Exchange Yönetimi – Spam Monitoring Örnekler -1

Microsoft Exchange related issues and information
Microsoft Exchange related issues and information

Örnekler ile Exchage anti-spam loglama ve Raporlama

Örnek -1
Kullanıcı tanımlayarak Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.recipients -like “kullanici@domain.com”}

Örnek -2
Gönderici tanımlayarak Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.P1FromAddress -like “kullanıcı@sirket.com” -or $_.P2FromAddresses -like “kullanıcı@firma.com”}

P1FromAddress ile P2FromAddresses arasındaki fark nedir?
Telnet bağlantısı ile örnekleyelim :
“helo me
ehlo me
mail from:P1FromAddress
rcpt to:kullanıcı@domain.com
data
mail from:P2FromAddresses
subject:test1
.
quit”

Burada MX kayıtlarında baska bir sunucudan başka bir domain ile mail gelmesi olarak düşünebilirsiniz.

Örnek -3
Gönderinin domain bilgisini girerek Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.P1FromAddress -like “*contoso.com” -or $_.P2FromAddress -like “*corp.com”}

Örnek -4
Gönderinin IP bilgisini girerek Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.IPAddress -eq “7.7.7.7”}

Örnek -5a
BLP – Sebep ile Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.Reason -eq “BlockListProvider”}

Örnek -5b
SAQT – Sebep ile Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.Reason -eq “SclAtOrAboveQuarantineThreshold”}

Örnek -6a
CFA – Agent bilgisi ile Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.Agent -eq “Connection Filtering Agent”}

Örnek -6b
SenderID – Agent bilgisi ile Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.Agent -eq “SenderID Agent”}

Örnek -6c
SFA – Agent bilgisi ile Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.Agent -eq “Sender Filter Agent”}

Örnek -6ç
RFA – Agent bilgisi ile Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.Agent -eq “Recipient Filter Agent”}

Örnek -6d
ERA – Agent bilgisi ile Exchange Anti-spam logunu tarama/raporlama:
Get-AgentLog | where {$_.Agent -eq “Edge Rules Agent”}

Ve geldik fasulyenin faydalarına :D
Bir tane powershell script yazacağız ve bu script ile günlük ve haftalık istatistikleri kendimize mail ile göndereceğiz. Bir notepad alıp aşağıdaki scripti IstatistikselRapor.ps1 olarak script klasörüne kaydedin. Sonra istediğiniz zaman manuel yada cron ile çağırabilirsiniz.

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.E2010
$HTMLReport = ".\report.html"
$MailTo = "kullanici@domain.com"
$MailServer = "Exchange Sunucusu iç  IP adresi"
$MailFrom = "ExchangeAdmin@domain.com"

$a1 = Get-AgentLog -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date)
$a2 = $a1 | where { $_.Action -like "RejectMessage" -or $_.Action -like "RejectCommand" -or $_.Action -like "QuarantineMessage" }
$a3 = $a1 | where { $_.Action -like "AcceptMessage" }

$b1 = Get-AgentLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date)
$b2 = $b1 | where { $_.Action -like "RejectMessage" -or $_.Action -like "RejectCommand" -or $_.Action -like "QuarantineMessage" }
$b3 = $b1 | where { $_.Action -like "AcceptMessage" }

$Output = "<html> 
<body> 
<font size=""1"" face=""Arial,sans-serif""> 
<h3 align=""center"">Exchange Antispam Report</h3> 
<h5 align=""center"">Generated $((Get-Date).ToString())</h5> 
</font> 
<table border=""0"" cellpadding=""3"" style=""font-size:8pt;font-family:Arial,sans-serif""> 
<tr bgcolor=""#009900""> 
<th><font color=""#ffffff"">Recieved Messages per day:</font></th> 
<th><font color=""#ffffff"">Rejected Messages per day:</font></th> 
<th><font color=""#ffffff"">% Rejected Messages per day:</font></th> 
<th><font color=""#ffffff"">Accepted Messages per day:</font></th> 
<th><font color=""#ffffff"">% Accepted Messages per day:</font></th></tr>
<tr bgcolor=""#dddddd""><th>$($a1.count)</th>
<th>$($a2.count)</th>
<th>$([math]::Round(($a2.count/$a1.count)*100))</th>
<th>$($a3.count)</th>
<th>$([math]::Round(($a3.count/$a1.count)*100))</th>
</tr></table>
<table border=""0"" cellpadding=""3"" style=""font-size:8pt;font-family:Arial,sans-serif""> 
<tr bgcolor=""#009900""> 
<th><font color=""#ffffff"">Recieved Messages per week:</font></th> 
<th><font color=""#ffffff"">Rejected Messages per week:</font></th> 
<th><font color=""#ffffff"">% Rejected Messages per week:</font></th> 
<th><font color=""#ffffff"">Accepted Messages per week:</font></th> 
<th><font color=""#ffffff"">% Accepted Messages per week:</font></th></tr>
<tr bgcolor=""#dddddd""><th>$($b1.count)</th>
<th>$($b2.count)</th>
<th>$([math]::Round(($b2.count/$b1.count)*100))</th>
<th>$($b3.count)</th>
<th>$([math]::Round(($b3.count/$b1.count)*100))</th>
</tr></table>
</body></html>";

$Output | Out-File $HTMLReport

Send-MailMessage -Attachments $HTMLReport -To $MailTo -From $MailFrom -Subject "Exchange Antispam Report" -BodyAsHtml $Output -SmtpServer $MailServer

About the Author

Melih Melik SÖNMEZ
1976'da İstanbul'da doğdum.