Send a Warning Report of a Mail Storm

Introduction

This script will find senders that have sent large numbers of e-mails, then look for consistent use of same subject and recipient, finally send a warning email to a particular User.

Scenarios

This script is to help Exchange Administrators to Detect Mail Storm.

Script

This script contains one advanced function Send-OSCEmailStormingReport, you can use this script in the following ways:

Step1: Run the script in the Exchange Management Shell, type the one command: Import-Module <Script Path> at the prompt.

For example, type Import-Module C:\Script\SendEmailStormReport.psm1

Here are some code snippets for your references.

PowerShell

Edit|Remove

[DateTime] $StartTime = (Get-Date).AddMinutes(-$Minutes)
#Get the Report
$TempLogEntries = Get-Transportserver -DomainController $DomainController | Get-MessageTrackingLog -ResultSize Unlimited -Start $StartTime -EventId receive | Group-Object Sender | Where{$_.Count -ge $Numbers}

[DateTime] $StartTime = (Get-Date).AddMinutes(-$Minutes) 
#Get the Report 
$TempLogEntries = Get-Transportserver -DomainController $DomainController | Get-MessageTrackingLog -ResultSize Unlimited -Start $StartTime -EventId receive | Group-Object Sender | Where{$_.Count -ge $Numbers}

Examples

Example 1: Send a WARNING to Mailbox Admin from Mailbox Report if there are any mailboxes send 150 emails or above in last 30 minutes, also ignore Admins and Exchange Server Mailboxes.
Command: Send-OSCEmailStormingReport -DomainController "TestServer.Domain.com" -IgnoreList "Admin*","MicrosoftExchange*" -Minutes 30 -Numbers 150 -To Admin@Domain.com -From Report@Domain.Com
Command Screenshot:

Result Screenshot:

Prerequisite

Microsoft Exchange 2010, Microsoft Exchange 2013

PowerShell 2.0 and no problems when using command Send-MailMessage