Exchange email question

I recently had an issue where a user's email started ending up in a mailbox that was supposed to only get emails from my electronic fax service. There was no forwarding on this users mailbox and there was nothing on the Exchangeserver or his AD user that would suggest that his mail get forwarded to this box. The email that ended up there was a dup or copy as this user got the original email. I deleted this email box and started over again and it is working fine. What do you think can cause that? The only way he was related to this box is that I added a user group on the Full Permissions on Exchange that had his user in it. No other user in this group was affected though, just him and he doesn't even have this box attatched to his Outlook. He really doesn't need it he is just part of a group or department that does. Wierd but I need to know how this can happen as it demonstrates a huge security risk.
Who is Participating?
apache09Connect With a Mentor Commented:
In that case I would certainly review the users permissions on each users mailboxes
The questiong that need to be asked is who needs what access to do what and can they acheive the same thing with reduced access

If there are any security concerns I would say they are going to be around individual user permissions
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Only if there was a Outlook rule if no forwarding.
Does the users use any Handheld not sure if some settings change on it could cause the issue.

- Rancy
did it still happen after a reboot?
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

vdmsAuthor Commented:
They have thier mail on thier iphone. But generally they don't get these faxes. Maybe someone forwared him a fax from this box and then something wierd happened.
I will check his rules on his OUtlook as well. I didn't think to look there but still on the remade mail box they are not coming through.
vdmsAuthor Commented:
Reboot of what, the Exchangeserver?
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Please no Reboot as it isnt required and i guess "mo_patel" might have miss typed on this post trying for some other.

If it just happened once and you retried and it didnt happen so whatever caused was changed as i dont think the system can itself do this :(

- Rancy
vdmsAuthor Commented:
HAs anyone ever seen this happen before?
There’s likely a million scenarios in which this could have happened

However a couple of way this can happen

If the original Email remained in its original location, the email in the other mailbox would be a copy

There’s not many ways a email can be copied into another users mailbox

user could have accidentally copied it, or possibly used shortcut keys on the keyboard with Outlook being the active window resulting in some of them being copied.

So could have just been user error

Another way this could have happened is if the Fax Mailbox had accidentally been added as a delegate to the Users Mailbox.

If the emails were meeting related, the Delegate Mailbox cold have very easily received a copy of the mail message as "Delegate Receives Copies of meeting related messages" is an option.

If the user has FULL Mailbox access, delegate access isnt really required

This is a long shot, but i suppose its possible
If the user had cached exchange mode on, and was checking the Fax Mailbox
Quite possible when in the Inbox View the Some of the fax emails were cached to the users inbox in their OST (Virtually a Copy) When closing out of the Fax Mailbox User OST may have synced the changes back to their inbox showing that copy

I would tend to think the crux of the issue here is likely the users FULL Access to the Mailbox and or vice versa

To start I would probably look at reviewing the access to both mailboxes
Look at the users needs
Look at what the Fax mailbox needs to do

If the user only needs to view mail items in the fax mailbox
Full Access to the Exchange Account is probably a bit over kill
You can provide the user Delegate access to the Fax Mailbox Inbox with reviewer access
Make sure calendar access is set to None, and delegate is not set to receive copies of meeting related messages

Personally, I probably wouldn’t make too big of an issue with this being a Security Threat
As its likely to have been user error, a delegate setting, or a result of a user or mailbox having FULL Access to an mailbox.
If it turns out to be one of these things might look a bit silly
However, unfortunately because the Mailbox was deleted and recreated its really hard to say exactly how this occurred after the fact.
vdmsAuthor Commented:
The user in question never had this mailbox on thier outlook but his partner did. I'm thinking now that one of rules may gone bonkers. I need to check this because she's rules that have done some crazy things cause she set it wrong. It's possible that she had a rule that forward a copy of these emails in that box by accident. A longshot but an explanation.  Even though this issue was fixed I just wanted an enquirey in case it happens again. ALso, the person in question was the vice president of the company and important emails went into a mailbox that others were not supposed to view. Nothing happened but certainly could have been a problem.
vdmsAuthor Commented:
This is where I will look in the future. Thank you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.