6

Recently, my organization were victim of a spam attack. Sadly, some users provided their email and password. The attacker set up a long queue of emails to be sent (from the victims account).

We had to delete all the message manually (from the queue viewer). It was very painful (more than 100 thousands emails...).

Is it possible to clear the email queue of a specific user with the PowerShell ? (using the Active Directory module)

Found this old post, but it look outdated and it delete all the queue...

Community
  • 1
Vinc 웃
  • 177
  • 1
  • 2
  • 7

1 Answers1

8

You just have to add a Where-Object (abbreviated to ?) after Get-Message to select the messages you want to remove.

Get-ExchangeServer |
    ?{$_.IsHubTransportServer -eq $true} |
    Get-Queue |
    get-message |
    ? {$_.sender -eq 'Vinc@somedomain.uhoh'} |
    Remove-Message -withNDR $false
Matt
  • 740
  • 6
  • 28
longneck
  • 23,082
  • 4
  • 52
  • 86
  • Is it possible to add the parameter -server + -credential (im running the command in remote)? – Vinc 웃 Apr 24 '15 at 18:41
  • You should probably connect using a separate command first. Then any future Exchange commands will be issued against that Exchange org. – longneck Apr 24 '15 at 19:42
  • Perfect ! Thank you a lot ! I am now ready for the next spam attack ! Watch out ! :) – Vinc 웃 Apr 29 '15 at 18:08