< Back
Get-RecentFailedMessage
Post
NAME Get-RecentFailedMessage
SYNOPSIS
Show failed messages sent to the exchange server in the last hour
SYNTAX
Get-RecentFailedMessage [[-PastHours] <Int32>] [[-recipients] <String[]>] [-FormatView] [-IncludeSophos]
[<CommonParameters>]
DESCRIPTION
Filter the message tracking log for failed messages not caught by Sophos i.e PmE12Transport.
This filtering should be checked regularly as messages failing here will not show up anywhere else.
This cmdlet wraps Get-MessageTrackingLog and requires the exchange cmdlets to be loaded. see `Import-MailServer`
PARAMETERS
-PastHours <Int32>
Past amound of hours to get results
Required? false
Position? 1
Default value 1
Accept pipeline input? false
Accept wildcard characters? false
-recipients <String[]>
Filter for a specific recipient
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-FormatView [<SwitchParameter>]
Friendly view that cannot be consumed down the pipe
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-IncludeSophos [<SwitchParameter>]
Include mail sent to the sophos agent
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
SourceContext as PmE12Transport is the Sophos spam filter engine.
SourceContext as Sender Id Agent is an exchange filter agent.
RecipientStatus as "550 5.7.1 Sender ID (PRA) Not Permitted" is an Incorrect SPF record for sender domain and
clientIP
See Get-, Add-, Remove-BypassedSender
Politely message the sending domain technical support their DNS is configured incorrectly.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-RecentFailedMessage -FormatView
Auto format the output to be easily read. Data not suitable for piping.
Timestamp Sender Recipients MessageSubject
--------- ------ ---------- --------------
07/02/2017 11:17:42 Sent@example.com {demo@example.com} Re: Example
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-RecentFailedMessage -FormatView -IncludeSophos
Auto format the output to be easily read. Includes the spam filter that normally has its own console.
Timestamp SourceContext Sender Recipients MessageSubject
--------- ------------- ------ ---------- --------------
29/09/2017 11:33:40 PmE12Transport ABC@example.com {internal@example.com} Invoice
29/09/2017 11:33:50 Sender Id Agent DEF@example.com {internal@example.com} RE: Quick Quest
Data not suitable for piping.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-RecentFailedMessage | select SourceContext,recipientstatus,sender,ClientIP
Make a table of any column headers, do not use a format switch as if cannot be used down the pipeline.
SourceContext RecipientStatus Sender ClientIP
------------- --------------- ------ ---------
Sender Id Agent {550 5.7.1 Sender ID (PRA) Not Permitted} sent@example.com 127.0.0.1
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Get-RecentFailedMessage -IncludeSophos | measure
Check the number of blocked messages in the last hour
Count : 231
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Get-RecentFailedMessage -recipients userA@example.com
Gets messages that have faild in the last hour for a specific user account.
EventId Source Sender Recipients MessageSubject
------- ------ ------ ---------- --------------
FAIL SMTP SpamSender@example.com {userA@example.com} Invoice
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>Get-RecentFailedMessage | select -first 1 | format-list *
Show all the property : values of one message object.
PSComputerName : org-server.org.internal
RunspaceId : 4e7dfba1-dd6a-4076-84f2-9ed78b888854
PSShowComputerName : False
Timestamp : 29/09/2017 11:38:05
ClientIp : 222.127.163.110
ClientHostname : ORG-SERVER
ServerIp : 10.201.0.25
ServerHostname :
SourceContext : Sender Id Agent
ConnectorId : ORG-SERVER\\Default ORG-SERVER
Source : SMTP
EventId : FAIL
InternalMessageId : 0
MessageId : <2a228e10-9af9-83bc-aa16-7b526ca3e832@example.com>
Recipients : {UserD@example.com}
RecipientStatus : {550 5.7.1 Sender ID (PRA) Domain Does Not Exist}
TotalBytes : 0
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : Invoice
Sender : Spammer@example.com
ReturnPath : Spammer@example.com
MessageInfo :
MessageLatency :
MessageLatencyType : None
EventData :3
Inspect every propery of a message. Usefull to find property names you might want to make a table off.
i.e. Get-RecentFailedMessage | select ClientIp,RecipientCount,Sender,ReturnPath
RELATED LINKS
SYNOPSIS
Show failed messages sent to the exchange server in the last hour
SYNTAX
Get-RecentFailedMessage [[-PastHours] <Int32>] [[-recipients] <String[]>] [-FormatView] [-IncludeSophos]
[<CommonParameters>]
DESCRIPTION
Filter the message tracking log for failed messages not caught by Sophos i.e PmE12Transport.
