[Last Call] Learn how to a build a cloud-first strategyRegister Now


Exchange email question

Posted on 2012-09-13
Medium Priority
Last Modified: 2012-09-13
I recently had an issue where a user's email started ending up in a mailbox that was supposed to only get emails from my electronic fax service. There was no forwarding on this users mailbox and there was nothing on the Exchangeserver or his AD user that would suggest that his mail get forwarded to this box. The email that ended up there was a dup or copy as this user got the original email. I deleted this email box and started over again and it is working fine. What do you think can cause that? The only way he was related to this box is that I added a user group on the Full Permissions on Exchange that had his user in it. No other user in this group was affected though, just him and he doesn't even have this box attatched to his Outlook. He really doesn't need it he is just part of a group or department that does. Wierd but I need to know how this can happen as it demonstrates a huge security risk.
Question by:vdms
  • 5
  • 2
  • 2
  • +1
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38395466
Only if there was a Outlook rule if no forwarding.
Does the users use any Handheld not sure if some settings change on it could cause the issue.

- Rancy

Expert Comment

ID: 38395544
did it still happen after a reboot?

Author Comment

ID: 38395547
They have thier mail on thier iphone. But generally they don't get these faxes. Maybe someone forwared him a fax from this box and then something wierd happened.
I will check his rules on his OUtlook as well. I didn't think to look there but still on the remade mail box they are not coming through.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 38395715
Reboot of what, the Exchangeserver?
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38396099
Please no Reboot as it isnt required and i guess "mo_patel" might have miss typed on this post trying for some other.

If it just happened once and you retried and it didnt happen so whatever caused was changed as i dont think the system can itself do this :(

- Rancy

Author Comment

ID: 38396124
HAs anyone ever seen this happen before?
LVL 47

Expert Comment

ID: 38396707
There’s likely a million scenarios in which this could have happened

However a couple of way this can happen

If the original Email remained in its original location, the email in the other mailbox would be a copy

There’s not many ways a email can be copied into another users mailbox

user could have accidentally copied it, or possibly used shortcut keys on the keyboard with Outlook being the active window resulting in some of them being copied.

So could have just been user error

Another way this could have happened is if the Fax Mailbox had accidentally been added as a delegate to the Users Mailbox.

If the emails were meeting related, the Delegate Mailbox cold have very easily received a copy of the mail message as "Delegate Receives Copies of meeting related messages" is an option.

If the user has FULL Mailbox access, delegate access isnt really required

This is a long shot, but i suppose its possible
If the user had cached exchange mode on, and was checking the Fax Mailbox
Quite possible when in the Inbox View the Some of the fax emails were cached to the users inbox in their OST (Virtually a Copy) When closing out of the Fax Mailbox User OST may have synced the changes back to their inbox showing that copy

I would tend to think the crux of the issue here is likely the users FULL Access to the Mailbox and or vice versa

To start I would probably look at reviewing the access to both mailboxes
Look at the users needs
Look at what the Fax mailbox needs to do

If the user only needs to view mail items in the fax mailbox
Full Access to the Exchange Account is probably a bit over kill
You can provide the user Delegate access to the Fax Mailbox Inbox with reviewer access
Make sure calendar access is set to None, and delegate is not set to receive copies of meeting related messages

Personally, I probably wouldn’t make too big of an issue with this being a Security Threat
As its likely to have been user error, a delegate setting, or a result of a user or mailbox having FULL Access to an mailbox.
If it turns out to be one of these things might look a bit silly
However, unfortunately because the Mailbox was deleted and recreated its really hard to say exactly how this occurred after the fact.

Author Comment

ID: 38396740
The user in question never had this mailbox on thier outlook but his partner did. I'm thinking now that one of rules may gone bonkers. I need to check this because she's rules that have done some crazy things cause she set it wrong. It's possible that she had a rule that forward a copy of these emails in that box by accident. A longshot but an explanation.  Even though this issue was fixed I just wanted an enquirey in case it happens again. ALso, the person in question was the vice president of the company and important emails went into a mailbox that others were not supposed to view. Nothing happened but certainly could have been a problem.
LVL 47

Accepted Solution

apache09 earned 2000 total points
ID: 38396873
In that case I would certainly review the users permissions on each users mailboxes
The questiong that need to be asked is who needs what access to do what and can they acheive the same thing with reduced access

If there are any security concerns I would say they are going to be around individual user permissions

Author Closing Comment

ID: 38396911
This is where I will look in the future. Thank you.

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question