Once the e-mail is in the

Michael Bale · ‎05-13-2016

I believe the answer is no, but is there anyway to move/backup quarantine data when swapping out appliances?

Raed Boshmaf · ‎05-15-2016

Hi Michael you are correct if you are using local quarantine then you can't back it up/move it since it is localized, this is one of the advantages of having a centralized Quarantine using a SMA.

exMSW4319 · ‎05-16-2016

You can't put the mails back again afterward, but the solution that comes to mind would be to deliver all of the quarantined mail to a different internal mailbox set up for the purpose.

If you can prepare the box well in advance of the move then quarantine actions can be changed to alter-recipient actions. You could even change them to duplicate-quarantine / alter-recipient pairs if you want to run as normal right the way up to the swap-out and can handle the duplication.

The spam quarantine is the awkward one; you can't even do a Select All, Send Copy action on it. If you absolutely had to save the spam then you could try changing all of your mail policies so their Anti-Spam actions were Deliver with a header, then use a rule or filter to send the marked mail off to your preferred destination.

Michael Bale · ‎05-16-2016

The ESA are not receiving mail, but they have quarantine messages we would like to save before taking the server offline in case anyone needs them in the next few days.

Would be perfect to route the existing quarantine to the new servers so they can be picked up there, but I know the device doesn't support that (strangely enough).

exMSW4319 · ‎05-17-2016

Once the e-mail is in the Spam quarantine you're stuck, unless you want to deliver with due warning to the recipients.

For other quarantines it should be a simple Select All, Send Copy action unless you're on an early version of Asyncos that doesn't have that feature.

If there's a TAC or third-party tool to rescue mail from a wrecked appliance's storage then I haven't heard of it.

Prab · ‎04-25-2018

Dear All,

I was in a same boat once & I discussed with TAC. We came to a conclusion that this can be possible. You can migrate the messages in POV from one ESA to another ESA. The procedure is not tested by me, so please try at your own risk.

The trick is to deliver all the messages from the source ESA to an other destination ESA and quarantine the messages again after receiving them on the destination ESA.

Scenario:

Let's say we have an old ESA from which you want to migrate the SPAM messages in the POV to a new ESA.

Make sure that the old ESA has no messages other than the SPAM messages. You can suspend your listener, to avoid receiving new messages.

1. On the old ESA, create a SMTP route to deliver all the Messages to the new ESA. This can be done by navigating to ESA web GUI -> Network -> SMTP Routes. As most of the messages will be destined to your domain, so create or edit the SMTP route for your domain and enter the IP address of the new ESA instead of your Email server/Smarthost. eg: Exchange.

2. On the new ESA, create a message filter to check if the Messages come from the old ESA and then quarantine them.

3. Release the messages from the old ESA.

You could also use X-headers to play around with the quarantine messages. In case of delivering the messages to Spam quarantine check this article: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118199-qanda-esa-00.html

Hope it helps.

Thanks & regards,

Prab

Backup/Move Quarantine