Owners emails going from Inbox to Deleted items automatically when sent to assistant

thecomputerguy

thecomputerguy

Well-Known Member
Reaction score
1,358
Seems like a simple stupid silly rule but I have verified that there are no rules in Outlook or OWA for this mailbox.

I'm going to ask her to turn her cellphone off to see if there is some rogue rule on her phone causing this.

When I send an email from Owner@ to Assistant@ it pops up in the Inbox for half a second then dissapears. When searching for said email it can be found in the Deleted Items.

Any ideas here? I will report back if the cell phone is the issue.
 
Gotta use the script to find "hidden rules"....the slightly more advanced bad actors will do hidden forwarding rules, not the amateur ones out in plain sight in the Outlook client (rare...that has to be done from the workstation), or...more common...OWA.

Also check mail flow rules in EAC
 
YeOldeStonecat said:
Gotta use the script to find "hidden rules"....the slightly more advanced bad actors will do hidden forwarding rules, not the amateur ones out in plain sight in the Outlook client (rare...that has to be done from the workstation), or...more common...OWA.

Also check mail flow rules in EAC
Click to expand...
Markverhyden said:
Did you check both EU and domain mail flow rules?
Click to expand...


EAC Mail flow rules do not show any rule regarding this issue.

Using this command displays NO inbox rules

Get-InboxRule -Mailbox Joe@Contoso.com
 
That's the command to get standard forwarding rules....which will just show you what you already looked for and saw...visible rules. but you want the switch added -IncludeHidden
Get-InboxRule -Mailbox joe@contoso.com -IncludeHidden

learn.microsoft.com

Get-InboxRule (ExchangePowerShell)

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in...
learn.microsoft.com

Also good to check all mailboxes for all rules...just to eyeball them.
instead of joe@contoso, you'd put in -ResultSize Unlimited
 
Interesting. Shutdown Outlook. Send a test from owner@ to associate@. Wait like 2-3 minutes. Then log into OWA to see what's happening.
 
Markverhyden said:
Interesting. Shutdown Outlook. Send a test from owner@ to associate@. Wait like 2-3 minutes. Then log into OWA to see what's happening.
Click to expand...

I had her shut her phone off and then I sent a message and it was delivered properly. Turns out she has her email setup in in Outlook for iOS and the Apple Mail app. I had her remove her email from both apps. We re-added the account to Outlook for iOS and everything is working properly now.

I'm not sure if you can access rules through Outlook for iOS but I didn't bother pushing that.
 
britechguy said:
Rant not aimed at anyone here, but what *genius* came up with the idea of hidden rules?!! They should be shot!
Click to expand...

Heh...valid question...off the top of my head, and even after pondering for a few minutes....I cannot think of a legit answer!
...coming back 30 seconds later, one popped into my head, "IT/Admin might need it to watch suspect employee"...? //grasping at straws...
 
YeOldeStonecat said:
Heh...valid question...off the top of my head, and even after pondering for a few minutes....I cannot think of a legit answer!
...coming back 30 seconds later, one popped into my head, "IT/Admin might need it to watch suspect employee"...? //grasping at straws...
Click to expand...

I'd say that is grasping at straws. Most employees that an IT/Admin might need to watch would never have access to what the IT/Admin legitimately has access to. And if it's an IT/Admin being watched, then a chicken and egg situation that's quite thorny exists.

I can't think of a single reason that validates hidden rules. It's a disaster just waiting to happen.
 
britechguy said:
Rant not aimed at anyone here, but what *genius* came up with the idea of hidden rules?!! They should be shot!
Click to expand...
The same one that came up with undocumented features.......

But seriously. There are many reasons that could justify why that is there. Just because someone works for an organization at some level of trust doesn't mean you give them the keys to the kingdom.

britechguy said:
Employees that an IT/Admin might need to watch would never have access to what the IT/Admin legitimately has access to.
Click to expand...
That's not the point. Each email user can see the mail flow rules in their account in OWA. I'm presuming hidden means the rules can only be seen by those with that role enabled for their login
 
Last edited:
Markverhyden said:
I'm presuming hidden means the rules can only be seen by those with that role enabled for their login
Click to expand...

Well, that, too makes sense, but I'd hope someone logged in as a GA sees *everything* without the need to specify.

I still don't quite get it, because as far as I'm concerned they should always be in that state. You don't look at things that "prying eyes shouldn't see" if said eyes are present.
 
britechguy said:
Well, that, too makes sense, but I'd hope someone logged in as a GA sees *everything* without the need to specify.

