Bulk Export Email From Multiple Mailboxes – Powershell / Exchange 2007
Tue, Jun 29, 2010Today we experienced a significant onslaught of spam/phishing email into our organization which was not caught by our spam filters. Luckily, we were able to manually create filters which stopped any additional incoming instances of this attack.
I was approached by our IT Security department to run a “seek and destroy” on the emails which were able to make it through before our blocks were in place.
First, we ran message tracking on the Exchange servers to identify the users who received the malicious email, then exported said users to a .CSV file which was formatted like so:
Name
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
We can then run an export-mailbox to pull emails with certain keywords from the list of mailboxes in the .CSV we created above. In this example we used “Reset your Company.com password”.
import-csv “d:\scripts\spamrecipients.csv” | ForEach-object -process {Get-mailbox $_.name | export-mailbox -targetmailbox PhishingCleanupMailbox -targetfolder Phishing -subjectKeyWords “Reset your Company.com password” -deletecontent -confirm:$false -maxthreads 8}
This will scan each mailbox in the .CSV for emails containing the keyword specified, and move them to the mailbox “PhishingCleanupMailbox”, create a folder called “Phishing”, then a subfolder called “Recovered Items – Mailboxname”. Under Recovered Items, it will re-create the folder structure of the original mailbox. So wherever the original email was located in the original mailbox, it will be located in the same folder in the Recovered Items.
