How to send a warning report of a mail storm

Send a Warning Report of a Mail Storm

Introduction

This script will find senders that have sent large numbers of e-mails, then look for consistent use of same subject and recipient, finally send a warning email to a particular User.

Scenarios

This script is to help Exchange Administrators to Detect Mail Storm.

Script

This script contains one advanced function Send-OSCEmailStormingReport, you can use this script in the following ways:

Step1: Run the script in the Exchange Management Shell, type the one command: Import-Module <Script Path> at the prompt.

For example, type Import-Module C:\Script\SendEmailStormReport.psm1

Here are some code snippets for your references.

PowerShell

Edit|Remove

[DateTime] $StartTime = (Get-Date).AddMinutes(-$Minutes)
#Get the Report
$TempLogEntries = Get-Transportserver -DomainController $DomainController | Get-MessageTrackingLog -ResultSize Unlimited -Start $StartTime -EventId receive | Group-Object Sender | Where{$_.Count -ge $Numbers}

[DateTime] $StartTime = (Get-Date).AddMinutes(-$Minutes)
#Get the Report
$TempLogEntries = Get-Transportserver -DomainController $DomainController | Get-MessageTrackingLog -ResultSize Unlimited -Start $StartTime -EventId receive | Group-Object Sender | Where{$_.Count -ge $Numbers}

Examples

Example 1: Send a WARNING to Mailbox Admin from Mailbox Report if there are any mailboxes send 150 emails or above in last 30 minutes, also ignore Admins and Exchange Server Mailboxes.
Command: Send-OSCEmailStormingReport -DomainController "TestServer.Domain.com" -IgnoreList "Admin*","MicrosoftExchange*" -Minutes 30 -Numbers 150 -To Admin@Domain.com -From Report@Domain.Com
Command Screenshot:

Result Screenshot:

Prerequisite

Microsoft Exchange 2010, Microsoft Exchange 2013

PowerShell 2.0 and no problems when using command Send-MailMessage

Microsoft All-In-One Script Framework is an automation script sample library for IT Professionals. The key value that All-In-One Script Framework is trying to deliver is Scenario-Focused Script Samples driven by IT Pros' real-world pains and needs. The team is monitoring all TechNet forums, IT Pros' support calls to Microsoft, and script requests submitted to TechNet Script Repository. We collect frequently asked IT scenarios, and create script samples to automate the tasks and save some time for IT Pros. The team of All-In-One Script Framework sincerely hope that these customer-driven automation script samples can help our IT community in this script-centric move.