Here's a new Powershell script to disable accounts based on the number of e-mails sent, this could help to avoid lost credentials abused by spammers.
Requeriments:
This script: viewtopic.php?t=32836
At least Powershell V3
PS: SorenR gave me a tip to use AWStat, if you transform AWStat log on CSV (comma) with "From" and "To" values, it should work too.
Code: Select all
<#
Script criado por Paulo Roberto (pauloroberto [arroba] conectadores [ponto] com [ponto] br)
Disable accounts based on the number of e-mails sent
#>
$password="Your Super secret hmail password"
#maximum number of e-mails sent by some account, please change this
[int]$Maximum=10
$hmail=New-Object -ComObject hMailServer.Application
$hmail.Authenticate('Administrator',"$password")
#CSV from previus script
$Planilha="D:\Folder to save\Log-$(get-date -Format yyyyMMdd).csv"
#If you want, a new CSV containing the e-mail addresses and number of e-mails sent.
$Control="D:\Folder to save\Control-$(get-date -Format yyyyMMdd).csv"
"`"Email`",`"Numero`"" | Out-File $Control
$dominios=$hmail.Domains
[array]$NomeDominio=@()
for ($i = 0; $i -lt ($dominios.Count); $i++)
{
$NomeDominio+=($dominios[$i]).name
}
[array]$Tabela=@()
Import-Csv $Planilha | ForEach-Object `
{
$item=$_
foreach ($nome in $NomeDominio)
{
if ($item.from -like "*$nome")
{
[array]$para=($item.to).Split(",")
if ($Tabela | where {$_.Email -like "$($item.from)"})
{
$atual=($Tabela | where {$_.Email -like "$($item.from)"})
$atual=$atual.Vezes + $para.Count
($Tabela | where {$_.Email -like "$($item.from)"}).vezes=$atual
}
else
{
$object = New-Object -TypeName PSObject
$object | Add-Member -Name 'Email' -MemberType Noteproperty -Value "$($item.De)"
$object | Add-Member -Name 'Vezes' -MemberType Noteproperty -Value $para.Count
$Tabela+=$object
}
}
}
}
$Tabela | Export-Csv -NoTypeInformation $Control
###############################################################
# The following will disable the accounts
###############################################################
$agressores=$tabela | where {$_.vezes -gt "$maximum"}
foreach ($conta in $agressores)
{
$Dominio=($conta.email -split "@")[1]
for ($i = 0; $i -lt ($hmail.Domains).Count; $i++)
{
if (($hmail.Domains)[$i].Name -like "$Dominio")
{
$ObjetoDominio=($hmail.Domains)[$i]
}
}
for ($i = 0; $i -lt ($ObjetoDominio.Accounts).Count; $i++)
{
if (($ObjetoDominio.Accounts)[$i].Address -like "$($conta.email)")
{
$ObjetoConta=$ObjetoDominio.Accounts[$i]
}
}
$ObjetoConta.Active=$false
$ObjetoConta.Save()
}
#As an example, I'm creating a credential with text, please, don't do this on a production enviroment.
$user="email@domain"
$password = convertto-securestring -String "YOUR SUPER SECRET PASSWORD" -AsPlainText -Force
$credential=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($user, $password)
#Send you a message
Send-MailMessage -Body "Due to maximum limit reached, the following accounts were disabled:`n$($agressores)" -From your@email -To Your@email -Subject "Your Subject" -SmtpServer Hmail.address -port 587 -Credential $credential
You could use a schedule task to run the script automatically, sure you need to save the password in a better way (not plain text).
Hope this helps someone.