Zimbra – Releasing quarantined emails and attachments
If you are reading this post, chances are you administer a Zimbra mail server, and you need to recover an email that was blocked by amavisd for one of your users. This might have happened for a variety of reasons, including your spam score being too high, you have blocks based on file types, or if the email contained an attachment that was encrypted. What you would have quickly found out though, is that there is no quick and easy way of recovering a blocked email and forwarding it on to the intended recipient (at least in the community edition, I’m not sure of the network edition).
There presently seem to be at least three ways of doing this, and following is the low down on the easiest way I’ve found so far. If you just need to view the email, please skip to end of this post.
1. First identify the name the file is quarantined as from the notification email that would have been sent to the admin account. For messages marked as viruses, including emails containing encrypted archives, the line in the email might look something like “The message has been quarantined as: virus-n89eFiOoPVpn”. For other blocked emails the name would begin with “blocked-” or “banned-“.
2. Once you have the name, locate this file on the server. To do this, sudo as zimbra on the server and navigate to “/opt/zimbra/data/amavisd/quarantine/”. You should find the file in this folder.
3. Once you have the file name, run the following command:
/opt/zimbra/bin/zmlmtpinject -s <sender_email> /opt/zimbra/data/amavisd/quarantine/<file_name> -r <recipient_email>
Replace:
sender_email with your email or the email you would like the email to be sent as. recipient_email with the recipient's email address. file_name with the name of the banned file you identified from step one.
4. Done! Following is a list of additional options that are available with zmlmtpinject that you might find handy:
usage: LmtpInject [options] [files] where [options] are one of: -a,--address lmtp server (default localhost) -d,--directory message file directory -D,--domain default per-connection recipient domain (default example.zimbra.com) -N,--every report progress after every N messages (default 100) -p,--port lmtp server port (default 7025) -q,--quiet don't print per-message status -r,--recipient envelope recipients (rcpt to). This option accepts multiple arguments, so it can't be last if a list of input files is used. -S,--stopAfter stop after sending this many messages after warm-up -s,--sender envelope sender (mail from) -t,--threads number of worker threads (default 1) -T,--trace trace server/client traffic -u,--username username prefix (default "user") -w,--warmUpThreshold warm-up server with first N messages, then start measuring (default no warm-up) -z,--repeat repeatedly inject these messages NUM times and [files] contain rfc822 messages. If directory is specified, then [files] are ignored.
Alternatively, if you just want to view the email, and if you have an email client such as Thunderbird installed on your local computer, you could download the banned-whatever file locally, add a .eml extension to its name and you should be able to open it with your email client.
Credits: Zimbra user forums users ewilen and rsharpe.
Leave a Reply