背景
近期有一批钓鱼邮件进入组织,邮件网关没有成功拦截。只能邮件管理员人工删除一下。 但是这批钓鱼邮件发送的收件人既有个人邮箱,也有邮件组,这样就要区分出哪些是邮箱,哪些是邮件组,分别进行删除。
思路
通过脚本先对目标邮箱进行识别,针对不同类型分别执行删除命令或脚本。
步骤
- 首先从邮件网关里导出该主题邮件都发送了哪些邮箱。将其保存在文件mm.txt中。
- 通过脚本对文件中的每个邮箱进行识别,对邮箱进行search-mailbox删除,对组执行脚本删除。
脚本:delete_junk.ps1
Add-PSSnapin microsoft.exchange*
$data = Get-Content D:\mm.txt
$subject = "邮件主题"
foreach($i in $data){
$res = Get-ADObject -Filter {name -eq $i}
if ($res -ne $null){ #过滤掉不存在的邮箱
$type = (Get-ADObject -Filter {name -eq $i}).ObjectClass
if($type -eq 'user'){
Search-Mailbox -Identity $i -SearchQuery "subject:$subject" -DeleteContent -Force
}else{
D:\delete_email-from-group-parameter.ps1 $i $subject
}
}
- 组删除邮件脚本delete_email-from-group-parameter.ps1
<#
.SYNOPSIS
Query the type of a mailbox, delete an email from the mailbox.
.DESCRIPTION
Delete an email by command or .ps script.
.PARAMETER Group
The group name to delete email from it.
.PARAMETER Subject
.EXAMPLE
delete_email-from-group-parameter.ps1 it
#>
param (
[Parameter(Mandatory=$True)]
[string]$Group,
[Parameter(Mandatory=$False)]
[string]$Subject
)
Add-PSSnapin microsoft.exchange*
#$subject = $args[1]
$lists = New-Object -TypeName System.Collections.ArrayList
$lists.Add($group)
Function Get-RecureGroup(){
$temp = (Get-DistributionGroupMember -Identity $group | ? {$_.RecipientType -eq "MailUniversalDistributionGroup"}).Name
#Write-Output "$temp"
if($temp.Length -gt 0){
Foreach($i in $temp){
if ($lists -notcontains $i){
$lists.Add($i)
$group = $i
Get-RecureGroup
}
}
}
}
Get-RecureGroup
Write-Output "$lists"
Function Delete-Email(){
Foreach($dl in $lists){
Get-DistributionGroupMember $dl | ? {$_.RecipientType -eq "UserMailbox"} | Get-Mailbox |Search-Mailbox -SearchQuery "subject:$Subject" -DeleteContent -Force
}
}
Delete-Email
- 运行delete_junk.ps1 脚本即可完成。