Mail rule may get me fired.
Posted by Outrageous-Chip-1319@reddit | sysadmin | View on Reddit | 329 comments
My junior made a mail rule that sent all incoming mail for 45 minutes to a new shared mailbox.
The rule was iron clad. "If this highly specific phrase is in the subject or body, send to this mailbox". THATS IT. When it was turned on all email was redirected. That would be like if my 16 char complex password was the phrase and every email coming in had it in the subject. It's just not possible.
Even copilot was wtf that shouldn't have happened. When we got word it was shut down and it stopped. I'm staring at this rule like what the fuck. It was last on the list and yet somehow superceded all the others.
I'm trying to figure out what went wrong.
Sea_Fault4770@reddit
"The rule was iron clad."
Nope. It wasn't.
TheRealLambardi@reddit
We’ve all been there…sometimes for days…….
Ok-Bill3318@reddit
lol “even copilot was wtf”
Copilot is about as useful as a chocolate teapot in my experience.
Annihilannic@reddit
Look, if you don't want your chocolate teapot, I'll eat it.
Hasuko@reddit
It did my yearly review for me. I had no idea what the hell I've done this last year since I do so much stuff so getting it to go through my teams history and recap it for me was great.
Ok-Bill3318@reddit
Did you check it for actual accuracy? Because as above I had it hallucinate a bunch of email summaries that included people who didn’t exist when it said they were involved
Squossifrage@reddit
"In addition to increasing sales closures by 19%, I also embezzled $480,000 and impregnated your wife."
PAXICHEN@reddit
Used it to write/research my team’s accomplishments.
CriticalMine7886@reddit
Interesting idea - stealing that, thanks
Overdraft4706@reddit
now thats not a bad idea!
Thegoatfetchthesoup@reddit
I actually just refunded our azure subscription today after 4 days of using it. It struggled so fkin hard to create a pdf that didn’t have all the words jumbled into an unformatted, not even straight line, of information. I genuinely started laughing at how pathetic this situation was. 30$/mo per license and you can’t even create a simple pdf with visual graphics and data tables? Wow.
Ok-Bill3318@reddit
We have like 3 licenses in our tenant to test with. I’m one of them. It’s fucking useless. Doesn’t do much and the stuff it does is just hilariously inaccurate and prone to hallucination.
Ok-Bill3318@reddit
It struggled and suggested I run python to extract some stuff from a pdf. Granite 8b just did it on a local machine.
Quinnell@reddit
Speak for yourself. A chocolate teapot sounds yummy with some marshmallows and graham crackers.
Ok-Bill3318@reddit
Try brewing tea in it, which is what a teapot is literally for
HotPieFactory@reddit
Joke's on you, I prefer iced tea!
Compte002@reddit
copilot is very low par comparing to other available tool
DeifniteProfessional@reddit
I was singing it's praises when I first got a license, but it's really starting to show its lack of ability verse the big daddy Chat GPT.
The worst thing is, Microsoft's complete inability to make a functioning app these days. A chat with Copilot that includes a small amount of code/scripting makes something ridiculous like 3,000 HTTPS requests and it just rails your computer.
whewdad@reddit
Its great at telling where the fuck microsoft hid their azure settings this month
Pick-Dapper@reddit
Or to reinterpret nonsensical conflicting Entra or Azure settings into “ok so what actually happens”
Ok-Bill3318@reddit
That about it
I asked it the other day to give me all email including a specific employee in the past month.
It hallucinated results from 2022 including said person.
They started work in may.
Apprehensive_Bat_980@reddit
Yep, it’s pretty bad!
awnawkareninah@reddit
The classic blunder, "the machine did what I told it to do, not what I wanted it to do."
ventuspilot@reddit
Thank god we're now getting artificial intelligence so this will no longer be a problem /s
musingofrandomness@reddit
I am constantly hammering how maliciously compliant computers are to our new operators. Most of them think I am overstating it until they have a script do EXACTLY what they asked for instead of what they intended it to.
atxbigfoot@reddit
I had the bizarre experience of starting in tech sales, moving to marketing, and then being the "translator" between our various ops teams and sales/marketing leadership due to seeing both sides of the issues over several years.
Marketing/sales- please make this thing stop happening.
Ops- but how/why
Me- look this is this issue, allow me to suggest a rule that will weed out the majority of this issue
Backend Ops- ok
(one week later.spongebob.meme)
Marketing/sales leadership- The thing is still happening
Me- It dropped by like 85%, this will never be perfect.
Leadership- But why
Me- Only Siths deal in absolutes.
Ops- laughs
Leadership- Haha but why
Me- shows them several examples of things worth a lot of $$$ that would have been ignored/dropped
Leadership- Okay but why are some of the bad ones still getting through?
Me and Ops- visibly slams head on keyboard on video call
(it was also my job to manually sort and remove the bad data so leadership would only get the info/reports from me when I flagged an influx to begin with lmao)
QuestConsequential@reddit
[iron clad] indeed
sysadmin_dot_py@reddit
Sysadmin: "The rule was iron clad."
Morgan Freeman: "It wasn't."
darkwater427@reddit
r/yourjokebutyourjoke
ResisterImpedant@reddit
It was iron clad in brackets.
MrExCEO@reddit
“Trust me bro”
idk012@reddit
Famous last words
LorektheBear@reddit
Sounds like the opening to a comedy routine.
Direct-Mongoose-7981@reddit
Did you use the change process?
BrinyBrain@reddit
I don't work with them anymore (left amicably) but my last job we were getting our feet wet with email automation, specifically with deletion for phishing emails.
I too thought it was ironclad after rigorous testing. Wouldn't want to block our domain after all.
Was working perfectly for 3 days until we got the oddest email I've ever seen.
Sender display name was "domain.com user@domain.com".
When searching for that full string, I could find just those phishing emails. Sadly, the block rule split it by delimiting on the space instead of the full string and effectively blocked our entire domain, fun stuff.
modern_medicine_isnt@reddit
Always do a notify first type thing. In this case, it would be copied to your special email. Then you can see what it selects. Cause, after all, you are depending on software to make it happen. And all software has bugs.
Agoras_song@reddit
And software we personally write, doubly so.
goshin2568@reddit
As an even more general rule, always double check every regex that is ever going to do anything important! It takes less than 30 seconds to pull up regex101, paste in the pattern, and then paste in some test strings.
