mailbox autogenerates drafts

Mikayel Mikayelyan 61 Reputation points


I have an end user that account is auto generating drafts that look like this:

Currently we are in Exchange 2016 on premise environment. No hybrid.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,523 questions
0 comments No comments
{count} votes

Accepted answer
  1. Yuki Sun-MSFT 29,706 Reputation points

    Hi @Mikayel Mikayelyan ,

    From the description and the image you shared above, looks like the issue is related to the proxyshell vulnerability. As mentioned in the blog, "if you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities".

    So for current situation, it's suggested to run the Microsoft Safety Scanner (MSERT) to help detect and remove the malware in place, then immediately install the latest Exchange 2016 CU 21 and July 21 security patches to protect your environment from these vulnerabilities.

    Here's a thread which discusses a similar issue in Exchange 2019 for your referenceļ¼š
    Unexpected Spam email in Outlook Draft folder

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Mikayel Mikayelyan 61 Reputation points

    Hi there I need advice for my current situation, I have 2 compromised encrypted Exchange servers but they have metadata in AD so I have installed new server but in the console I still can see old data from those servers but I can't uninstall or do anything from EXShell. What is the best practices in this case ? Maybe I need to remove all data using ADSI Edit before installing new server? Or there is way only remove info for those 2 servers they have DAG as well.