-
Notifications
You must be signed in to change notification settings - Fork 1
/
ecsm-transport-rule-create.ps1
223 lines (204 loc) · 8.67 KB
/
ecsm-transport-rule-create.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
#
<#
.SYNOPSIS
Creates the rules and connectors needed for Exclaimer Cloud
.DESCRIPTION
This is designed to be run after you have completed the steps to get the certificate domain.
The Transport Rule is created in a disabled state so this can be run prior to the steps carried out by Sys Eng.
Please refer to the REQUIREMENTS for the information needed to run this script correctly.
.NOTES
Email: [email protected]
Date: 24th July 2018
.PRODUCTS
Exclaimer Cloud - Signatures for Office 365
.REQUIREMENTS
- SMTP domain needs to already be added to Office 365 and verified
- Group for Transport Rule
- Global Administrator Accounts
.HISTORY
1.0 - Creates transport rule, connectors and sets up Exclaimer Cloud in a enabled state
1.1 - Corrected issue relating to date/time, requested email address for group, added a 1 to the region request.
1.2 - Added allowed ip list update
2.0 - Removal of previous configuration
#>
Add-Type -AssemblyName PresentationFramework
#Getting Exchange Online Module
function checkExchangeOnline-Module {
if (Get-Module -ListAvailable -Name ExchangeOnlineManagement) {
#[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms')
#[System.Windows.MessageBox]::Show('ExchangeOnlineManagement module already installed, will continue..."', 'ExchangeOnlineExclaimerCheck', 'OK', 'Information')
}
else {
[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms')
[System.Windows.MessageBox]::Show('ExchangeOnlineManagement module not installed, will attempt to install it now...', 'ExchangeOnlineExclaimerCheck', 'OK', 'Information')
Install-Module ExchangeOnlineManagement
}
}
function modern-auth-mfa-connect {
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
}
function remove_previous {
# Removes previous Transport Rules and Connectors
# Does previous config exist?
$tr = Get-TransportRule -Identity *exclaimer* -ErrorAction SilentlyContinue
$rc = Get-InboundConnector -Identity *exclaimer* -ErrorAction SilentlyContinue
$sc = Get-OutboundConnector -Identity *exclaimer* -ErrorAction SilentlyContinue
If ($tr -eq $null -and $rc -eq $null -and $sc -eq $null) {
write-host "out"
}
Else {
Write-Host "Removing Exclaimer Transport Rule"
foreach ($t in $tr){
Remove-TransportRule -Identity $t.Name -Confirm:$false -ErrorAction SilentlyContinue
}
Write-Host "Removing Exclaimer Receive Connector"
Remove-InboundConnector -Identity *Exclaimer* -Confirm:$false -ErrorAction SilentlyContinue
Write-Host "Removing Exclaimer Send Connector"
Remove-OutboundConnector -Identity *Exclaimer* -Confirm:$false -ErrorAction SilentlyContinue
}
}
function send_connector {
# Creates the Send to Exclaimer Cloud send connector
New-OutboundConnector -Name "Send to Exclaimer Cloud" `
-Enabled $true `
-UseMXRecord $false `
-Comment $comment `
-ConnectorType OnPremises `
-ConnectorSource Default `
-SmartHosts $smarthost `
-TlsDomain $smarthost `
-TlsSettings DomainValidation `
-IsTransportRuleScoped $True `
-RouteAllMessagesViaOnPremises $false `
-CloudServicesMailEnabled $True `
-AllAcceptedDomains $false `
-TestMode $false
}
function receive_connector {
# Creates the Receive from Exclaimer Cloud receive connector
New-InboundConnector -Name "Receive from Exclaimer Cloud V2" `
-Enabled $true `
-ConnectorType OnPremises `
-ConnectorSource Default `
-Comment $comment `
-SenderDomains smtp:* `
-RequireTls $true `
-RestrictDomainsToIPAddresses $false `
-RestrictDomainsToCertificate $false `
-CloudServicesMailEnabled $true `
-TreatMessagesAsInternal $false `
-TlsSenderCertificateName $accepteddomain
}
function transport_rule_create {
# Group or all
Write-Host ("")
Write-Host ("============")
$group = read-Host("Would you like to restrict this to a group? N/y")
If ($group -eq "n" -or $group -eq "N") {
# Creates transport rule for all
New-TransportRule -Name "Identify messages to send to Exclaimer Cloud" `