False-Ad-1437@reddit
why would you use an online service? you can test in powershell
'test string' -match 'your-regex'once that works, you can add the new ETR to your Test tenant in audit mode and make sure it works in Test like you expected.
cholz@reddit
I like to use alternative tools to test things like this because it breaks me out of the tunnel vision I might have after working on something for a while. Like if I’m writing a regex for a python script sure I can test it using python but I want to know if I’ve got it right from an “objective” source. Using an external tool is kind of like turning to my (hypothetical) coworker who really knows regex and asking them to check it for me.
DiseaseDeathDecay@reddit
I'm in a PowerShell console all day and write PowerShell scripts and functions for my team constantly. A fair amount of it is taking output from stuff and turning it into psobjects, so regex is something I use a fair amount.
regex101 gives you a bunch of info on your regex, can show you regex syntax, and it's a lot easier to test different strings with it.
It takes maybe 2 seconds longer for the first try, and then every subsequent test is 2 seconds faster AND you get more information.
Ssakaa@reddit
And while it should go without saying, even though regex101's pretty clear in their policy that no data is sent (unless you choose to save a regex on their side), unless you've really and truly verified that, those test strings really shouldn't contain real data if there might be anything sensitive, just pattern-equivalent (i.e instead of an actual SSN copied out of your dataset, something like 111-22-3333 should suffice). Heck, even just the harvesting XDR, AV, etc. do might cause issues.
Nik_Tesla@reddit
Or set it to only redirect when coming from a specific test email address
nascentt@reddit
But if doing that use "from sender's address" not "from", because that has its own issues (such as including anyone considered a member of the group that address belongs to)
AlexEatsBurgers@reddit
To be honest I feel like they'd send an email with the specific phrase and the test would have passed.
Nekminnit same problem
Recent_Carpenter8644@reddit
Good idea. If it doesn't work right, no one else will be affected.
Xzenor@reddit
That's like rule 3 of sysadmin101
Recent_Carpenter8644@reddit
What's 1 and 2?
Xzenor@reddit
Always have a working backup.
Verify rule 1
Outrageous-Chip-1319@reddit (OP)
This will be incorporated into every new rule.
mitharas@reddit
And this is why firing someone over such mistakes is stupid from a company perspective. You and your department just learned something important and got better through it. Firing someone who just got better at his job seems counterproductive.
survivalist_guy@reddit
Also, if I may, scope ETRa as tight as you can: match sender, domain, subject, as many ways you can narrow it down as possible. Trust me - you'd rather have a few slip through than a few not get delivered.
Superb_Raccoon@reddit
Software does what you tell it to, not necessarily what you want it to do.
texags08@reddit
Great advice
phatcat09@reddit
You can push things without testing if you know how to monitor and reverse the problem withoit issue after the fact quickly.
mixduptransistor@reddit
Well, I would question how senior you are to your junior if you are a) asking copilot to validate this and b) surprised it couldn't
Outrageous-Chip-1319@reddit (OP)
I asked after the incident.
kuahara@reddit
Did your junior ask before the incident? Because this story is just screaming, "I asked copilot to do something and blindly trusted that it would work" and then it didn't.
sgeep@reddit
Yeah I am willing to bet OP is the junior. Probably used Copilot to help push it out without checking with his team and is in deep shit for it
Someone else mentioned but I have trouble believing a senior member would be surprised Copilot was wrong about this, let alone using it all for something like a mail rule
survivalist_guy@reddit
The point stands though. A few things here: 1) Always test your implementation. Change the trigger phrase to something similar (but widely unused) and test from Gmail. I have a feeling you used regex - test regex 100 times before implementation AND NOT WITH CHATGPT. 2) What's the volume here? Chances are you're fine. Mistakes happen. FWD mail back to original recipients, say there was a configuration error, take your licks, and move forward by learning from it.
painted-biird@reddit
Yup- plus idk if they still do it, but MS gives dev tenants with e5 licenses. Super useful to test shit you’re not immediately familiar with.
altodor@reddit
Only comes with MSDN now. Too much abuse from the more open dev tenants.
raip@reddit
They don't. :(
lurkeroutthere@reddit
That was my first thought. Mail rules aren’t exactly deep lore.
TheDawiWhisperer@reddit
i work with a dude that leans on copilot a lot, for almost everything
maybe i only see the things where it makes him look an idiot and the other 95% of things it does are fine but it makes him look an idiot with alarming regularity
Ok_Initiative_2678@reddit
Frankly even regex isn't that complicated for 99% of the use cases that sysadmins are likely to involve ourselves with. Especially not something as simple as not knowing to escape your literal square brackets in a match pattern.
lurkeroutthere@reddit
/Report “I’m being personally attacked!”
TU4AR@reddit
Some are if you never read documentation on it.
Most people just add "block x domain" but try adding a single word block subject like "hello" , it gives you options of choosing "phrases like" or "contains" but not "exact".
SAugsburger@reddit
Microsoft: Copilot is amazing!
Sysadmin: It doesn't even seem to understand Microsoft's own products!
ancientpsychicpug@reddit
I am an avid power BI and power automate user and thought i would ask it a question the other day and it was jibberish like it genuinely had NO clue what power apps are.
AlexEatsBurgers@reddit
Yeah CoPilot is trash. I definitely embrace AI (ChatGPT, and Google's AI overview can be handy when im googling something, though usually it's just makes me scroll half a page to get to my google search.
I'll only use CoPilot for something Microsoft specific, but I need to stop trying because it is absolute trash. Let's not forget its original name... BING Chat
wrt-wtf-@reddit
Clippy can help with that!
shemp33@reddit
How fucking true this is.
Even something simple - ask it for how to do a task or make something in PowerPoint (using some obscure feature) and it bails. Or gaslights you saying here it is (and it’s not there).
Mitch5842@reddit
That was my first thought lol, "Why the hell is he asking copilot this?" I also would have tested a rule on my own inbox first and then sent test emails with the keywords they were filtering before applying it to everyone.
At least they caught it fast, 1 hour is nothing. It's not like we all haven't shut the wrong port in the datacenter cutting off all internet access to our building, then needing to drive 45 mins to plug in and do a no shut command on that port.
boli99@reddit
everyone does that at least once. it's a rite of passage.
ok - at least twice
...
three times. max.
pppjurac@reddit
Hint: it is the junior guy
might just be confused with OR / AND / XOR / NOT combination SNAFU
igotmybabyback@reddit
I came here to say this
brispower@reddit
Guess your junior needs a change control for everything now
Nevermind04@reddit
Why are you relying on toys to solve problems in a production environment?
Sudocomm@reddit
Because AI is the fuuuuuutuuuureee AI knows all!!!
Loan-Pickle@reddit
I had 99 problems so I used a regex. Now I have 105 problems.
