Powershell 更新Exchange接收连接器白名单

Exchange 2013及以后的版本推崇Powershell Command 来管理Exchange, 这样一来算是提高了一点运维人员的入门难度吧, 但是ECP 仍然可以完成大部分的日常工作, 一些批量化, 定制化的操作则鸡肋了很多

在此分享一下日常维护Exchange 接收连接器白名单的一个脚本, 提高工作效率

注: 核心代码需要根据企业场景适当调整

​$receives = $smtplist | ?{ $_.Identity -like "$Server\$AuthType" -or $_.Identity -like "$Server\$AuthType TLS" }

#region Update SMTP whitelist
function New-IPRange ($Start, $End)
{
  $ip1 = ([System.Net.IPAddress]$start).GetAddressBytes()
  [Array]::Reverse($ip1)
  $ip1 = ([System.Net.IPAddress]($ip1 -join '.')).Address
  $ip2 = ([System.Net.IPAddress]$end).GetAddressBytes()
  [Array]::Reverse($ip2)
  $ip2 = ([System.Net.IPAddress]($ip2 -join '.')).Address
  
  for ($x = $ip1; $x -le $ip2; $x++)
  {
    $ip = ([System.Net.IPAddress]$x).GetAddressBytes()
    [Array]::Reverse($ip)
    $ip -join '.'
  }
}
Function Update-SMTPWhiteList
{
  [CmdletBinding()]
  param
  (
    [parameter (Mandatory = $true)]
    [ValidateSet ("Authtication", "Anonymous")]
    $AuthType,
    [parameter (Mandatory = $true)]
    [ValidateSet (25, 587)]
    $Port,
    [parameter (Mandatory = $true)]
    [String[]]$IPAddress,
    [parameter (Mandatory = $true)]
    [ValidateSet ("Add", "Remove")]
    $Action,
    [parameter (Mandatory = $true)]
    $Server
  )
  
  $applyipaddress = $IPAddress
  $smtplist = Get-TransportService -Identity $Server | Get-ReceiveConnector | ?{ $_.Bindings.Port -eq $Port }
  $receives = $smtplist | ?{ $_.Identity -like "$Server\$AuthType" -or $_.Identity -like "$Server\$AuthType TLS" }
  $IPRanges = $receives[0].RemoteIPRanges
  $IPList = @()
  foreach ($range in $IPRanges)
  {
    if ($range.RangeFormat -ne 'SingleAddress')
    {
      $GetIPRange = New-IPRange -Start $range.LowerBound.ToString() -End $range.UpperBound.ToString()
      $IPList += $GetIPRange
    }
    else
    {
      $IPList += $range.LowerBound.ToString()
    }
  }
  foreach ($ip in $applyipaddress)
  {
    if ($ip -in $IPList)
    {
      Write-Host "The IPAddress already in the target receive connector list or In the IP ranges" -ForegroundColor Red
    }
    else
    {
      foreach ($receive in $receives)
      {
        if ($Action -eq 'Add')
        {
          foreach ($ip in $applyipaddress)
          {
            $receive.RemoteIPRanges += $ip
          }
        }
        else
        {
          foreach ($ip in $applyipaddress)
          {
            $receive.RemoteIPRanges -= $ip
          }
        }
        try
        {
          Set-ReceiveConnector $receive.Identity.ToString() -RemoteIPRanges $receive.RemoteIPRanges -ErrorAction Stop
          
          if ($Action -eq 'Add')
          {
            Write-Host "Add $ip into $Port with $AuthType Success" -ForegroundColor Green
          }
          else
          {
            Write-Host "Remove $ip from $Port with $AuthType Success" -ForegroundColor Green
          }
        }
        catch
        {
          $errormsg = $_.exception.message
          $error01 = 'is already present in the collection'
          $error02 = 'conflict with the settings on Receive connector'
          switch ($errormsg)
          {
            { $_ -match $error01 }{ Write-Host "This IP address has already exist $AuthType $Port connector" -ForegroundColor Red }
            { $_ -match $error02 }{ Write-Host "This IP address conflict on $Port port connector" -ForegroundColor Red }
            Default { Write-Host "Unknown Error !" }
          }
          break
        }
      }
    }
  }
}

#endregion