Hey everyone, I'm having a tough time filtering out spam emails with a specific subject line from all the mailboxes on our On-Prem Exchange Servers. I'm using a PowerShell command that looks like this: `Get-Mailbox -resultsize unlimited | Search-Mailbox -Searchquery 'subject:"This is SPAM"' -targetmailbox admin -TargetFolder SearchLOG -LogOnly -LogLevel Full`. The issue is that it keeps returning emails that contain any of the words "This", "is", or "SPAM" individually in the subject, which means I'm getting a lot of false positives and I can't automate the deletion of these emails. I've tried several variations of the search query, including wrapping the subject in single quotes and using variables, but nothing works. I feel like it's just a small syntax error that's eluding me. Can anyone point me in the right direction?
2 Answers
Have you checked the syntax in the official Microsoft documentation? It might help to verify if there's a specific example that closely matches what you're trying. Here's a link that could assist you: https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/search-mailbox?view=exchange-ps. Another tip could be to wrap the whole subject in quotes again just for good measure.
From what I remember, the syntax for the Search-Mailbox command should be similar to what you're using: `-Searchquery 'subject:"This is SPAM"'`. Make sure that you don't have any additional spaces or characters in your command. Also, consider testing it on just one mailbox first to ensure it behaves as expected before running it on all mailboxes. Sometimes simplifying the command helps isolate the issue.
Yeah, I thought the same. But I tried it too and it’s still returning tons of false hits. It's frustrating!
I've looked at the documentation, but it just seems like a syntax thing. I’ll give the quotes another shot and see if that helps!