Wednesday, February 15, 2017

How to delete malicious/spam email from user mailboxes.

Recently, I have come across spam/malicious email delivery in my supported environment, IT security team needs to find out how many users received this malicious email and how can we delete it from all user inboxes without knowing end user.

How to find message delivery details: -

We can use Powerful Message Tracking logs command to find out how many users received based on the timeline or message subject.

Get-TransportServer | Get-MessageTrackingLogs –Start “"03/13/2015 09:00:00" -End "03/15/2015 17:00:00" –MessageSubject “spam email” | Select-Object {$_.Sender},{$_.Recipients},MessageSubject | Export-Csv C:\temp\messagetrackinglogs.csv.

Based on your analyses on message tracking logs, you can use the below command to find and delete the messages from end user inboxes.

Get-Mailbox | Search-Mailbox -SearchQuery "Subject:'MessageSubject*' or attachment:'.html'" -targetmailbox "DiscoveryMailbox" -targetfolder "Search Results" -loglevel full –logonly

You can use below command to delete the messages from user inbox based on message subject or attachment.

Get-Mailbox | Search-Mailbox -SearchQuery "Subject:'MessageSubject*' or attachment:'.html'" –DelectContent –Confirm:$false.
Thanks for visiting my blog, keep watch for further pursuit.