0
点赞
收藏
分享

微信扫一扫

批量删除垃圾钓鱼邮件ps脚本

背景

近期有一批钓鱼邮件进入组织,邮件网关没有成功拦截。只能邮件管理员人工删除一下。 但是这批钓鱼邮件发送的收件人既有个人邮箱,也有邮件组,这样就要区分出哪些是邮箱,哪些是邮件组,分别进行删除。

思路

通过脚本先对目标邮箱进行识别,针对不同类型分别执行删除命令或脚本。

步骤

  • 首先从邮件网关里导出该主题邮件都发送了哪些邮箱。将其保存在文件mm.txt中。
  • 通过脚本对文件中的每个邮箱进行识别,对邮箱进行search-mailbox删除,对组执行脚本删除。

脚本:delete_junk.ps1

Add-PSSnapin microsoft.exchange*

$data = Get-Content D:\mm.txt
$subject = "邮件主题"
foreach($i in $data){
   $res = Get-ADObject -Filter {name -eq $i} 
   if ($res -ne $null){       #过滤掉不存在的邮箱
      $type = (Get-ADObject -Filter {name -eq $i}).ObjectClass
      if($type -eq 'user'){       
         Search-Mailbox -Identity $i -SearchQuery "subject:$subject" -DeleteContent -Force
       }else{
         D:\delete_email-from-group-parameter.ps1 $i $subject            
      } 
}

  • 组删除邮件脚本delete_email-from-group-parameter.ps1
<#
.SYNOPSIS
Query the type of a mailbox, delete an email  from the mailbox.

.DESCRIPTION
Delete an email by command or .ps script.

.PARAMETER  Group
The group name to delete email from it.

.PARAMETER  Subject

.EXAMPLE
delete_email-from-group-parameter.ps1  it
#>
param (
   [Parameter(Mandatory=$True)]
   [string]$Group,
   [Parameter(Mandatory=$False)]
   [string]$Subject
)

Add-PSSnapin microsoft.exchange*

#$subject = $args[1]
$lists =  New-Object -TypeName System.Collections.ArrayList
$lists.Add($group)

Function Get-RecureGroup(){
  $temp = (Get-DistributionGroupMember -Identity $group |  ? {$_.RecipientType -eq "MailUniversalDistributionGroup"}).Name
  #Write-Output "$temp"
  if($temp.Length -gt 0){
     Foreach($i in $temp){
        if ($lists -notcontains $i){
        $lists.Add($i)
        $group = $i 
        Get-RecureGroup   
        }
     }
  }
}

Get-RecureGroup
Write-Output "$lists"
Function Delete-Email(){
    Foreach($dl in $lists){
        Get-DistributionGroupMember $dl | ? {$_.RecipientType -eq "UserMailbox"} | Get-Mailbox |Search-Mailbox -SearchQuery "subject:$Subject" -DeleteContent -Force     
    }
}

Delete-Email
  • 运行delete_junk.ps1 脚本即可完成。
举报

相关推荐

0 条评论