Exchange 2013及以后的版本推崇Powershell Command 来管理Exchange, 这样一来算是提高了一点运维人员的入门难度吧, 但是ECP 仍然可以完成大部分的日常工作, 一些批量化, 定制化的操作则鸡肋了很多
在此分享一下日常维护Exchange 接收连接器白名单的一个脚本, 提高工作效率
注: 核心代码需要根据企业场景适当调整
$receives = $smtplist | ?{ $_.Identity -like "$Server\$AuthType" -or $_.Identity -like "$Server\$AuthType TLS" }
#region Update SMTP whitelist
function New-IPRange ($Start, $End)
{
$ip1 = ([System.Net.IPAddress]$start).GetAddressBytes()
[Array]::Reverse($ip1)
$ip1 = ([System.Net.IPAddress]($ip1 -join '.')).Address
$ip2 = ([System.Net.IPAddress]$end).GetAddressBytes()
[Array]::Reverse($ip2)
$ip2 = ([System.Net.IPAddress]($ip2 -join '.')).Address
for ($x = $ip1; $x -le $ip2; $x++)
{
$ip = ([System.Net.IPAddress]$x).GetAddressBytes()
[Array]::Reverse($ip)
$ip -join '.'
}
}
Function Update-SMTPWhiteList
{
[CmdletBinding()]
param
(
[parameter (Mandatory = $true)]
[ValidateSet ("Authtication", "Anonymous")]
$AuthType,
[parameter (Mandatory = $true)]
[ValidateSet (25, 587)]
$Port,
[parameter (Mandatory = $true)]
[String[]]$IPAddress,
[parameter (Mandatory = $true)]
[ValidateSet ("Add", "Remove")]
$Action,
[parameter (Mandatory = $true)]
$Server
)
$applyipaddress = $IPAddress
$smtplist = Get-TransportService -Identity $Server | Get-ReceiveConnector | ?{ $_.Bindings.Port -eq $Port }
$receives = $smtplist | ?{ $_.Identity -like "$Server\$AuthType" -or $_.Identity -like "$Server\$AuthType TLS" }
$IPRanges = $receives[0].RemoteIPRanges
$IPList = @()
foreach ($range in $IPRanges)
{
if ($range.RangeFormat -ne 'SingleAddress')
{
$GetIPRange = New-IPRange -Start $range.LowerBound.ToString() -End $range.UpperBound.ToString()
$IPList += $GetIPRange
}
else
{
$IPList += $range.LowerBound.ToString()
}
}
foreach ($ip in $applyipaddress)
{
if ($ip -in $IPList)
{
Write-Host "The IPAddress already in the target receive connector list or In the IP ranges" -ForegroundColor Red
}
else
{
foreach ($receive in $receives)
{
if ($Action -eq 'Add')
{
foreach ($ip in $applyipaddress)
{
$receive.RemoteIPRanges += $ip
}
}
else
{
foreach ($ip in $applyipaddress)
{
$receive.RemoteIPRanges -= $ip
}
}
try
{
Set-ReceiveConnector $receive.Identity.ToString() -RemoteIPRanges $receive.RemoteIPRanges -ErrorAction Stop
if ($Action -eq 'Add')
{
Write-Host "Add $ip into $Port with $AuthType Success" -ForegroundColor Green
}
else
{
Write-Host "Remove $ip from $Port with $AuthType Success" -ForegroundColor Green
}
}
catch
{
$errormsg = $_.exception.message
$error01 = 'is already present in the collection'
$error02 = 'conflict with the settings on Receive connector'
switch ($errormsg)
{
{ $_ -match $error01 }{ Write-Host "This IP address has already exist $AuthType $Port connector" -ForegroundColor Red }
{ $_ -match $error02 }{ Write-Host "This IP address conflict on $Port port connector" -ForegroundColor Red }
Default { Write-Host "Unknown Error !" }
}
break
}
}
}
}
}
#endregion