powershell - 使用 csv 文件过滤结果

Question

基本上，我有一个扫描邮件跟踪日志的脚本，它每 15 分钟检查一次日志的最后一小时，在短时间内查找大量电子邮件。我知道如何使用 -gt 和 -notlike 等进行过滤，但我希望脚本检查 csv 中我想要过滤的值。例如，有些人我们希望在短时间内发送大量电子邮件，我需要一个 csv 例外列表。

$ErrorActionPreference = "silentlycontinue"
add-pssnapin Microsoft.Exchange.Management.PowerShell.E2007
add-pssnapin Microsoft.Exchange.Management.PowerShell.Admin

$Now= Get-Date
$start= $Now.AddHours(-1)
#$end= $Now.AddHours(-1)

$Senders = ("bumailhub1","bumailhub2" | Get-MessageTrackingLog -resultsize unlimited -      Start "$start" -End "$Now" -EventId SEND | Select-Object ServerHostname,EventId,RecipientCount,Sender,MessageSubject,ConnectorId | where {$_.Connectorid -eq "Outbound new (Stucheck out)"})


********Right here below is where i need it to check for a csv exceptions list, which will contain a list of email addresses that are under the column "Name", and again when creating $csvmaker


$report = $senders | Group-Object Sender | Sort-Object Count -Descending | Where-Object {$_.Count -gt 50 -and $_.Name -NOTLIKE "MicrosoftExchange*"} | Select-object Count, Name
$mailing1 = $report | ConvertTo-HTML | Set-Content c:\TEMP\Date_$((get-date).tostring("MMddyyyy"))_Time_$((get-date).tostring("HHmmss"))_Users_Over_100PERLast2Hour.htm

$exceptions = Import-Csv C:\TEMP\CSVS\Exceptions\Exceptions.csv

$csvmaker = $senders | Group-Object Sender | Sort-Object Count -Descending | Where-Object {$_.Count -gt 100 -and $_.Name -NOTLIKE "MicrosoftExchange*"} | Select-object Count, Name
$csvmade =  $csvmaker | ConvertTo-CSV | Set-Content c:\TEMP\CSVS\Users_Over_100PERLast2Hour.csv

$mailing1
$mailing2 = $report | ConvertTo-Html
$subjectreport = $senders | Group-Object MessageSubject | Sort-Object Count -Descending | Where-Object {$_.Count -gt 50 -and $_.Name -NOTLIKE "MicrosoftExchange*"} | Select-object Count, Name
$subjectreportemail = $subjectreport | ConvertTo-Html

$head = Get-Content C:\TEMP\files\head.htm
$report1 = Get-Content C:\TEMP\files\report1.htm
$report2 = Get-Content C:\TEMP\files\report2.htm

If ($report | Where-Object {$_.Count -gt 100})
{
$Sender = "mailhub_issues@mydomain.com"
$SMTPClient = new-object System.Net.Mail.smtpClient
$SMTPClient.host = "mysmtp.mydomain.com"
$MailMessage = new-object System.Net.Mail.MailMessage
$Address = new-object System.Net.Mail.MailAddress("1@mydomain")
$Address2 = new-object System.Net.Mail.MailAddress("2@mydomain")
$Address3 = new-object System.Net.Mail.MailAddress("3@mydomain")
$Address4 = new-object System.Net.Mail.MailAddress("4@mydomain")
$Address5 = new-object System.Net.Mail.MailAddress("5@mydomain")
$Address6 = new-object System.Net.Mail.MailAddress("6@mydomain")
$Address7 = new-object System.Net.Mail.MailAddress("7@mydomain")
$MailMessage.Subject = "SPAM EMAIL ALERT"
$MailMessage.Body = $head + $report1 + $subjectreportemail + $report2 + $mailing2
$MailMessage.Sender = $Sender
$MailMessage.From = $Sender
$MailMessage.To.add($Address)
#$MailMessage.To.add($Address2)
#$MailMessage.To.add($Address3)
#$MailMessage.To.add($Address4)
#$MailMessage.To.add($Address5)
#$MailMessage.To.add($Address6)
$MailMessage.To.add($Address7)
$MailMessage.IsBodyHtml = $true
$SMTPClient.Send($MailMessage)



}
$ChkFile = "c:\TEMP\CSVS\Users_Over_100PERLast2Hour.csv"
$FileExists = (Test-Path $ChkFile -PathType Leaf)

If ($FileExists)
{

$Sender = "mailhub_issues@mydomain"
$SMTPClient = new-object System.Net.Mail.smtpClient
$SMTPClient.host = "mysmtp.mydomain.com"
$MailMessage = new-object System.Net.Mail.MailMessage
$Address = new-object System.Net.Mail.MailAddress("1@mydomain")
$Address2 = new-object System.Net.Mail.MailAddress("2@mydomain")
$Address3 = new-object System.Net.Mail.MailAddress("3@mydomain")
$Address4 = new-object System.Net.Mail.MailAddress("4@mydomain")
$Address5 = new-object System.Net.Mail.MailAddress("5@mydomain")
$Address6 = new-object System.Net.Mail.MailAddress("6@mydomain")
$Address7 = new-object System.Net.Mail.MailAddress("7@mydomain")
$att = new-object Net.Mail.Attachment($ChkFile)
$MailMessage.Subject = "Disabled Mailboxes"
$MailMessage.Body = "Enclosed is a CSV file containing a list of the users who have had there mailboxes disabled as a result of too many email in a short time"
$MailMessage.Attachments.Add($att)
#$MailMessage.Body = $head + $report1 + $subjectreportemail + $report2 + $mailing2
$MailMessage.Sender = $Sender
$MailMessage.From = $Sender
$MailMessage.To.add($Address)
#$MailMessage.To.add($Address2)
#$MailMessage.To.add($Address3)
#$MailMessage.To.add($Address4)
#$MailMessage.To.add($Address5)
#$MailMessage.To.add($Address6)
$MailMessage.To.add($Address7)
$MailMessage.IsBodyHtml = $true
#$Attachment = $mailing
#$MailMessage.Attachements.Add($Attachment)
$SMTPClient.Send($MailMessage)
$att.Dispose()
import-csv c:\TEMP\CSVS\Users_Over_100PERLast2Hour.csv | foreach {disable-mailbox $_.Name -confirm:$false}
Move-Item c:\TEMP\CSVS\Users_Over_100PERLast2Hour.csv c:\TEMP\CSVS\OLD\Date_$((get-date).tostring("MMddyyyy"))_Time_$((get-date).tostring("HHmmss"))_Users_Over_100PERLast2Hour.csv

  }

score 0 · Accepted Answer

只需从一个简单的文本文件中读取这些发件人：

$whitelistedSenders = Get-Content 'C:\path\to\sender_whitelist.txt'

如果您必须使用 CSV，请仅提取发件人姓名列的值：

$whitelistedSenders = Import-Csv 'C:\path\to\sender_whitelist.csv' `
  | % { $_.'Sender Name' }

然后只处理那些不包含在白名单中的发件人：

$subjectreport = $senders `
  | ? { $whitlistedSenders -notcontains $_.Name } `
  | Group-Object MessageSubject `
  | Sort-Object Count -Descending `
  | ? { $_.Count -gt 50 -and $_.Name -notlike "MicrosoftExchange*" } `
  | select Count, Name

powershell - 使用 csv 文件过滤结果

1 回答 1

Related

Reference