Be alerted of upcoming full executive mailboxes

It is a good idea to keep mailbox size limits on your on-premises Exchange Servers for a few reasons:

- Preventing "mail storms" from running your databases storage out of disk space.
- Being able to control the maximum desired size of the mailbox databases.
- No mailbox limit means that nothing is get deleted and the Exchange becomes a document storage.

However, there are always those important management users that you don't want to allow them to run out of mailbox space.
A full mailbox in those cases may mean that a very important Email will not be received and your job will be on the line (and no one will care that the executive assistant disregarded all of those mailbox storage space warning messages even weeks before the mailbox clogged up).

So what can be done ?
Create a script to notify you of those mailboxes that are about to run out of space !The script that can be run daily will give you the option to either enlarge the mailbox or notify the user to archive or delete unneeded Emails.
Do not wait for the last moment as changing a mailbox size can take up to 2 hours go into effect:
Mailbox Size Limits Are Not Enforced in a Reasonable Period of Time


Here are the steps to make your notification script:

1. Set specific per-mailbox quota for executive mailboxes.
First, set up a mailbox quota for each user, letting go of the default database quota settings.
Keep those setting alive... but configure specific mailbox limit for each one of those mailboxes because you know that when the time comes you will need to change it anyway.

2. Set a way to distinguish between executive and none executive user mailboxes.
In order for the script to notify you about executive users only, you should set up a way to distinguish between executive and non-executive mailboxes.
One way (that I use in the script) is to gather all executive mailboxes into specific database / databases.
Another way is to assign a specific value in AD for executive users which you could query to gather all the executive mailboxes from all the Exchange databases.

for example:
$VIPList = get-mailboxdatabase *vip* | get-mailbox -ResultSize unlimited
Gets all mailboxes located on databases who's name contains the word VIP
Note ! My script uses this method so make sure to modify the script if needed !!! 

$VIPList = get-mailbox -ResultSize unlimited | where {$_.CustomAttribute10 -like "Executive"}
Gets all mailboxes with the value "Executive" in CustomAttribute10.

Of course you can use any desired attribute and any desired value to distinguish the executive mailboxes.

3. Select who will be notified
You may be the one who makes the decisions what actions to take when the reports arrive, or you may want your Help Desk to handle this task, so you need to decide who's Email the script will use (you can always assign multiple Email addresses).

4. Which SMTP server to use in order to route the mail
Nothing special here. You need an SMTP server (hub transport or other) to sent the notification Email.

Download the script here

The script assumes the executive databases are named with VIP in the database name.
You MUST change to your own search convention as stated above.
Also change the following parameters:

$SMTPServer = "192.168.1.2"
$ReportExceedingPrecentage = "94"
$ReportSender = "ExchangeServer@Mydomain.com"
$ReportRecipients = "HelpDesk@Mydomain.com","Me@Mydomain.com"

$SavedReportFilePath = "C:\LargeVIPMailboxes-$date.html"

Keep the $date.html at the end so the file will be saved with the date of creation.

This is how the report should look.
Just make sure to schedule the script for a daily run.
For assistance with creating a batch file for scheduling see my article

Load Powershell Addins in your scripts

Using the Exchange 2010 Anti-Spam feature to block specific IP addresses

The Exchange anti-spam features allow for a verity of options for protecting the Exchange environment.
Those features can be implemented for the Edge transport server or even on the Hub transport servers.

My article will focus on installing the Anti-Spam features on the Hub transport servers and on a script I wrote to automate adding / removing / viewing the IP addresses that are configured to be blocked by the IP Block List.

The reason I found for this is that in a large environment you may find that many servers are configured to be allowed connection and even relay using the Exchange Hub Transport SMTP service.
At times you may find that one of those servers go bad and starts sending a lot of Emails and even flood your Exchange server due to a software bug, or even if you would like to block a connection coming from the Internet (in case your Exchange server is getting its Emails directly).

If you got a single Hub Transport server you could easily do this configuration manually, however if you are using multiple hub transport servers and would like to configure the block list using a single commend the script may be helpful.

Lets begin...

Installing the Anti-Spam functionality
To start using those options you need to install them on the Transport/Edge Exchange server.
The installation is done using the built in .\install-AntispamAgents.ps1 script located on every Exchange server at  %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folder

After installation the transport service needs to be restarted with the command
Restart-Service MSExchangeTransport or by using the services console.

For more information on installing this component see
Enable Anti-Spam Functionality on a Hub Transport Server

By default all of the Anti-Spam features are enabled at the Organization level in the management console, however they are not configured.

I chose to disable the features I did not want to run.

The Next step will be to install the Anti-Spam feature on every Hub Transport server you want.

It should be noted that every Hub Transport server can be configured differently altogether so you should decide if to install the feature and where.

The provided script makes an assumption that all Hub Transport servers in the organization will use the same IP blocking settings, so you may need to modify the script for your own environment.

Next we will take a look at how to configure the feature manually using the management console.
Navigate to the Server Configuration section, select a Hub Transport server where you installed the features and you will see the Anti-Spam tab.




