PAXICHEN@reddit
Where’d you learn how to use Co-Pilot so well?
whiteycnbr@reddit
Scope the from address always before * rule
ExcitingTabletop@reddit
I wouldn't fire someone for mucking up a mail rule if it was clearly a typo or mistake.
If someone is asking copilot about mail rules, yeah, I'd strongly consider termination.
Nova_Aetas@reddit
I don’t understand how Americans go to work everyday thinking one mistype will get then terminated.
Must be like walking on eggshells all the time.
PAXICHEN@reddit
It’s a trope.
Sea_Fault4770@reddit
Some companies are like that. It's shitty. But you dont want to work for those companies. I dont know where you live, but you would definitely be chastised for making this type of mistake by a company in your country, too. I have made mistakes, just like everyone has. It has nothing to do with America. What are you on about?!?
Nova_Aetas@reddit
In Australian I’d need to show a repeated pattern of negligence, rather than one incident. Id then get written up and a plan made to improve.
If I fail to meet the standards set up in the plan I’d then be terminated.
To be fired instantly you need to do something malicious or criminal, in most cases here.
CraigAT@reddit
A repeated pattern like [Intune Asset Alert]? 😉
Sea_Fault4770@reddit
Same goes in the U.S. As long as you didn't lie about it, and its not a pattern, you wouldn't be fired.
Nova_Aetas@reddit
Are Americans mistaken when they claim otherwise then? I see these claims posted all the time.
RealisticQuality7296@reddit
At-will means you can be fired any time for (almost) any reason, but, in real life, it actually costs a lot of money to suddenly fire someone, be without whatever they add to the organization for however long it takes to replace them, find new candidates, and onboard and train the new guy. So no, one-off mistakes don’t typically result in termination.
AcornAnomaly@reddit
Depends on the state, sometimes on the city, and often on the company, especially the size of the company.
Giant corporations will generally have established hard rules and a lengthy process on what can lead to a termination. This is simply to lessen the chances of facing lawsuits about improper dismissal.
In places like that, unless a crime or a serious HR offense is committed, immediate termination for one mistake is simply not going to happen. (Unless you're still in the new-hire probationary window.)
Smaller companies often don't have well established punishment practices, nor do they even have a decent HR team.
In places like that, if you have a control freak of a boss, it's easy to wind up fired at the drop of a hat.
Even considering the fact that different cities and states can have different employment regulations, a lot of those firings are actually illegal. The problem in those cases is having a worker that knows the law, knows what happened is illegal, and actually seeks legal redress regarding it. Sadly, that's a lot of "ifs", and too often, people don't think it's worth the time or effort to fight, and simply move on.
Sea_Fault4770@reddit
I see you are a fellow fan of Fallout! I have 800 hrs in FO4. I would love to show you some of the settlements that I've built!
DM me if you're interested.
I think that your opinions of Americans is based on propaganda and crappy media. I would gladly discuss this with you.
Sea_Fault4770@reddit
Stop being so naive. It's not like that at all for 99% of American companies.
Automatic_Nebula_239@reddit
I’ve never worked anywhere where a simple mistake will get you fired and I’ve worked some really shitty jobs before.
Only times I saw someone get fired were once a new hire to training showed up 1 hr late and high. Another time we had a jr sysadmin that would NEVER take notes when trained on a process, you’d have to bail him out when he’d forget what you taught him 5+ times on the same procedure. That one took 6 months before they let him go.
bad_IT_advice@reddit
At most places, you wouldn't get fired for a mistake.
The problem here is the change management process and validation. Not following it, or not implementing one as a senior sysadmin is what usually gets you fired.
harrywwc@reddit
yeah, pretty much what "at will" seems to mean - "you so much as look at me askance and you are outta here!"
r5a@reddit
This is pretty wild take imo, asking copilot just to confirm or check something is grounds for termination?
Wouldn't ever want to work for you under that kind of scrutiny.
freedomlinux@reddit
I don't know what regex is, so I asked the Bullshit Autocorrect and it said it was fine!
Outrageous-Chip-1319@reddit (OP)
I did that after the fact
Visible_Spare2251@reddit
When we were moving our mail to Exchange Online I had an MSP help with some of the work. They accidentally set a rule that forwarded every email to our domain to our Chairman's email address.
I think they were trying to set a rule to bypass the Exchange mail filtering as we had a gateway, but I have no idea how they managed it! They were pretty adamant that it wasn't anything they had done so just went in myself and disabled lol.
Chairman was confused more than anything and I didn't let on the specifics of what happened and he didn't ask...
bindermichi@reddit
Depending on where you are fired might be a best case.
Can‘t imagine how many privacy and compliance laws such a rule breaks.
blix88@reddit
You're fired for not including the rule.
Ok_Initiative_2678@reddit
It was "Subject contains pattern match to:
[intune asset alert]Which... yeah, redirect all mail where the subject returns a positive regex match for a character set containing the letter 'e' and the space character. No wonder all mail got caught.
shemp33@reddit
That has the wheel of fortune letters, and then some… RSTLN E… plus all vowels except O.
No wonder it worked virtually as a catch-all.
Ok_Initiative_2678@reddit
Honestly I'd be a bit more interested to see a hypothetical list of messages that made it past the rule.
mrcollin101@reddit
It’s a stretch but…
Job Mgmt FAQ Comp Pkg Upd QC Mfg Log HR Form Chk Proj KPI Rpt Conf App Mtg Cmd Cfg Box Help Form DL App Log Sync
PAXICHEN@reddit
BoobCock
Ok_Initiative_2678@reddit
Pattern matches detected.
Also unless each of those are separate emails, that subject contains several spaces.
shemp33@reddit
Boob
Jog
Boom
Cook
Basically one word with no space, And none of the wheel of fortune set.
hateexchange@reddit
Regex. You had 1 problem. Now you have 2.
LesbianDykeEtc@reddit
Regex is one of the single best tools we have.....if you know how to use it correctly.
DeifniteProfessional@reddit
RegEx is so incredibly powerful and brilliant as a concept... Just only super nerds know how to use it
iama_bad_person@reddit
hihcadore@reddit
But it was iron clad!
vikinick@reddit
A chatbot that is trained to always agree with you was wrong!
Inigomntoya@reddit
Yes! And I stand by my mistake—because you stood by it first. Together, we're an unstoppable force of confidently incorrect information.
Beep boop
Drakoolya@reddit
It was Iron Bad.
Hoosier_Farmer_@reddit
there's no way anyone can read this and not hear George Costanza's voice.
sir_mrej@reddit
This is gold jerry gold!
