PowerShell RC2 Released

del.icio.us tags:

The latest drop of PowerShell is out.  Main differences in the new release are improved support for IMF, and the documentation is included with PowerShell rather than being a separate download.

Admins will find the documentation easier to follow since it’s based on common administration scripts you might have seen in VBScript.  What’s missing in action, though, is a true reference manual for PowerShell.

Get PowerShell at Microsoft.

Take care,



Killing Spam with Exchange IMF and PowerShell

del.icio.us tags: , , , , ,

If you have an Exchange shop, you probably have Exchange Intelligent Message Filter.  The IMF filters out junk mail to a folder (usually Program files\exchsrvr\mailroot\vsi 1\ucearchive) which you must inspect for false positives and empty from time to time.

There are tools to manage the IMF archive;  I use Daryl Maunder’s Exchange IMF Archive Manager and there is also IMFCompanion, but neither of these tools will empty the archive automatically.  Realistically, in a small shop like SATV’s, it’s a burden to manually inspect the archives;  as spam volume gets heavier, inspection is no longer viable.

I just use a simple PowerShell script that counts the items in the IMF archive, notes the count in the Application log and then deletes the items.

Here’s the code.  Most of it is housekeeping to manage the event log:

# Delete-IMFSpam  - Deletes spam mail from Exchange IMF Folder
# Deletes spam mail from Exchange IMF folder and enters an event in the 
# Application log reporting number of spam mails found and deleted
# David Moisan 9/22/2006
# v1.0

$sSource = "Delete-IMFSpam"
$sLog = "Application"
$sMachine = [System.Environment]::MachineName

$sEventIDSpam = 1
$sEventIDNoSpam = 2

$sEventLogInformational = [System.Diagnostics.EventLogEntryType]::Information
$sEventLogWarning = [System.Diagnostics.EventLogEntryType]::Warning
$sEventLogError = [System.Diagnostics.EventLogEntryType]::Error

$sUCEArchive = "$env:programfiles\exchsrvr\mailroot\vsi 1\UCEArchive"

# Create source in eventlog if it isn't already there

if (-not [System.Diagnostics.Eventlog]::SourceExists($sSource,$sMachine)) {
   [System.Diagnostics.Eventlog]::CreateEventSource($sSource, $sLog, $sMachine)

# Create new eventlog object to make entries

$eLog = new-object System.Diagnostics.EventLog($sLog,$sMachine,$sSource)

# Get count of spam items

$SpamCount = (get-childitem $sUCEArchive\*.eml | measure-object).Count

# Display count to the log and the console
# Delete spam if directory not empty

if ($SpamCount -gt 0) {
   remove-item "$sUCEArchive\*.eml"
   $eLog.WriteEntry("UCEArchive: $Spamcount item(s) found and deleted", $sEventLogInformational, $sEventIDSpam)

    $elog.WriteEntry("UCEArchive:  No spam items found", $sEventLogInformational, $sEventIDNoSpam)

# Done


Run the script:

powershell delete-IMFSpam.ps1

And here’s the event log:

MachineName : [...]
EventID     : 1
TimeWritten : 9/30/2006 1:00:48 AM
EntryType   : Information
Source      : Delete-IMFSpam
Message     : UCEArchive: 674 item(s) found and deleted

This was just in 3 (!!) days since the folder was last emptied.

Take care,