When we select Properties we are able to add or remove a specific IP address, Subnet or range of IP addresses.

You can also see that it is possible to define if the blocking will never expire or set this blocking to expire at a specific date and time.

I would not recommend using complete network subnets or IP address ranges unless you are sure that there is no scenario there there will need to unblock a specific address from the range or subnet.

You can add an IP address manually to check how this feature work, for example by adding your workstation IP address and then using Telnet command to perform an SMTP Email transaction with the server.



The result above will be seen by the sending party.
In case this is a real mail server with mailboxes, the sender will get this message as an NDR.

However since the SMTP session will be disconnected right after the "Mail From" section, this messaging transaction will not be logged or found in the Exchange tracking logs. The server owner should be informed that you configured the IP to be blocked since if the server is using an application to send Emails and those will fail to be routed the only way to discover why will be by using Telnet from the sending server to the HT server and seeing this error message.

Now that we know what is expected to happen lets continue to the automation section.
Copy the following script into a new text file using notepad and save as IPBlockListScript.ps1

#####

Add-PSSnapin microsoft.exchange.management.powershell.e2010 -ErrorAction silentlycontinue

$selection = $null
Do
{
cls
write-host Exchange 2010 Transport IP Blocker Manager script be Liran Zamir -ForegroundColor yellow
write-host " "
write-host "Please Select action:"
write-host ""
write-host "1. Add IP to be blocked on the Exchange transport servers"
write-host "2. Remote IP from the Exchange transport servers block list"
write-host "3. Display blocklist from a random transport server"
write-host "X. To quit"
write-host ""
$selection = read-host "Type selection"

if ($selection -eq 1) {
cls
$AddIPblock = Read-Host “Type and IP address to block SMTP connections to Exchange servers”
[ref]$a = $null
if (![system.net.IPAddress]::tryparse($AddIPblock,$a)) { write-host "" ; write-host " !!! The IP address is invalid. !!!" -ForegroundColor white -BackgroundColor red ; read-host " "}
else {

$servers = Get-TransportServer | select name
foreach ($x in $servers) { Add-IPBlockListEntry -IPRange $AddIPblock -server $x.name -ExpirationTime '12/31/9999 11:59:59 PM' }
write-host ""
read-host "IP address was added to the block list"
}
}

if ($selection -eq 2) {
cls
$RemoveIP  = read-host “Type the IP address to remove from the block list”
if (![system.net.IPAddress]::tryparse($RemoveIP,$a)) { write-host "" ; write-host " !!! The IP address is invalid. !!!" -ForegroundColor white -BackgroundColor red ; read-host " "}
else {
$removefromservers = Get-TransportServer | select name,IPIdentity
$r = Get-IPBlockListEntry -server (Get-TransportServer)[0].name | select IPrange
$found = $null
0..($r.count-1) | foreach { $r[$_].iprange ; if ($r[$_].iprange -like $RemoveIP) { $found = "Yes"  } }
if ($found -eq $null) { write-host "" ; write-host " !!! The IP address you typed was not found !!! " -ForegroundColor white -BackgroundColor red ; read-host " " } 
else {
foreach ($s in $removefromservers ) { remove-IPBlockListEntry -identity ((Get-IPBlockListEntry -Server $s.name | where {$_.iprange -eq $RemoveIP  }).identity) -server $s.name -confirm:$false }
write-host ""
read-host "IP address was removed to the block list"
}
}
}

if ($selection -eq 3) {
cls
write-host " "
write-host "List of blocked IP addresses on the transport server "
write-host " "
Get-IPBlockListEntry -server (Get-TransportServer)[0].name | select IPrange
write-host " "
read-host "click Enter to return to menu"
}

} While ( $selection -ne "x")

write-host " "
#####

You will be able to run this script on the Exchange server or on your own workstation as long as you have the Exchange 2010 Powershell management installed.

When you run the script you will be presented with a simple menu

The first option will allow you to specify an IP address (only, no ranges or subnets) to be blocked.
The script then will verify that the IP address type is in a proper IP address format, and then enumerate the hub transport servers and add the IP address to each of those servers with an open-ended expiration date.

The second option will allow you to remove an IP address from the list of blocked addresses.
Here again the IP address you typed will be validated also for correct IP address syntax as well as verify of the first first enumerated Hub Transport server that the typed IP address is indeed set to be blocked.
If all goes well, the IP address will be removed from the blocked IP list on all the HT servers.

The third option allows you to view the list of blocked IP addresses from the first enumerated Hub Transport server.

Please note the script will not work well for removing the last blocked IP address (so you may choose to first add a false IP such as 1.1.1.1 to the list - this will also allow you to verify the Add IP functionality).

The script also does not handle IP subnets or ranges.

Another important note; If you configured a receive connector to specifically allow relay for the IP address or range of IP addresses that includes the IP address you want to block, the block feature will not work until you remove the IP address / subnet / range from the allowed to relay list on the receive connector.

Hope you enjoyed this post... you are welcome to let me know.