SirLoremIpsum@reddit
100%!!!
UndercoverRowbot@reddit
If it makes you feel any better I made a rule to drop all mail tagged with "Internal IP" to test a DLP rule. I went backwards and forwards a few times when creating the rule and at some points settings were lost...
I dropped all outgoing mail for around 20 - 30 minutes, including system generated emails to clients. There was no way to recover email that was dropped and no way to retrigger sending from systems. People had to just resend what they sent for the last 30 minutes just in case.
I still have my job :-)
itspassing@reddit
No idea but here is my guess
Redirect all emails -> Exception was added instead of conditions
I don't know how else you would do this
Outrageous-Chip-1319@reddit (OP)
I'm looking at it. There were no exception. It says apply this rule if the subject includes these patterns: (Pattern). Do the following: Set audit to do not audit and redirect to x. That's it.
sysadmin_dot_py@reddit
What's the pattern? Maybe some bad regex got you.
Outrageous-Chip-1319@reddit (OP)
[intune asset alert]
Copilot said that shouldn't have affected the regex
ZPrimed@reddit
Square brackets normally have special meaning in a regex, but I don't know if that holds true for Exchange.
Outrageous-Chip-1319@reddit (OP)
I looked deeper. It does. Sigh.
homelaberator@reddit
Good news. You learnt something.
Now to unscramble the egg.
gumbrilla@reddit
More good news, it means potentially some email didn't get redirected. So the incident report can say "Some email was inadvertently redirected", that's a partial, makes it.. a P2..
mitharas@reddit
God I hate microsoft health alerts. "Some" users "may" have problems with this or that. Yeah, really helpful.
gumbrilla@reddit
Yeah, and unfathomably, they still have jobs, which is also, ironically, OPs concern 😀
halofreak8899@reddit
How difficult would it be to log into that mailbox and manually send all those emails to the right people? Probably an easier way. But just trying to think of ways that would get you atleast some points for effort.
WillRikersHouseboy@reddit
Could be done with a powershell script. Depending on how much mail, would take time.
doolittledoolate@reddit
Hopefully OP doesn't need to write a regex as part of that script
mrmattipants@reddit
That is exactly what the problem is. With brackets essentially any Subject Line that contains any of the individual letters, symbols, spaces, etc. that are inside of the Square Brackets will match
For instance if you were to use [ABC123], it wouldn't match on that specific phrase, any Subject Line that contains at least one "A", "B", "C", "1" "2" or "3" will match.
Hopefully your employer recognizes it for what it was (a mistake) and hopefully you'll get a chance to rectify the problem. If that is the case, you may want to bookmark the following RegEx Testing Site link.
https://regex101.com/
I'm assuming that the intention was to create a RegEx Group Match, which matches that specific Group of Characters/Words. The simplest method would be as follows.
(Intune Asset Alert)
Another way to format the aforementioned RegEx Pattern, would be to use the following, to Match any Subject Line that contains that particular group of words, with 0 or more Characters before or after.
.(Intune Asset Alert).
Example: https://regex101.com/r/np6AS8/1
On the other hand, if you wanted the match Subject Lines that contain only that specific group, without anything before or after, you would need to use the "Start of Line" Anchor (Caret) and "End of Line" Anchor (Dollar Sign).
^(Intune Asset Alert)$
Example: https://regex101.com/r/i1Iuzl/1
Hope it all works out for you and junior. The mistake already happened, so there's no reason to dwell on it. The best way forward would be to learn from that mistake, figure out what went wrong and educate yourself and junior to ensure that there are no repeats, etc.
That being said, feel free to experiment with those RegEx Examples, all you want. If you have any questions, my DMs are always open and I'm typically always willing to help.
r5a@reddit
Great reply. I don't really get to use RegEx anymore and I used to use it a lot. This is a nice refresher and a great explanation.
Some of the backseat comments in this entire post are insane to me, what the hell is going on with reddit sysadmin these days.
mrmattipants@reddit
I almost forgot...
What you can also do is Add one of the two following Conditions to your Mail Flow Rule, to Test it on a single Test Email Address or a Test/Pilot Security Group (containing the Email Addresses of several co-workers/employees), prior to deploying the Rule to the entire organization.
1.) The recipient > is this person > Test@domain.com
2.) The recipient > is a member of this group > "Pilot Security Group"
https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/conditions-and-exceptions
desmaraisp@reddit
Ahah, regex101.com would've saved you there
bdanmo@reddit
Just off the top of my head: if any email had any one of those characters anywhere in it, it got redirected? 😬
itspassing@reddit
Good job OP. You might feel like shit but it seems you got it resolved in a timely manner
throwawayPzaFm@reddit
4o is also hilariously bad at this. What backslashes, bitch?
If the rule processes as regex, then "Subject contains pattern match to: [intune asset alert]" matches any subject that includes the exact string [intune asset alert], with square brackets treated literally due to the backslashes.
This will match:
[intune asset alert]
FW: [intune asset alert] CPU spike
RE: [intune asset alert] - Action required
It won’t match:
intune asset alert (without brackets)
[Intune Asset Alert] (case-sensitive unless otherwise configured)
ThinkMarket7640@reddit
How would literal core regex syntax not affect the regex? Do you not know how regex works at all?
Salt_Being2908@reddit
hmmm in regex doesn't that mean anything with any of those letters?
mitharas@reddit
Hey, Crowdstrike killed the world economy for a day or two with bad regex. So we can't expect this poor bloke to get it right, right?
Angbor@reddit
That's exactly what that regex means. And it has almost every vowel so yeah...
Salt_Being2908@reddit
and spaces!
_dekoorc@reddit
Yes
DevelopersOfBallmer@reddit
Did we learn anything about AI here?
loptr@reddit
That literally means "matching any of the letters i,n,t,u,e,a,s,l" since [ and ] denotes a character range.
Did you use Copilot just to verify it, or was it also produced by Copilot?
MightBeDownstairs@reddit
lol bro you might as well of put the whole alphabet in that rule
goshin2568@reddit
Did you escape the square brackets? If you didn't, that means "match any character inside the brackets". And since you have i, n, t, u, e, a, s, l, and r in there, yeah it's no wonder that's matching on every email.
PRSMesa182@reddit
So you learned two leasons, the second being not to blindly trust the robot.
broknbottle@reddit
SuperJediWombat@reddit
Did you use the pattern match, or the simple words match? As a regular expression, that would match any email with at least one of the characters inside the square brackets.
sysadmin_dot_py@reddit
Bingo. Anything with any of those letters was caught. Throw it in this tester at the top: https://regex101.com/ then type any test string below.