I still don't quite get it, because as far as I'm concerned they should always be in that state. You don't look at things that "prying eyes shouldn't see" if said eyes are present.
Click to expand...
I understand. But at the end of the day I tend to fall back on the Serenity Prayer. Worry about the stuff I can do something about and let the rest just roll off my back.
 
This almost sounded like the issue back in the day when people still used pop3 and if a device was new or out of order when it recieved e-mails it would delete them from the server. That was fun back in the day.
 
LOL yeah good old Outlook Express days...and POP3. Back in the days when a household had just 1 computer, the only device checking the email.

Hopefully POP3 and IMAP are disabled on the OPs tenant...and that's not happening! Both of those soooo exploitable!
 
YeOldeStonecat said:
Gotta use the script to find "hidden rules"....the slightly more advanced bad actors will do hidden forwarding rules, not the amateur ones out in plain sight in the Outlook client (rare...that has to be done from the workstation), or...more common...OWA.
Click to expand...
I always check OWA. Can hidden rules be added to a regular user or are they only available to GAs or other admins?
 
YeOldeStonecat said:
Also good to check all mailboxes for all rules...just to eyeball them.
instead of joe@contoso, you'd put in -ResultSize Unlimited
Click to expand...

I tested this and it appears that in order to check all mailboxes in a tenant, you need to do looping, right? Something like this (says CoPilot):

Code: 
# Get all mailboxes in the tenant
$mailboxes = Get-Mailbox -ResultSize Unlimited


# Retrieve inbox rules for each mailbox
$mailboxes | ForEach-Object {
    $mailbox = $_.PrimarySmtpAddress
    Get-InboxRule -Mailbox $mailbox | Select-Object @{Name="Mailbox";Expression={$mailbox}}, Name, Description
}

Also, when you do this, you'll discover that every mailbox has a "Junk -E-mail Rule" that is hidden. This is created for everyone and uses the tenant settings for Junk threshold as well as the individual user's safe-senders list to move email to the Junk folder. This may provide some additional guidance on why hidden rules exist - MS Created them to hide the Junk settings?

This seems like a useful tool to have in my arsenal, so here is a ChatGPT-generated, personally-modified powershell script to get all of the inbox rules for a tenant and write them to a file for review. I just tested on a tenant successfully:

Code: 
# Load the Exchange Online module if not already loaded
if (-not (Get-Module -Name ExchangeOnlineManagement)) {
    Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber
}


# Connect to Exchange Online (you will need to provide credentials)
Write-Host "Connecting to Exchange Online..."
$UserCredential = Get-Credential
Connect-ExchangeOnline -UserPrincipalName $UserCredential.UserName -ShowProgress $true


# Function to get inbox rules, including hidden, for a specific mailbox
function Get-MailboxRules {
    param (
        [string]$Mailbox
    )


    # Get the inbox rules for the mailbox
    $rules = Get-InboxRule -Mailbox $Mailbox -ErrorAction SilentlyContinue -IncludeHidden


    # Return the rules along with the mailbox name and other information about the rule
    return $rules | Select-Object @{Name='Mailbox';Expression={$Mailbox}}, Name, From, Description, SubjectContainsWords, BodyContainsWords, HeaderContainsWords, MyNameInToBox, ForwardTo, RedirectTo, MoveToFolder, DeleteMessage, CopyToFolder, SendTextMessageNotificationTo, Enabled, IsHidden, Priority, Action, Condition
}


# Get all mailboxes in the tenant
$allMailboxes = Get-Mailbox -ResultSize Unlimited


# Initialize an array to hold all rules
$allRules = @()


# Loop through each mailbox and retrieve its inbox rules
foreach ($mailbox in $allMailboxes) {
    Write-Host "Retrieving inbox rules for mailbox: $($mailbox.UserPrincipalName)"
    $mailboxRules = Get-MailboxRules -Mailbox $mailbox.UserPrincipalName
    $allRules += $mailboxRules
}


# Specify the output file path
$outputFile = "C:\temp\MailboxInboxRules.csv"


# Export the rules to a CSV file
Write-Host "Exporting inbox rules to file: $outputFile"
$allRules | Export-Csv -Path $outputFile -NoTypeInformation -Force


# Disconnect from Exchange Online
Disconnect-ExchangeOnline -Confirm:$false


Write-Host "Script completed. All inbox rules are exported to $outputFile."


Lastly, if you DO find any hidden rules, you can only delete them with powershell, since they are hidden (duh) in the GUI.

Code: 
Remove-InboxRule -Mailbox Joe@Contoso.com -Identity "ProjectA-MoveToFolderA"
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Client claims emails are "vanishing".
Replies
7
Views
1K
YeOldeStonecat
YeOldeStonecat
autumn
Exchange 2010h
Replies
12
Views
2K
autumn
autumn
Back
Top