Stop ASP.NET SMTP Emails from Appearing in Office 365 Sent Items Without Affecting Manual Sends
We are sending Emails to our clients through an ASP.NET application using the SMTP protocol and using an O365 Account (email address removed for privacy reasons). The problem is that every time a mail (reset password, otp, campaigns, etc) is sent from asp.net application, a copy of that mail is created in the "Sent Items" of the Support mailbox. This is not needed and it is quickly filling our Support mailbox. How to stop this? Is there any setting in the Exchange Server? Please note that the Support mailbox is also used by our company support representative to send resolutions to customers using O365 Outlook Web Access. The mails send by the representative are very much needed in the sent items. It's only the ASP.NET-sent mails that we want to prevent in the "Sent Items".
Automatic Reply to sender with Exchange Online
Hello everyone, I need to create a rule for a user that will respond to the sender in Exchange Online. When I go to the Exchange Online setup, I don't have the option to reply to the sender. I tried to configure Outlook with a rule but Outlook must be open for it to work. Is there a solution?Thank youFinding Unused Proxy Addresses for Exchange Online Mail-Enabled Objects
A request came in about how to find unused proxy addresses for Exchange Online mail-enabled objects. There's no out-of-the-box report available for proxy address usage, but we can solve the problem by using a PowerShell script to download historical message trace data to check every proxy address for all mailboxes against. The question then is what to do with the unused proxy addresses? https://practical365.com/find-unused-proxy-addresses/Use PowerShell to Analyze Junk Email and Intercept Traffic from Spammy Domains
Despite the best efforts of anti-spam solutions, some unwanted messages usually get through to user inboxes. This article explains how to analyze messages that end up in Junk Email and use the results to create a transport rule to block future traffic from the spammy domains. https://practical365.com/analyze-junk-email-block-spammy-domains/
Policy for limiting external domains and allowing particular external receivers
Hi community, According to the guide https://learn.microsoft.com/en-us/defender-office-365/outbound-spam-policies-external-email-forwarding i have created the following rule for our test domain: Rule description Apply this rule if 'X-MS-Exchange-Inbox-Rules-Loop' header matches the following patterns: '.' Do the following Set audit severity level to 'Medium' and reject the message and include the explanation 'Delivery not authorized, message refused' with the status code: '5.7.1' Except if recipients's address domain portion belongs to any of these domains: 'xyz.com' Rule Idea is to block all external mail forwardings except the ones directed to the domain xyz.com. ______________________________________________ Another rule testing i performed: Apply this rule if Is sent to 'Outside the organization' and sender's address domain portion belongs to any of these domains: 'localdomain.com' Do the following Set audit severity level to 'Medium' and reject the message and include the explanation 'external forwarding is not allowed' with the status code: '5.7.1' Except if recipients's address domain portion belongs to any of these domains: 'xyz.com'. Unfortunately this is not working and if i create mailbox-based rules that forward to mails lets say to gmail and to xyz.com both , the mails get dropped with explanation: Reason: [{LED=250 2.1.5 RESOLVER.MSGTYPE.AF; handled AutoForward addressed to external recipient};{MSG=};{FQDN=};{IP=};{LRT=}] For both cases i made sure the auto forwarding is enabled under "anti spam" rules in the security admin center. I receive in the mail flow logs messaged dropped for a mail located in xyz.com and in gmail.com. The forwarding configured in outlook on a mail from localdomain.com is intended to auto forward messages to a mail address in gmail.com and in xyz.com, where they mails should arrive. I am wondering what would be the correct policy in order to being able to except particular ext domain/ext mailbox. Another approach i found is to disable the auto fwd globally and to enable it for particular users only, but unfortunately can not be limited to whom the mailbox can forward and this is not useful solution for us. Regards Sofia
Emails delayed or not received.
Hello Please i need your help on this issue. Emails delayed or not received. We have noticed that since last Friday (3rd Oct) emails sent to @livener.net addresses have been delayed or not received. This is using the Outlook app, Apple Mail App and Outlook Online.so I do not believe it is a client issue. In particular a mail from massenzana @runeXXXX to Tony @liveXXXXX and Bernie @liveXXXXX on Friday evening has not been received. It was received by other recipients. Test mails from Tony @gmailXXXX to Tony @liveXXXXX and bernie @liveXXXXX sent at approx 09:40 have not been received. A mail from Bernie @soundXXXX sent at 07:02 this morning arrived at Tony @liveXXXX at 09:49
Why would a hacker/scammer put a domain INTO my exchange online admin?