BryceKatz@reddit
In the rare cases it's not DNS, it's regex.
survivalist_guy@reddit
Lol that's like the only other thing that regularly gets people. It's either DNS or regex 🤣
SirLoremIpsum@reddit
They say if you have a problem and regular expressions solve it, now you have two problems
survivalist_guy@reddit
Lol that's like the only other thing that regularly gets people. It's either DNS or regex 🤣
charleswj@reddit
Not_Your_Pal69@reddit
Just post the damn rule so we can look at it
yParticle@reddit
Look at one of the filtered messages raw so you can see all of the headers. Your pattern may be in every single header.
Bagellord@reddit
But it should have only looked at the subject, according to what OP posted.
sxtjvr@reddit
Fucking post the rule dumbass
doolittledoolate@reddit
Is this the future? That copilot is seen as an oracle?
bobs143@reddit
What was the purpose of setting up this rule to start with?
Outrageous-Chip-1319@reddit (OP)
Zendesk redirect.
bobs143@reddit
So you let a junior set up this rule. Without testing it first. You just let him set up the rule and launch it in production.
Ummmmm what?
Outrageous-Chip-1319@reddit (OP)
I looked at it first and said it looked good.
Surface13@reddit
This guy tests in prod.
It must be hard to walk with those massive balls man
TheDoNothings@reddit
How would you not test this in production? Just by placing more strict matches?
bubbaganoush79@reddit
If it were me, I'd test using the action of BCC this message rather than redirect this message.
Ok_Initiative_2678@reddit
Something like that, yeah. Make the rule only take effect on message to a specific test mailbox and/or from a specific designated test address. Send mail that SHOULD match you pattern, see if the rule triggers, send mail that SHOULDN'T and verify that it does not. Anything more scoped down than straight-up YOLOing your entire org's mail exchange.
Puzzleheaded-Gift945@reddit
exactly. aka, think for 7 seconds about this situation and do something reasonable. people wonder why there is so much distain for many IT roles when this kind of behavior is so common.
Ok_Initiative_2678@reddit
"Seven whole seconds?! But think of what I could do with a full action and a bonus action in that time if I didn't sit around thinking!"
Barbarians...
Mental-Kale5330@reddit
Everybody has a test environment. If you're lucky, it's separate from your prod environment! lol
shd0w2@reddit
Always test with a small group first brother
MarkInMinnesota@reddit
Sorry man, I’ve been there too … but looking at something isn’t testing.
yParticle@reddit
This. Testing something that broad before setting it loose should now be burned into both of your minds.
moderatenerd@reddit
Zendesk is certainly weird. I tried to set up a similar rule in my mailbox but zendesk seems to have a lot of extra metadata so I couldn't get it right
iama_bad_person@reddit
Forwarding to a zendesk forwarding address is pretty easy, their email tag system is weird if you try to use it, but good thing their API is sweet so we started using that for all our alert emails.
moderatenerd@reddit
We have a widows team and a Linux team. I was trying to get all emails that mention our windows based software to go into one folder since I'm the Linux team. I have to look that again once I get API access
man__i__love__frogs@reddit
Did you not include the sender address in the rule too?
UniqueArugula@reddit
Show us the rule.
Outrageous-Chip-1319@reddit (OP)
It says apply this rule if the subject includes these patterns: (Pattern). Do the following: Set audit to do not audit and redirect to x. That's it.
Internet-of-cruft@reddit
What's the pattern?
That matters.
nascentt@reddit
Bad regex. Also, apparently they rely on ai to validate their changes.
https://reddit.com/comments/1lwv9n1/comment/n2hcst8?context=3
Raymich@reddit
From other comments: it was regex for “[intune asset alert]”
OP did not escape the square brackets and matched half the alphabet of letters.
stonedcity_13@reddit
Always use a test user or test mailbox. Now you'll know
S3xyflanders@reddit
If your fired for this your company sucks
ganymede_boy@reddit
you're*
Outrageous-Chip-1319@reddit (OP)
I looked at it and said it looked good. I also told my boss if any adverse reactions come from it, to pin it on me since I said it looked good. It did look good. I cannot figure out why it happened.
wrt-wtf-@reddit
A good boss would say "suck shit" and leave it at that... nothing more needs to be said and life goes on.
GodisanAstronaut@reddit
The only explanation you can give regarding that is "Technologia" but seriously, sometimes shit just bugs out and starts doing completely different things.
Even the experts can make a small mistake. Atleast the emails ended up somewhere instead of the void.
IainND@reddit
Here's the user impact from the change: email was unavailable for less than an hour. That's not the end of the world. That's a lunch break.
kellyzdude@reddit
And it wasn't deleted (at least by the rule) - just redirected, right? So it's at least potentially recoverable.
Sharobob@reddit
Does everyone still have their emails in their sent items box? Just tell everyone "whoopsidoodle, bug in the code. Please resend all of the emails in your sent items box that occurred between XX:XX and XX:XX on XX/XX/XXXX"
cioncaragodeo@reddit
When this happened at my company (and things were deleted) we did a mail merge to the impacted users saying email from X with Y subject has bounced. Made it look like a mailer deamon email and everything. 99% of users didn't think twice and resent. The 1% who realized were just damn impressed at the recovery.
mindbender9@reddit
More specifically, there was no email sent to user mailboxes but you have the email so there’s no loss of data (hopefully). A recovery of data says a lot
SOLIDninja@reddit
Bruh you forgot some brackets. If they fire you over that they don't deserve you.
unseenspecter@reddit
Brackets are pretty stylish so technically it did look good. Technically correct is the best kind of correct.
helical_coil@reddit
You could say it was logically correct, syntactically correct and even apparently correct. But definitely not technically correct.
toadfreak@reddit
And "apparently correct" up and left when the brown hit the spinners.
cheeseburgermachine@reddit
Be easy on yourself man. Be kind to yourself. Shit happens. You just gotta keep movin forward if you can.
angry_cucumber@reddit
Even so, this shouldn't be a termination offense, especially if you can explain why it looked good.
uninspired@reddit
Why did it take 45min to realize? Shouldn't it have been obvious in like...a minute?
Warmachine-@reddit
Mistakes happen and you learn from them. Own up to the mistake and do proper testing next time.
tapplz@reddit
Agree, no one should ever be fired over an honest accident, unless it's just the latest in a trend of honest accidents.
meikyoushisui@reddit
If your company is missing honest accidents that have happened so many times you could call it a trend, you have a process issue, not an employee issue.
