What malicious actions can a Transport Agent backdoor perform on email traffic?

A malicious Transport Agent can monitor every email by logging sender, date, and content; modify email subjects, sender addresses, and display names; delete or block emails entirely; and even extract attachments or search for keywords like 'password' to exfiltrate sensitive data. The agent can also be designed to launch external programs, turning the Exchange server into a command-and-control node. Similar backdoor techniques exploit junction folders or library files, as described in Penetration Techniques - Backdoor Exploitation of Junction Folders and Library Files.