When using Exchange as your outside facing transport servers in either a dedicated Edge role under 2010 or within a multi-role setup finding out when you have a spammer from within historically has been done via blacklist notifications. What if we can catch the spammers in the act? What if we can stop the spam midstream? As a side benefit, you’ll get notification if mail is backing up for other reasons as well…ie random email providers being offline or if you end up having routing issues.
$servername = Get-Content env:computername $mail_sender = "$servername@contoso.com" $mail_server = "my_smtp_server.contoso.com" $mail_recipient = "my_email@contoso.com" $mailreport_subject = "Script: $servername Message Queues" #At what level do you want to be emailed? $maxinqueue = 40 $body = "" Add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue function SendEmailReport { $msg = New-Object System.Net.Mail.MailMessage $mail_sender, $mail_recipient, $mailreport_subject, $body $client = New-Object System.Net.Mail.SmtpClient $mail_server $client.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials $client.Send($msg) } $i = 0 while($i -lt 29) { $mymessages = get-message -resultsize unlimited #$mysenders = $mymessages | select-object fromaddress if($mymessages.count -gt $maxinqueue) { $body = "Warning the current queue on $servername has exceeded the queue count of $maxinqueue and is currently at " + $mymessages.count $body += "`r`n" $body += $mymessages | out-string SendEmailReport $body = "" } $mymessages = $null write-host $i Sleep 60 $i++ }
The $maxinqueue variable is the real trick, at what level of messages in the queue is normal for your organization?
Then all that needs to be done is configuration of a simple scheduled task say run every 30 minutes, the scripting logic is configured to run in a loop to cover at the per minute within a 30 minute window.