RedBoxSquare@reddit
Well, I mean something could be said about why a junior was allowed to change a rule that is so important. It's like allowing a junior to manage your domain name entries and bringing your website down. Someone in management should probably take blame for allowing that.
L34DW4T3R@reddit
l0l cmon bro
wooties05@reddit
They really fired you for this? People make mistakes, that sucks.
PlannedObsolescence_@reddit
So, now that it happened - have you worked towards getting all those emails repatriated?
For example a PowerShell script to Get-MgMessage every item in that shared mailbox, and parse the to: field and then copy the item into the appropriate mailboxes. It would need well tested, and cc: would need handled - bcc: is likely a lost cause.
But should be doable rather than having someone manually review that mailbox or give up and say the emails are assumed lost.
TaiGlobal@reddit
This really shouldn’t be anywhere close to a fireable offense. Was any important data irretrievably lost? Was there a catastrophic monetary lose? Was there a major disruption in service for the business?
frymaster@reddit
I'm not suggesting Big Autocorrect isn't sometimes useful as a supplement to a search engine, but please don't make the mistake of assuming it's any kind of authority
Rude_Strawberry@reddit
What a shit article.
At least share what the rule was, and what you did to fix it, FFS.
foxfire1112@reddit
In what world do you not test rules?
doalwa@reddit
Please tell me you did not rely on Copilot when you were implementing this rule…if yes, our line of work is even more fucked than I ever imagined…
WolfetoneRebel@reddit
Ain’t gonna have much staff left if they fire people for stuff like this
GamerLymx@reddit
I always test ai suggestions in production without. making sure it actually works /s. r/shittysysadmin
SikhGamer@reddit
.
Eelroots@reddit
Mate, that's why you have a test environment; you don't work directly on prod.
christophercurwen@reddit
why are you using copilot its pretty much garbage. Upgrade to 4o on chat Gpt for a more reliable companion.
mrkesu-work@reddit
IT people saying "chatgpt said..." is my new pet peeve. Get away from that brainrot if you want to remain a "senior".
Advanced_Day8657@reddit
The rule sounds legit, then it's maybe a bug. Contact free Microsoft 365 support
burundilapp@reddit
Yeah one of my first line team recently and incorrectly setup a rule that rejected all mail for 45 mins during the working day, he realised he fucked up, knows where he fucked up and won't do it again, so long as something has been learnt from it then it's not a failure, it's an incident with lessons learnt.
pecheckler@reddit
Are test environments not a thing anymore? 🙄
some_string_@reddit
Do you not know Prod=Test Test=Prod ?
BigLeSigh@reddit
Who’s got money to burn on those??
Rainmaker526@reddit
The golden rule:
- it was DNS
Practical-Alarm1763@reddit
Why the wasn't the rule tested immediately after being configured? Ya'll sat on it for 45 minutes and didn't monitor? Wtf?
Could've been a simple mistake like having it configured to forward any emails that didn't NOT include that phrase.
It's not "iRoN cLaD" until you test it. This isn't even Je sysadmin 101, it's helpdesk 101.
sryan2k1@reddit
Transport rules can take like 90 minutes to apply globally if it feels like it.
Practical-Alarm1763@reddit
Transport rules take effect immediately after being turned on. Even globally for large enterprises.
sryan2k1@reddit
Lol, no. Not in ExO. They're usually fairly quick but can often take 30-90 minutes where parts of the system dont have the changes.
Practical-Alarm1763@reddit
I was explicitly talking about EXO. I can tell you with absolute certainty that yes they do.
Dontkillmejay@reddit
You're correct. They're immediate. Propagation time is either near instant or at a maximum of a few minutes.
TeamInfamous1915@reddit
"Testing is a core part of the job" microsoft update left the chat crowdstrike left the chat Facebook left the chat Grok was never in the chat
Elfalpha@reddit
Critically, you need to both throw your ethics in a bin and be a completely un-fireable nepo hire and then you too can follow the Microsoft move-fast-and-break-things mentality.
survivalist_guy@reddit
Dude, testing is kinda fun tbh. You learn so many weird things when you're testing.
survivalist_guy@reddit
Dude, testing is kinda fun tbh. You learn so many weird things when you're testing.
bballlal@reddit
This. Should have tested mail flow as soon as it was implemented, and preferably in a manner that didn’t affect production mail flow until it’s tested.
hasthisusernamegone@reddit
Have we learned any important lessons here?
Knarfnarf@reddit
One of those characters wouldn't be in this list; $%*{}[]()?/?
Cuz under the right circumstances any one of them could pose an interesting change in the rule...
serverhorror@reddit
If you get in trouble it's not for making a wrong rule or for having a Junior do it.
It's for having a shit process that has no verification mechanism and apparently no monitoring because "you were informed" instead of having the system go red and you know before anyone else.
Yeah, you fucked up.
BigBobFro@reddit
Brackets!! Lol!
When working on some complex automation developments,.. my team developed a philosophy about brackets,.. the more the better. That then later developed into just saying “More Cowbell”
Brackets can be your friend, enemy, or nemesis.
BoltActionRifleman@reddit
If you do end up getting fired, find a business where your boss doesn’t understand what you do. That way you can just tell them “something fucked up on the mail server, I’ll have the emails redirected in an hour or so.”
Lavatherm@reddit
Is this the right r/ ? I’m confused 😆
Galwran@reddit
Did this effect every mailbox in the company? Privacy regulation might have something to say…
TwinningJK@reddit
Blame it on Microsoft
reevesjeremy@reddit
I did something similar but less broad. I had a single sender email address from our T&A provider redirect to my mailbox. At an org with something like 4000 staff using that software to certifying time cards, request leave, and supervisors and timekeepers as recipients, I knew immediately I messed up. It was several years ago so I don’t actually remember what my goal was. That wasn’t it. :)
I delegated myself to all the mailboxes and moved the emails over to the appropriate recipients mailboxes. Took a little while.
I’ve learned from that lesson. Scope from: myself and to: myself and do some testing to make sure it does what I think it does.
devynspencer@reddit
I had a mail rule obfuscate most of my (granted mostly low importance) communications from my boss and team lead for over a week. Absolutely my fault, but given my comfort level with gnarly syntaxes, I was surprised at how much of a goof up it was.
I can get fairly overwhelmed while searching through mail conversations for shit, but I swear it’s the lesser of two evils.
Mail rules are the worst. Inflexible and hard to audit, with some definite sociopathic tendencies.
