Powershell Script to disable user based on the number of e-mail sent.

This section contains user-submitted tutorials.
Post Reply
pauloroberto
New user
New user
Posts: 5
Joined: 2018-06-15 16:07

Powershell Script to disable user based on the number of e-mail sent.

Post by pauloroberto » 2018-06-15 21:21

Hello people,

Here's a new Powershell script to disable accounts based on the number of e-mails sent, this could help to avoid lost credentials abused by spammers.


Requeriments:
This script: viewtopic.php?t=32836
At least Powershell V3

PS: SorenR gave me a tip to use AWStat, if you transform AWStat log on CSV (comma) with "From" and "To" values, it should work too.

Code: Select all

<#
Script criado por Paulo Roberto (pauloroberto [arroba] conectadores [ponto] com [ponto] br)

Disable accounts based on the number of e-mails sent
#>

$password="Your Super secret hmail password"

#maximum number of e-mails sent by some account, please change this
[int]$Maximum=10


$hmail=New-Object -ComObject hMailServer.Application
$hmail.Authenticate('Administrator',"$password")

#CSV from previus script
$Planilha="D:\Folder to save\Log-$(get-date -Format yyyyMMdd).csv"

#If you want, a new CSV containing the e-mail addresses and number of e-mails sent.
$Control="D:\Folder to save\Control-$(get-date -Format yyyyMMdd).csv"

"`"Email`",`"Numero`"" | Out-File $Control

$dominios=$hmail.Domains

[array]$NomeDominio=@()

for ($i = 0; $i -lt ($dominios.Count); $i++)
    {
    $NomeDominio+=($dominios[$i]).name
      
    }


[array]$Tabela=@()

Import-Csv $Planilha | ForEach-Object `
    {
    $item=$_

    foreach ($nome in $NomeDominio)
        {
        if ($item.from -like "*$nome")
            {
            [array]$para=($item.to).Split(",")
            
            if ($Tabela | where {$_.Email -like "$($item.from)"})
                {
                $atual=($Tabela | where {$_.Email -like "$($item.from)"})
                $atual=$atual.Vezes + $para.Count
                ($Tabela | where {$_.Email -like "$($item.from)"}).vezes=$atual
                }
            else
                {
                $object = New-Object -TypeName PSObject
                $object | Add-Member -Name 'Email' -MemberType Noteproperty -Value "$($item.De)"
                $object | Add-Member -Name 'Vezes' -MemberType Noteproperty -Value $para.Count
                $Tabela+=$object
                }
            }
        }
    }


$Tabela | Export-Csv -NoTypeInformation $Control


###############################################################
# The following will disable the accounts
###############################################################

$agressores=$tabela | where {$_.vezes -gt "$maximum"}

foreach ($conta in $agressores)
    {
    $Dominio=($conta.email -split "@")[1]

    for ($i = 0; $i -lt ($hmail.Domains).Count; $i++)
        {
        if (($hmail.Domains)[$i].Name -like "$Dominio")
            {
            $ObjetoDominio=($hmail.Domains)[$i]
            }
        }

    for ($i = 0; $i -lt ($ObjetoDominio.Accounts).Count; $i++)
        { 
        if (($ObjetoDominio.Accounts)[$i].Address -like "$($conta.email)")
            {
            $ObjetoConta=$ObjetoDominio.Accounts[$i]
            }
        }
    
    $ObjetoConta.Active=$false
    $ObjetoConta.Save()
    }


#As an example, I'm creating a credential with text, please, don't do this on a production enviroment.
$user="email@domain"
$password = convertto-securestring -String "YOUR SUPER SECRET PASSWORD" -AsPlainText -Force
$credential=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($user, $password)


#Send you a message
Send-MailMessage -Body "Due to maximum limit reached, the following accounts were disabled:`n$($agressores)"  -From your@email -To Your@email -Subject "Your Subject" -SmtpServer Hmail.address -port 587 -Credential $credential


You could use a schedule task to run the script automatically, sure you need to save the password in a better way (not plain text).
Hope this helps someone.

User avatar
SorenR
Senior user
Senior user
Posts: 3169
Joined: 2006-08-21 15:38
Location: Denmark

Re: Powershell Script to disable user based on the number of e-mail sent.

Post by SorenR » 2018-06-15 23:36

Something like this ??

viewtopic.php?f=20&t=28269

The script is pasted into EventHandlers.vbs so it's real-time ...
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

pauloroberto
New user
New user
Posts: 5
Joined: 2018-06-15 16:07

Re: Powershell Script to disable user based on the number of e-mail sent.

Post by pauloroberto » 2018-06-16 01:54

Understood...

pauloroberto
New user
New user
Posts: 5
Joined: 2018-06-15 16:07

Re: Powershell Script to disable user based on the number of e-mail sent.

Post by pauloroberto » 2018-06-16 01:56

Hey man, how do I delete the post?

User avatar
SorenR
Senior user
Senior user
Posts: 3169
Joined: 2006-08-21 15:38
Location: Denmark

Re: Powershell Script to disable user based on the number of e-mail sent.

Post by SorenR » 2018-06-16 08:34

pauloroberto wrote:
2018-06-16 01:56
Hey man, how do I delete the post?
You don't.

But it is no problem. Some day, someone may need inspiration on how to use hMailServer with PowerShell and they can see how you did it.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

Post Reply