Listen to this Post
The Microsoft Exchange “coding error” saga continues into its third week, with a new issue emerging: emails being “mistakenly quarantined.” Microsoft is currently investigating an Exchange Online bug that is causing anti-spam systems to incorrectly quarantine some users’ emails. While the company has not yet disclosed which regions are affected, this incident has been marked as a critical service issue and is being tracked under EX1038119 on the Microsoft 365 admin center. For more details, you can read the BleepingComputer write-up here: BleepingComputer .
You Should Know:
1. Understanding the Issue:
- The bug in Microsoft Exchange Online is causing legitimate emails to be flagged as spam and quarantined. This can lead to significant disruptions in communication, especially for businesses relying on email for critical operations.
- How to Check if Your Emails Are Affected:
– Log in to the Microsoft 365 admin center.
– Navigate to the Service Health dashboard.
– Look for the incident tagged as EX1038119 to see if your organization is impacted.
3. Steps to Release Quarantined Emails:
- Go to the Security & Compliance Center in Microsoft 365.
- Navigate to Threat Management > Review > Quarantine.
- Search for any emails that may have been incorrectly quarantined.
- Select the emails and click Release to deliver them to the intended recipients.
4. Temporary Workaround:
- Adjust the spam filter settings to lower the sensitivity temporarily:
- Use PowerShell to modify the spam filter policy:
Set-HostedContentFilterPolicy -Identity "Default" -HighConfidenceSpamAction MoveToJmf -SpamAction MoveToJmf
- This will move suspected spam to the Junk Email folder instead of quarantining it.
5. Monitor Email Traffic:
- Use the following PowerShell command to monitor email traffic and check for any anomalies:
Get-MessageTrace -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date) | Where-Object {$_.Status -eq "Quarantined"}
6. Stay Updated:
- Regularly check the Microsoft 365 admin center for updates on the issue.
- Subscribe to Microsoft’s service health notifications to receive real-time updates.
What Undercode Say:
The ongoing issues with Microsoft Exchange highlight the importance of robust email management and monitoring systems. While Microsoft works on a permanent fix, administrators should take proactive steps to mitigate the impact on their organizations. Here are some additional commands and practices to enhance your email security and monitoring:
- Linux Command to Monitor Email Logs:
tail -f /var/log/mail.log
This command allows you to monitor email logs in real-time on a Linux server.
-
Windows Command to Check Email Queue:
Get-Queue
This PowerShell command helps you check the email queue on an Exchange server.
-
Check for Malware in Emails:
Use ClamAV to scan emails for malware:
clamscan -r /var/mail
- Backup Emails:
Regularly back up your emails to avoid data loss:tar -czvf mail_backup.tar.gz /var/mail
-
Update Spam Filters:
Ensure your spam filters are up-to-date to reduce false positives:sa-update
-
Test Email Flow:
Use the following command to test email flow and ensure emails are being delivered correctly:telnet mailserver.com 25
-
Check DNS Records:
Verify your DNS records to ensure proper email delivery:dig mx yourdomain.com
-
Monitor Exchange Server Performance:
Use the following PowerShell command to monitor the performance of your Exchange server:Get-ExchangeServer | Get-ServerHealth
Expected Output:
By following the steps and commands outlined above, you can effectively manage and mitigate the impact of the Microsoft Exchange bug. Stay vigilant, keep your systems updated, and regularly monitor your email traffic to ensure smooth communication within your organization. For further updates, refer to the BleepingComputer .
References:
Reported By: Charlescrampton The – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