ExtensionOverall7459@reddit
It sounds like it's only 45 minutes worth of email. Write a quick powershell script to move all the messages from the redirected mailbox to the correct recipient's mailbox. Basically make it like it never happened. Problem solved.
vikinick@reddit
Well here's your nth mistake
adminmikael@reddit
But_Kicker@reddit
I’m dead 😆 we’ve all been there
sir_mrej@reddit
The best of us ALL have these stories.
Sigh.
KayakHank@reddit
For real
HKLM_NL@reddit
Hé its look like me! Make the same kind of rull a couple of years ago and send al the comany mail to 1 specific users for a hour.
What a mess was that day 😅
GrimeySheepDog@reddit
You’ll be fine. I legit got a buddy who (while on the clock) was texting a stripper and accidentally text the boss “hey you free to suck my D***”. He immediately noticed the mistake and sent a follow up, “disregard, wrong person” and he made it out alive to tell the story. Heck I think he even pulled it off with the stripper, shit happens.
swimmityswim@reddit
That wasnt a stripper…
swimmityswim@reddit
I wrote a script once to pull a plaintext password from a file in a google bucket, and create a mail rule to prevent emails that had this password in the body or subject from being sent.
The job ran once a day after the password was updated. The rule was simple, if body contains value, reject.
Then one time the script failed to get the password value and wrote the rule, if email contains “”, reject. I probably dont have to tell you that every email contains “” so yeah few minutes of people not getting any email, a very quick troubleshooting session and a rule disabled and everything was back.
I now catch exceptions in everything i write and have gates before any decisive impactful action is taken. I was not fired and have probably had 3 promotions since then.
ClamsAreStupid@reddit
I've seen some mysterious shit so I was about to believe you until you said "Even copilot was wtf that shouldn't have happened". That tells me you and your junior have no freaking clue how to do even the most basic things.
sociablezealot@reddit
You let the junior guy use regexp didn’t you.
PAiN_Magnet@reddit
If you get fired for email being "down" for 45 minutes, count yourself lucky and go find a company that doesn't suck ass to work for.
the_marque@reddit
Honestly I think you've fallen into a complacency trap here. "It's done what we expect the other 30 times, so it doesn't really need testing"
Has probably happened to all of us :)
First thing for a new transport rule is having it notify instead of taking the action. Second thing, even if skipping the first, is to immediately test the behaviour after turning it on...
yankdevil@reddit
"Even copilot was wtf that shouldn't have happened."
Copilot doesn't understand regular expressions apparently.
0MrFreckles0@reddit
In what world is a wrong mail rule fireable? I fuck up stuff like that every day, its how you learn.
Nik_Tesla@reddit
I just interviewed some candidates last week for a sysadmin position. I always ask "What is a big technical mistake you made, what did you do about it, and what did you learn?" I know plenty of others ask this question too.
I doubt you'll get fired for this, but act in a way that you'd be proud to use it in future interviews.
chaosphere_mk@reddit
I would recommend getting a test tenant to test shit like this, my dude.
moffetts9001@reddit
I doubt it will get you fired, but I hope this is a lesson to improve your testing methodology. I'm all for testing in prod but you have to scope the rule to a specific sending address first or something.
djgizmo@reddit
if that gets you fired, your company is shit.
bouncyrubbersoul@reddit
Feelsbadman, but we’ve all been there. Bright side, you (and hopefully your junior) will never do that again! And maybe brush up on your regex…
Fart-Memory-6984@reddit
You aren’t a sysadmin until you’ve broken prod at least once.
bstrauss3@reddit
You are nothing until you've taken down an entire data center through something you didn't do.
Truth...
I told the DC admin what to do. They thought they were smarter and did it their way. Took down the entire data center.
Reverted it. Did the change my way, which worked.
Blamed me.
My boss bust a gut laughing them out of his office.
IndianaNetworkAdmin@reddit
Open a Microsoft support ticket, throw in supporting documentation. Two people reviewed the rule, and it either went through in a manner outside of Microsoft's documentation, or two separate individuals borked it.
Having a second pair of eyes on it and it still failing points to you doing your due diligence and this being a one-off issue, though it's also evidence that you need a test environment even if it's just a handful of shared mailboxes and a single license.
If you've asked for a test environment in the past and been denied, you have additional documentation on why it went wrong. "If we had the capability to test this, giving us parity with other businesses and organizations, this would have been prevented."
I don't see a reasonable organization terminating you, unless you had the tools for testing this and did not do so, or Microsoft's documentation clearly says "Do not do this" and you missed it.
DisgruntledGamer79@reddit
What was the rule in question ?
981flacht6@reddit
You'll be fine. Every sys admin ever has made mistakes.
CelebrityLint@reddit
If the rule you followed brought you to this, of what use was the rule?
ay_gov@reddit
This is why I always put transport rules in test mode before going live. I've effed up enough things to know that it's not iron clad until it's actually working. Email is high enough visibility that I'm treating it with the softest of gloves.
brownhotdogwater@reddit
So you used a new rule without testing it as audit mode first?
spazmo_warrior@reddit
His junior did it.
Hoosier_Farmer_@reddit
Don't worry I wouldn't fire you for fucking up the mail rule.
I WOULD fire you for not testing it first in preprod, and not validating proper mail flow after implementing it in prod.
GL, enjoy helpdesk!
ComputerGuyInNOLA@reddit
I always test rules to an unused test mailbox before I implement them in production. I learned this the hard way many years ago.
Fallingdamage@reddit
Accidents happen.
However. Did you by chance monitor the shared mailbox and or send some test emails immediately to verify the rule was working properly?
Even when I full-send, I do so with skepticism. If I dont see the rule working with my own eyes, it might as well not work right at all far as I'm concerned.
I would think if you were watching and refreshing that mailbox, you could have reacted much sooner than 45 minutes.
Outrageous-Chip-1319@reddit (OP)
A test was done. The first email sent to it was redirected to zendesk. But not subsequent ones
Sea_Fault4770@reddit
Hahhaa! If . send to shared mailbox. Do not pass go. Do not collect $200.
hondakevin21@reddit
Did this send a copy of every email to the shared mailbox or redirect every email to the shared mailbox?
Recent_Carpenter8644@reddit
Does anyone else find it amusing that it can take that long for users to notice and report an essential service stopping?
Recent_Carpenter8644@reddit
I guess they might have emailed IT about it straight away ....
justanothergunnewb@reddit
Some special characters in an Exchange Online rule that looks for text strings will be interpreted as a wild card. It’s an issue as of at least 4 months ago. I’m not sure if it’s publicly acknowledged though.
