question

MikayelMikayelyan-7130 avatar image
0 Votes"
MikayelMikayelyan-7130 asked YukiSun-MSFT commented

mailbox autogenerates drafts

Greetings

I have an end user that account is auto generating drafts that look like this:
134982-e67c9381-4b7c-4f1d-9566-3fde7af9f862-image002.png



Currently we are in Exchange 2016 on premise environment. No hybrid.

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YukiSun-MSFT avatar image
0 Votes"
YukiSun-MSFT answered

Hi @MikayelMikayelyan-7130,

From the description and the image you shared above, looks like the issue is related to the proxyshell vulnerability. As mentioned in the blog, "if you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities".

So for current situation, it's suggested to run the Microsoft Safety Scanner (MSERT) to help detect and remove the malware in place, then immediately install the latest Exchange 2016 CU 21 and July 21 security patches to protect your environment from these vulnerabilities.

Here's a thread which discusses a similar issue in Exchange 2019 for your reference:
Unexpected Spam email in Outlook Draft folder


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MikayelMikayelyan-7130 avatar image
0 Votes"
MikayelMikayelyan-7130 answered YukiSun-MSFT commented

Hi there I need advice for my current situation, I have 2 compromised encrypted Exchange servers but they have metadata in AD so I have installed new server but in the console I still can see old data from those servers but I can't uninstall or do anything from EXShell. What is the best practices in this case ? Maybe I need to remove all data using ADSI Edit before installing new server? Or there is way only remove info for those 2 servers they have DAG as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MikayelMikayelyan-7130,

I have 2 compromised encrypted Exchange servers but they have metadata in AD so I have installed new server...

Normally in DAG environment, we can follow the steps in this document to recover a memeber server.

Then please understand that in this thread, we are mainly discussing about the auto generated drafts issue as indicated by the initial post and it's not that relevant to your new query, so for your new question, it would be best if you try to open up a new thread for further discussion. You can include some more details like what you mean by "in the console I still can see old data from those servers but I can't uninstall or do anything from EXShell" so that our community members can understand better about your situation. Thanks for your understanding.



0 Votes 0 ·