-Priority 0 `
-Mode Enforce `
-RuleErrorAction Ignore `
-SenderAddressLocation Envelope `
-RuleSubType None `
-UseLegacyRegex $false `
-FromScope InOrganization `
-HasNoClassification $false `
-AttachmentIsUnsupported $false `
-AttachmentProcessingLimitExceeded $false `
-AttachmentHasExecutableContent $false `
-AttachmentIsPasswordProtected $false `
-ExceptIfHasNoClassification $false `
-ExceptIfHeaderMatchesMessageHeader X-ExclaimerHostedSignatures-MessageProcessed `
-ExceptIfHeaderContainsMessageHeader "X-MS-Exchange-UnifiedGroup-SubmittedViaGroupAddress" `
-ExceptIfHeaderContainsWords "{/o=ExchangeLabs/ou=Exchange Administrative Group}" `
-ExceptIfHeaderMatchesPatterns "true" `
-ExceptIfFromAddressMatchesPatterns '<>' `
-ExceptIfMessageSizeOver 23592960 `
-ExceptIfMessageTypeMatches Calendaring `
-StopRuleProcessing $true `
-RouteMessageOutboundRequireTls $false `
-RouteMessageOutboundConnector "Send to Exclaimer Cloud"
}
Else {
$usegroup = Read-Host("Which group do you want to use? Add the email address for the mail enabled Security Group")
# Creates transport rule for group
New-TransportRule -Name "Identify messages to send to Exclaimer Cloud" `
-Priority 0 `
-Mode Enforce `
-RuleErrorAction Ignore `
-SenderAddressLocation Envelope `
-RuleSubType None `
-UseLegacyRegex $false `
-FromScope InOrganization `
-FromMemberOf $usegroup `
-HasNoClassification $false `
-AttachmentIsUnsupported $false `
-AttachmentProcessingLimitExceeded $false `
-AttachmentHasExecutableContent $false `
-AttachmentIsPasswordProtected $false `
-ExceptIfHasNoClassification $false `
-ExceptIfHeaderMatchesMessageHeader X-ExclaimerHostedSignatures-MessageProcessed `
-ExceptIfHeaderContainsMessageHeader "X-MS-Exchange-UnifiedGroup-SubmittedViaGroupAddress" `
-ExceptIfHeaderContainsWords "{/o=ExchangeLabs/ou=Exchange Administrative Group}" `
-ExceptIfHeaderMatchesPatterns "true" `
-ExceptIfFromAddressMatchesPatterns '<>' `
-ExceptIfMessageSizeOver 23592960 `
-ExceptIfMessageTypeMatches Calendaring `
-StopRuleProcessing $true `
-RouteMessageOutboundRequireTls $false `
-RouteMessageOutboundConnector "Send to Exclaimer Cloud"
}
}
function transport_rule_create_ooo {
# Creates transport rule for all
New-TransportRule -Name "Prevent Out of Office messages being sent to Exclaimer Cloud" `
-Priority 0 `
-Mode Enforce `
-RuleErrorAction Ignore `
-SenderAddressLocation Envelope `
-RuleSubType None `
-UseLegacyRegex $false `
-MessageTypeMatches OOF `
-HasNoClassification $false `
-AttachmentIsUnsupported $false `
-AttachmentProcessingLimitExceeded $false `
-AttachmentHasExecutableContent $false `
-AttachmentIsPasswordProtected $false `
-ExceptIfHasNoClassification $false `
-SetHeaderName "X-ExclaimerHostedSignatures-MessageProcessed"`
-SetHeaderValue "true"
}
function allowed_ips {
$iplist = @("104.210.80.79","13.70.157.244"`
,"52.233.37.155","52.242.32.10"`
,"51.4.231.63","51.5.241.184"`
,"104.40.229.156","52.169.0.179"`
,"52.172.222.27","52.172.38.8"`
,"51.140.37.132","51.141.5.228"`
,"191.237.4.149","104.209.35.28"`
,"20.52.124.58","20.113.192.118"`
,"20.233.10.24","20.74.156.16")
Set-InboundConnector -Identity "Receive from Exclaimer Cloud v2" -EFSkipLastIP $true
Set-HostedConnectionFilterPolicy "Default" -IPAllowList $iplist
}
# User inputs
Write-Host "`nThe 'To get the Exclaimer domain name go to 'https://admin.exchange.microsoft.com/#/accepteddomains' or," -ForegroundColor Green
Write-Host "after you log in to your Exchange Admin Center go to Mail Flow -> Accepted domains" -ForegroundColor Green
$accepteddomain = Read-Host ("Please enter the xxxxxxxxxxxxxxxxxxxxx.excl.cloud domain here")
write-host ("")
$region = Read-Host("Which region are you in?")
$smarthost = "smtp." + $region + "1.exclaimer.net"
# Comments
$date = (Get-Date -Format "dd/MM/yyyy")
$comment = "Connector created by Exclaimer Support on $date"
checkExchangeOnline-Module
modern-auth-mfa-connect
remove_previous
send_connector
receive_connector
transport_rule_create
transport_rule_create_ooo
allowed_ips