AttemptingToGeek@reddit
Wait, did lots of people have access to the shared mailbox? If not who cares? Delete it and make another and work on the rule.
Prestigious-Board-62@reddit
I've caused way worse. I've seen other people cause way worse than me. You should be fine.
mingepop@reddit
Weird, I’ve just noticed something in my exchange today.
I have a mail rule to flow through a connector if any emails are sent to a specific mailbox, however I ran a message trace today for a completely different issue and noticed an account that wasn’t specified in that mail flow ended up using this connector?
Snogafrog@reddit
That's nothing, call me back when you cause a real outage. Noting a little taking ownership (and groveling) can't fix.
Charming-Medium4248@reddit
Did it accidentally include a regex pattern ?
Danny-117@reddit
Maybe log a ticket to Microsoft, get them to have a look at the rule and check if they can see an issue with it. Maybe it’s a bug if your luck or just an accident in the rule.
tapplz@reddit
Feel like this needs to be cross posted to shittysysadmin.
Screen shot the rule (blur out sensitive). I'm dying to know what did it.
Putting it at the end of the mail rules doesn't save you, all mail that makes it into someone's mail box is changed l checked against every rule. If it were stopped before the end of the rule list it's not normal mail.
Routine_Brush6877@reddit
Using copilot was your first error. That shit is dumber than the junior who made that rule.
Ontological_Gap@reddit
Whatever, disable the rule and redeliver the mail in that mail, filtered by start-time.
ProgrammedVictory@reddit
Is there a way to redeliver emails from a certain time frame?
Outrageous-Chip-1319@reddit (OP)
Spent an hour and 30 doing that
Ontological_Gap@reddit
You think you're going to get fired over at 2:15 email blip?
ProbablyJustArguing@reddit
If you do get fired, and I hope you don't, it'd be for not testing the rules first.
sryan2k1@reddit
As you've found out, a pattern is regex and [] has meaning other than literal characters. Always test with a source mailbox/address to start.
oaomcg@reddit
dHardened_Steelb@reddit
Damn yall toxic af in here towards this guy, OP shit happens, computer science is literally wizardry.
We took dead dinosaurs, rare earth metals, sand and combined it all and shot electricity through it in specific patterns to emulate thought.
Sometimes these things just happen, but definitely make sure to include testing time b4 going live like this in the future. If you get push back on that cite this case as to why your team needs it
monsieurR0b0@reddit
Sometimes computers interpret "patterns" in ways humans don't think they will. Should you have used quotes? Is it a multi word pattern? I have done A LOT of rules in exchange over the years that didn't quite work how I expected. But never had this happen....wanna know why? You simply add to the rule to only apply if it's from your internal or external TEST ACCOUNT. Then after you test it, you take off the test account requirement and put it into production. This should be done for each and every rule applied at a global level.
h8mac4life@reddit
I have a huge pen15
anxiousinfotech@reddit
So you want copies of all C-suite emails eh?
StPaddy81@reddit
It’s not as if you couldn’t have done ediscovery or whatever on their mailboxes anyway. If the org trusts you then you should be able to survive this mistake. It’s not as if you were spying on the whole org.
Unless the mail just got redirected to the shared mailbox and skipped the end users mailboxes all together, that would be a pretty big oooof
alpha417@reddit
If this is what may get you fired, I'd love to hear about all the other stuff before this that led to you getting to this point...
Conscious-Calendar37@reddit
I pretty much always add a "and from a specific email address" and then test test test. If that works then remove the specific email requirement. A little CYA goes a long way
TruePhazon@reddit
Do you have any truest environment?
rdesktop7@reddit
Only an abject idiot would fire someone over something like this, particularly if they are someone worth keeping around.
If you get fired for this, you probably do not want to be working there anyhow.
yParticle@reddit
BIG mistakes mean big learning. You don't just throw that sort of investment away!
yuke1922@reddit
Cool story bro.
Outrageous-Chip-1319@reddit (OP)
I wish it were. I'm stress eating like a champ rn.
yParticle@reddit
You have time to eat?
01100001bryte@reddit
Can't do much other than guess without seeing the rule, but it sure sounds like you flipped the logic somewhere. When highly specific queries end up matching everything, that usually means that it actually translates to "match everything EXCEPT for this highly specific thing."
It can be easy to mix up with lots of compound and/or operators and AI messes this up a lot. You'd think this would be a good use case for AI, but my testing says otherwise. Test every time before production and double check the AI's work.
Also, don't sweat it. If it's the first time, most managers won't fire you for that. Rehiring is a pain in the ass and you're not guaranteed to get a good rehire. You'll get your ass chewed for sure, but likely not much else. Most of us have taken down complete sites before and had to walk of shame our asses in the front door to physically reboot a switch because we forgot Cisco doesn't let you iteratively add new VLANs to a trunk without erasing all of the previously allowed VLANs on said fucking truck. Multi-vendor can suck sometimes.
But that's never happened to me. You'll be fine.
adrabo_CLE@reddit
I can’t speak for your company, but I’ve twice shut down business because of honest mistakes. Once for two days and once for 6 hours. I of course nearly soiled myself both times but was completely transparent about what happened and my employment was never in question.
Be radically transparent with your boss, and if your leadership are halfway decent they will understand.
Not_Another_Moose@reddit
Not even going to add a picture of what the rule was ?
cheesycheesehead@reddit
Trying to figure out what went wrong without posting the actual rule.....are you the actual jr?
lectos1977@reddit
thought this was /r/shittysysadmin? Cause I don't know if I'd trust myself to write a mail rule and not test it for at least a day before going live
mirrorbirdjesus@reddit
Put some blame on Microsoft , also I’m noticing none of yall sysadmins have explained what happened while taking shots here - which is crazy it’s obviously what happened anyone dealing with rules already knows what I’m talking about
Your users don’t know , because your in sysadmins getting criticized and nobody has explained it here
I’m not going to say what it was I want to see how long this goes on haha
Such a small mistake don’t stress it and implement policy that will prevent it in the future - it’s the softwares fault but we have a plan to make sure this specific type of mistake doesn’t hit production again imo
I’m not a director though there’s a bunch on here that can give far better advice I’m sure
DesignerGoose5903@reddit
I fail to see what the fireable offense would be exactly. Shit happens, as long as you followed best practice and whatever other guidelines are in place I don't see why you would be fired over an honest mistake.
WasSubZero-NowPlain0@reddit
Post the sanitised rule you coward
Sea_Fault4770@reddit
This is why they give you the ability to say, "What if?" To just turn it on without testing is moronic.