Artic6 Blog

prod@blog:~$

Powershell : Exchange Transport Rules with a wordlist

9.12.24 by artic6


I had a requirement the other week to create a wordlist block in the form of a Transport rule which will block messages based on a keyboard in the subject or body from outside the company.

This is pretty simple to complete, but what if that list is 500 words or more, I did not like the idea of manually adding each word to a ruleset so this is where Powershell can save you from lots of manual administrative effort.

This is that wordlist save to a file as "wordlist.txt" as you can see below:


We now need to format all these words into a list so that it can be used in a transport rule, so this required some formatting from Powershell, this is the script:

Script : WordsConvertor.ps1

This script will take the wordlist.txt, apply the correct formatting to this list and then export it ot TransportWords.txt

$inputFile = "Wordlist.txt"
$outputFile = "TransportWords.txt"

$words = Get-Content -Path $inputFile
$wordString = "'{0}'" -f ($words -join "','")

$output = "`$Keywords = @($wordString)"
$output | Out-File -FilePath $outputFile

The output of this will be a transport rule friendly format as you can see below:

$Keywords = @('Grizzly','Kodiak','Panda','Polar','Black','Brown','Claw','Fur','Paw','Roar','Hibernate','Cave','Forest','Salmon','Honey','Bamboo','Cubs','Den','Wild','Mammal','Furry','Predator','Climber','Growl','Alaska','Canada','Tundra','Omnivore','Wilderness','Cozy','Snout','Woodland','Prowl','Grazing','Beast','Massive','Quiet','Hunting','Feral','Gentle','Shaggy','Alaskan','Ursine','Solitude','Arboreal','Lair','Tracks','Pelt','Skull','Bone','Evil','Sorcerer','Mystic','Staff','Magic','Villain','Castle','Power','Dark','Shadow','Phantom','Cloak','Cackle','Demonic','Doom','Curse','Warrior','Undead','Necro','Dagger','Shadowy','Master','Grim','Wraith','Terror','Ruin','Wrath','Cursed','Malevolent','Shroud','Fear','Haunt','Chilling','Enigma','Shrieking','Ancient','Sinister','Malice','Agony','Dread','Mysterious','Sorcery','Eldritch','Fiend','Lurking','Realm','Hollow','Skeletal','Savage','Stalker','Beastly','Alpha','Frenzy','Lurk','Chaos','Veil','Shiver','Totem','Abyss','Ritual','Howl','Cold','Death','Throne','Mask','Immortal','Fangs')

Now you can take this wordlist and apply this to a transport rule created in Powershell as below:

Script : WordListTransportRule.ps1

# Connect to Exchange Online
Connect-ExchangeOnline

# Create array of keywords
$Keywords = @('Grizzly','Kodiak','Panda','Polar','Black','Brown','Claw','Fur','Paw','Roar','Hibernate','Cave','Forest','Salmon','Honey','Bamboo','Cubs','Den','Wild','Mammal','Furry','Predator','Climber','Growl','Alaska','Canada','Tundra','Omnivore','Wilderness','Cozy','Snout','Woodland','Prowl','Grazing','Beast','Massive','Quiet','Hunting','Feral','Gentle','Shaggy','Alaskan','Ursine','Solitude','Arboreal','Lair','Tracks','Pelt','Skull','Bone','Evil','Sorcerer','Mystic','Staff','Magic','Villain','Castle','Power','Dark','Shadow','Phantom','Cloak','Cackle','Demonic','Doom','Curse','Warrior','Undead','Necro','Dagger','Shadowy','Master','Grim','Wraith','Terror','Ruin','Wrath','Cursed','Malevolent','Shroud','Fear','Haunt','Chilling','Enigma','Shrieking','Ancient','Sinister','Malice','Agony','Dread','Mysterious','Sorcery','Eldritch','Fiend','Lurking','Realm','Hollow','Skeletal','Savage','Stalker','Beastly','Alpha','Frenzy','Lurk','Chaos','Veil','Shiver','Totem','Abyss','Ritual','Howl','Cold','Death','Throne','Mask','Immortal','Fangs')

# Create transport rule
New-TransportRule `
    -Name "Bear/Skeletor ReDirect Rule" `
    -From "naughty.bear@croucher.cloud","evil.bear@croucher.cloud" `
    -SubjectOrBodyContainsWords $Keywords `
    -RedirectMessageTo "nobears@croucher.cloud" `
    -Enabled $false

# Verify rule status
Get-TransportRule "Bear/Skeletor ReDirect Rule" | Select-Object Name, State

This will then create your Transport rule which will be disabled, once you have check this you can then enable your transport rule.
, , , , ,