Recently, I have come across spam/malicious email delivery in
my supported environment, IT security team needs to find out how many users
received this malicious email and how can we delete it from all user inboxes
without knowing end user.
How to find message delivery details: -
We can use Powerful Message Tracking logs command to find
out how many users received based on the timeline or message subject.
Get-TransportServer | Get-MessageTrackingLogs –Start “"03/13/2015
09:00:00" -End "03/15/2015 17:00:00" –MessageSubject “spam email”
| Select-Object {$_.Sender},{$_.Recipients},MessageSubject | Export-Csv
C:\temp\messagetrackinglogs.csv.
Based on your analyses on message tracking logs, you can use
the below command to find and delete the messages from end user inboxes.
Get-Mailbox | Search-Mailbox -SearchQuery
"Subject:'MessageSubject*' or attachment:'.html'" -targetmailbox
"DiscoveryMailbox" -targetfolder "Search Results" -loglevel
full –logonly
You can use below command to delete the messages from user
inbox based on message subject or attachment.
Get-Mailbox | Search-Mailbox -SearchQuery
"Subject:'MessageSubject*' or attachment:'.html'" –DelectContent –Confirm:$false.
Thanks for visiting my blog, keep watch for further pursuit.
No comments:
Post a Comment