This filtering should be checked regularly as messages failing here will not show up anywhere else.
This cmdlet wraps Get-MessageTrackingLog and requires the exchange cmdlets to be loaded. see `Import-MailServer`
PARAMETERS
-PastHours <Int32>
Past amound of hours to get results
Required? false
Position? 1
Default value 1
Accept pipeline input? false
Accept wildcard characters? false
-recipients <String[]>
Filter for a specific recipient
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-FormatView [<SwitchParameter>]
Friendly view that cannot be consumed down the pipe
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-IncludeSophos [<SwitchParameter>]
Include mail sent to the sophos agent
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
SourceContext as PmE12Transport is the Sophos spam filter engine.
SourceContext as Sender Id Agent is an exchange filter agent.
RecipientStatus as "550 5.7.1 Sender ID (PRA) Not Permitted" is an Incorrect SPF record for sender domain and
clientIP
See Get-, Add-, Remove-BypassedSender
Politely message the sending domain technical support their DNS is configured incorrectly.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-RecentFailedMessage -FormatView
Auto format the output to be easily read. Data not suitable for piping.
Timestamp Sender Recipients MessageSubject
--------- ------ ---------- --------------
07/02/2017 11:17:42 Sent@example.com {demo@example.com} Re: Example
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-RecentFailedMessage -FormatView -IncludeSophos
Auto format the output to be easily read. Includes the spam filter that normally has its own console.
Timestamp SourceContext Sender Recipients MessageSubject
--------- ------------- ------ ---------- --------------
29/09/2017 11:33:40 PmE12Transport ABC@example.com {internal@example.com} Invoice
29/09/2017 11:33:50 Sender Id Agent DEF@example.com {internal@example.com} RE: Quick Quest
Data not suitable for piping.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-RecentFailedMessage | select SourceContext,recipientstatus,sender,ClientIP
Make a table of any column headers, do not use a format switch as if cannot be used down the pipeline.
SourceContext RecipientStatus Sender ClientIP
------------- --------------- ------ ---------
Sender Id Agent {550 5.7.1 Sender ID (PRA) Not Permitted} sent@example.com 127.0.0.1
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Get-RecentFailedMessage -IncludeSophos | measure
Check the number of blocked messages in the last hour
Count : 231
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Get-RecentFailedMessage -recipients userA@example.com
Gets messages that have faild in the last hour for a specific user account.
EventId Source Sender Recipients MessageSubject
------- ------ ------ ---------- --------------
FAIL SMTP SpamSender@example.com {userA@example.com} Invoice
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>Get-RecentFailedMessage | select -first 1 | format-list *
Show all the property : values of one message object.
PSComputerName : org-server.org.internal
RunspaceId : 4e7dfba1-dd6a-4076-84f2-9ed78b888854
PSShowComputerName : False
Timestamp : 29/09/2017 11:38:05
ClientIp : 222.127.163.110
ClientHostname : ORG-SERVER
ServerIp : 10.201.0.25
ServerHostname :
SourceContext : Sender Id Agent
ConnectorId : ORG-SERVER\\Default ORG-SERVER
Source : SMTP
EventId : FAIL
InternalMessageId : 0
MessageId : <2a228e10-9af9-83bc-aa16-7b526ca3e832@example.com>
Recipients : {UserD@example.com}
RecipientStatus : {550 5.7.1 Sender ID (PRA) Domain Does Not Exist}
TotalBytes : 0
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : Invoice
Sender : Spammer@example.com
ReturnPath : Spammer@example.com
MessageInfo :
MessageLatency :
MessageLatencyType : None
EventData :3
Inspect every propery of a message. Usefull to find property names you might want to make a table off.
i.e. Get-RecentFailedMessage | select ClientIp,RecipientCount,Sender,ReturnPath
RELATED LINKS