OK so this is a weird one. I've been doing this a fairly long time but I'm not a full time exchange admin. I help my clients with exchange online often, but I'm a local IT pro, doing all sorts of screwdriver and software work, not just exchange. So maybe this isn't as bizarre as I think it is, but let's see. My client stopped receiving email 2 days ago. Alerted me to it yesterday. They don't know their password but no devices are asking for passwords, so I suspect it's not a password issue. I get logged into my admin and reset their password so we can get into their account. Suddenly they start getting asked for PW on phone and outlook, so we know that the password hadn't been changed prior. I get into account and see new rules sending all emails into archive and trash. So that explains that. So someone broke into the account with the correct password. Easily enough explained. Though weird that it would happen if the user didn't know their own password. So, one question is how did the scammer get into the account. I have looked at the login logs but I don't know what to sort/filter by to really find out anything helpful. Any ideas? So I got into the account and upon resetting his password he is forced to enable MFA. So that's done. I'm in the admin and what do I find? Two NEW domains in the settings. They are set up for exchange online. No users though. Not only that but I can't REMOVE the domains that aren't mine. I get this error when trying to remove it: "The domain coburnsfleetservices.com can't be removed at this time because it was purchased from Microsoft 365. It can only be used with your current Microsoft 365 account. You can remove it from the account once the subscription expires or is canceled." Also, in the emails missed in the past 48 hours we got one that said this: "A verified domain was added to your Avenue A Realty Advisors LLC account If this domain wasn't added by an admin in your organization, credentials might have been compromised and we suggest reviewing your password and multifactor authentication settings." I searched online and found contact info for one of the stolen/given domains. Called them and they said they had been hijacked 2 weeks ago, and their email used to send out payment requests to thousands of email addresses. Thought they had it solved a few days ago and it had been silent. Now this. So a second thing I'd like to find out is when exactly those domains were put into my exchange online account. Can I find that info from the logs? Additionally, WHY would someone move unrelated domains into my account? Maybe is the assumption that that happened before 2 weeks ago when that company's domain had been used to send out mass mail? Doesn't seem possible, because that company would have figured out that they no longer controlled their own domain and they couldn't have gotten control of the account again. Or...? I don't know. But while I've seen users tricked into giving out their passwords dozens of times, and their email used to try to solicit money from vendors, I've never seen another domain slipped in. Any ideas? And suggestions how to search the logs to get to the bottom of the missing puzzle pieces? Thanks for any leads!M365 Business Standard - Email Aliases not displaying how we would expect
New Microsoft 365 Business Standard and setup custom domain (example: testdomain . com) One User and test @ testdomain . com Setup one alias alias1 @ testdomain . com Per this link: https://learn.microsoft.com/en-us/microsoft-365/admin/email/add-another-email-alias-for-a-user?view=o365-worldwide I can add an alias the document claims the user can send out as the alias: Your users can now send from their aliases when using Outlook on the web. When the Set-OrganizationConfig -SendFromAliasEnabled $true cmdlet is set, users within the organization will get access to a list of checkboxes where each entry corresponds to an alias in their Outlook settings. Selecting an alias will make it appear in the From dropdown in the Compose form. I did this and confirmed it is enabled. I then went to Outlook web and did not see the aliases to pick from, but found I needed to go into Settings / Compose and Reply / Addresses to Send From I now see the from drop down: HOWEVER, the recipient (some of my gmail accounts or other test accounts) do NOT see it coming from the alias, but looks like it comes from my primary user @ mydomain . com vs the alias1 @ mydomain . com. If the recipient digs into the message header you cannot see it from the alias either. QUESTION 1 So WHAT needs to be done so when the recipient receives the email it looks like it came from the alias. QUESTION 2 A sender sends me an email to alias1 @ mydomain . com and it does arrive in Outlook Web, BUT it looks like it came to my primary test @ mydomain . com. IF I dig into the message header behind the scenes I do see it was sent to the alias. HOW can I have Outlook Web display that it was to the alias email and not the primary email? I probably could create rules to tag and or move to folders, but it would be nice to just easily tell in the client. Thanks in a advance! GregResolved: Hybrid Exchange Duplicate (Ghost) Mailbox Created After Assigning Exchange Online License
Summary During a hybrid Exchange migration, a user’s mailbox failed to migrate and mail flow broke due to a duplicate (ghost) mailbox automatically created in Exchange Online. Root Cause An Exchange Online Plan 2 license was mistakenly assigned to the user before migration. Azure AD sync then provisioned a cloud mailbox, even though the user already had an on-prem mailbox. This caused a hybrid mismatch — the user appeared in both environments, and migration failed with mailbox lookup errors. Resolution Steps Removed the Exchange Online Plan 2 license from the user account. Forced a DirSync (AAD Connect) synchronization. Verified that the mailbox existed only on-prem via PowerShell Get-Mailbox -Identity email address removed for privacy reasons | fl Name,RecipientTypeDetails,ExchangeGuid Confirmed the ghost mailbox was removed from Exchange Online. Re-ran migration batch successfully to Exchange Online. Verification Get-MailboxStatistics -Identity email address removed for privacy reasons | fl TotalItemSize,ItemCount,LastLogonTime Ensure only one mailbox object exists and mail flow routes correctly. Prevention Tips Don’t assign Exchange Online licenses to hybrid mailboxes before migration. Always verify mailbox location prior to assigning any license. Use PowerShell or EAC to check where the mailbox resides (on-prem vs. cloud). Environment Hybrid Exchange Deployment Exchange 2016 On-Premises Exchange Online (M365) Azure AD Connect This issue is not caused by connectors or mail flow settings, but by improper licensing before migration. Removing the license and resyncing resolves the ghost mailbox problem.
