exchange powershell: review and add spam rules

By Ricardo Mallamicrosoft stack

On the eternal fight against spam, we will be trying to minimize the impact of unwanted emails. In this case, I will want to do this programmatically. We currently use Office 365 and it is well known that this server can be managed via Windows Powershell.

The extension of this article is going to show some of the commands that worked for us (as Microsoft's documentation is pretty confusing) and our endĀ  goal is to be able to (programmatically) add domains to theĀ  O365 Anti-Spam list, so that they will be quarantined.

A follow-up step, which I'm not sure if it is possible yet, will be to try to run this commands from a Python script in one of our control servers. The main idea is that some "Admin" users inside the organization have the ability to "Flag" suspicious emails; these emails will be added to a "blacklist database" and then a python script will "pick them up" and add to the o365 Anti Spam list.

Everything is doable in this process, what I'm not so sure is that we're going to be able to log in to the Exchange Powershell from an Ubuntu server. This is going to be continued until further notice...

view 0365 spam rules

reference: https://learn.microsoft.com/en-us/powershell/module/exchange/get-hostedcontentfilterrule?view=exchange-ps

view all spam rules

Get-HostedContentFilterPolicy

get all senders and recipients on the spam rules

$x = Get-HostedContentFilterPolicy

$x | foreach {write-host ("`r`n"*3)$_.Name,`r`n,("="*79),`r`n,"Allowed Senders"`r`n,("-"*79),`r`n,$_.AllowedSenders,("`r`n"*2),"Allowed Sender Domains",`r`n,("-"*79),`r`n,$_.AllowedSenderDomains,("`r`n"*2),"Blocked Senders"`r`n,("-"*79),`r`n,$_.BlockedSenders,("`r`n"*2),"Blocked Sender Domains",`r`n,("-"*79),`r`n,$_.BlockedSenderDomains}

add spam domains to a specific spam rule

Set-HostedContentFilterPolicy "Dominios Spam" -BlockedSenderDomains @{add="abc2.com","abc2.com"}

 

 

transit rules

reference: https://learn.microsoft.com/en-us/powershell/module/exchange/get-transportrule?view=exchange-ps

 

this rules are a separate way to control de mail flow of the emails, could also be used to reject emails based on certain criteria, but its not designed for this.

 

Get all senders from a specific Transit Rule.

Get-TransportRule "spam: block domains" | select -ExpandProperty IfFromAddressContainsWords

 

The "-ExpandProperty" parameter lists all the rules. If this parameter is not included just a few records will show.

 

Leave a Reply

Your email address will not be published. Required fields are marked *