Zimbra – Releasing quarantined emails and attachments

If you are reading this post, chances are you administer a Zimbra mail server, and you need to recover an email that was blocked by amavisd for one of your users. This might have happened for a variety of reasons, including your spam score being too high, you have blocks based on file types, or if the email contained an attachment that was encrypted. What you would have quickly found out though, is that there is no quick and easy way of recovering a blocked email and forwarding it on to the intended recipient (at least in the community edition, I’m not sure of the network edition).

There presently seem to be at least three ways of doing this, and following is the low down on the easiest way I’ve found so far. If you just need to view the email, please skip to end of this post.

1. First identify the name the file is quarantined as from the notification email that would have been sent to the admin account. For messages marked as viruses, including emails containing encrypted archives, the line in the email might look something like “The message has been quarantined as: virus-n89eFiOoPVpn”. For other blocked emails the name would begin with “blocked-” or “banned-“.

2. Once you have the name, locate this file on the server. To do this, sudo as zimbra on the server and navigate to “/opt/zimbra/data/amavisd/quarantine/”. You should find the file in this folder.

3. Once you have the file name, run the following command:

/opt/zimbra/bin/zmlmtpinject -s <sender_email> /opt/zimbra/data/amavisd/quarantine/<file_name> -r <recipient_email>

Replace:

sender_email with your email or the email you would like the email to be sent as.
recipient_email with the recipient's email address.
file_name with the name of the banned file you identified from step one.

4. Done! Following is a list of additional options that are available with zmlmtpinject that you might find handy:

usage: LmtpInject [options] [files]
 where [options] are one of:
 -a,--address            lmtp server (default localhost)
 -d,--directory          message file directory
 -D,--domain             default per-connection recipient domain
 (default example.zimbra.com)
 -N,--every              report progress after every N messages
 (default 100)
 -p,--port               lmtp server port (default 7025)
 -q,--quiet                   don't print per-message status
 -r,--recipient          envelope recipients (rcpt to).  This option
 accepts multiple arguments, so it can't be last if a list of input files
 is used.
 -S,--stopAfter          stop after sending this many messages after
 warm-up
 -s,--sender             envelope sender (mail from)
 -t,--threads            number of worker threads (default 1)
 -T,--trace                   trace server/client traffic
 -u,--username           username prefix (default "user")
 -w,--warmUpThreshold    warm-up server with first N messages, then
 start measuring (default no warm-up)
 -z,--repeat             repeatedly inject these messages NUM times
 and [files] contain rfc822 messages.  If directory is specified, then
 [files] are ignored.

Alternatively, if you just want to view the email, and if you have an email client such as Thunderbird installed on your local computer, you could download the banned-whatever file locally, add a .eml extension to its name and you should be able to open it with your email client.

Credits: Zimbra user forums users ewilen and rsharpe.