sans-serif""> <tr bgcolor=""#009900""> <th><font color=""#ffffff"">Recieved Messages per week:</font></th> <th><font color=""#ffffff"">Rejected Messages per week:</font></th> <th><font color=""#ffffff"">% Rejected Messages per week:</font></th> <th><font color=""#ffffff"">Accepted Messages per week:</font></th> <th><font color=""#ffffff"">% Accepted Messages per week:</font></th></tr> <tr bgcolor=""#dddddd""><th>$($b1.count)</th> <th>$($b2.count)</th> <th>$([math]::Round(($b2.count/$b1.count)*100))</th> <th>$($b3.count)</th> <th>$([math]::Round(($b3.count/$b1.count)*100))</th> </tr></table> </body></html>"; $Output | Out-File $HTMLReport Send-MailMessage -Attachments $HTMLReport -To $MailTo -From $MailFrom -Subject "Exchange Antispam Report" -BodyAsHtml $Output -SmtpServer $MailServer