Quarantined files - simple script to show how to release
Posted: Sat Feb 09, 2019 10:22 pm
I don't do this very often and always forget the commands. Today I needed a file that was quarantined because it was a password protected pdf. The logic is from this forum post https://wiki.zimbra.com/wiki/Restore-Quarantined-Emails
The scripts spits out what you need to do in addition to the location of the files and unique quarantine user that Zimbra created. It is not automatic because I still have to verify the file before I release it to the user.
Where Message-ID was sent to the user in email about a VIRUS alert. Note: this message had 2 copies because I attempted to bounce it to myself from the admin console which promptly quarantine that copy too. 
Here is the script
The scripts spits out what you need to do in addition to the location of the files and unique quarantine user that Zimbra created. It is not automatic because I still have to verify the file before I release it to the user.
Code: Select all
# su - zimbra
% zmbounceMsg
zmbounceMsg: usage: zmbounceMsg Message-ID
% zmbounceMsg TODCSVMR01pFVjCRGry00003f5c@smtp3.freedommobile.ca
virus account: virus-quarantine.t9l1lt2a8ih@example.com
mailbox id: 15
Run these commands
cd /opt/zimbra/store/0/15/msg/0
zmlmtpinject -r betsy@example.com -s no-reply@freedommobile.ca 1403-262538.msg
zmlmtpinject -r jim@example.com -s virus-quarantine.t9l1lt2a8ih@example.com 1405-262605.msg
Here is the script
Code: Select all
#!/bin/bash
#
# Author: Jim Dunphy <jad aesir.com>
# License (ISC): It's yours. Enjoy
# Date: 2/9/2019
#
# usage: zmbounceMsg
#
# Find quarantined message and release back to user based on Message-ID. That ID was sent to the user
# via email. It will handle the multiple user case for the same Message-ID that exists in different files.
#
# Caveat: It doesn't execute the command but explains the commands you would run.
# Note: Administrator needs to verify the file before releasing the file
#
PATH=$PATH:/usr/bin:/sbin:/usr/sbin:/bin export PATH
debug=0
justOnce=1
_d () {
[ $debug ] && echo $1
}
# Need Message-ID from the email sent to the user about quanrantine
if [ $# -ne 1 ]; then
echo $0: usage: zmbounceMsg Message-ID
exit 1
else
MessageId="$1"
fi
# Only zimbra user
if [ x`whoami` != xzimbra ]; then
echo Error: must be run as zimbra user
exit 1
fi
#Get quarantine account
read virusAcct <<< $(zmprov gcf zimbraAmavisQuarantineAccount | awk -F: '{print $2}')
_d "virus account: $virusAcct"
#Locate mailbox id for quarantine account
read mailboxId <<< $(zmprov gmi "$virusAcct" | grep mailboxId | awk '{print $2}')
_d "mailbox id: $mailboxId"
#Locate message to bounce to user
if [ -d /opt/zimbra/store/0/$mailboxId/msg/0 ]; then
cd /opt/zimbra/store/0/$mailboxId/msg/0
for filename in * ; do
if head -100 $filename | grep -i Message-ID | grep -qi $MessageId; then
if [ $justOnce -eq 1 ];then justOnce=0;echo "Run these commands";echo "cd /opt/zimbra/store/0/$mailboxId/msg/0";fi
#_d "$filename selected"
to=$(head -50 $filename | grep "^X-Envelope-To-Blocked:" | awk '{print $2}' | sed 's/["\n\r<>]//g' | head -1)
from=$(head -50 $filename | grep "^X-Envelope-From:" | awk '{print $2}' | sed 's/["\n\r<>]//g' | head -1)
if [ ! "x$to" = x ];then
echo "zmlmtpinject -r $to -s $from $filename"
fi
fi
done
fi
exit 0