That is if its the users mailbox.  I am referring to a mail enabled public folder or shared mailbox, neither have a real owner.   So if a user logs in they are only looking at their own spam not the public folder/shared mailbox.

Hello David,

Thank you for your clarification.

If this is the case then, the access will only be able to grant the entire shared mailbox folder from this function.

I do not believe we can separate it in that instance as the ESA will register and if quarantined, will go to a quarantine for whatever is defined into the rcpt-to command it receives.

Regards,

Matthew

So we have users that manage many email addresses.

I.E customer service.

We need a single login to manage multiple quarantines.

There is no way to do this? maybe by groups or a different ldap query?

You would need to create and add an administrative user to your Spam Quarantine settings (Centralized Services --> Spam Quarantine --> Spam Quarantine Settings).  This is a local user or LDAP group that is defined under the Users menu (System Administrator --> Users).

Anyone in a specified LDAP group would then be able to view, release, or delete messages from quarantine for any user.

Hi,

I've read the content for this request and we have the same problem.

We have several mail-enabled shared mailboxes where we have several users with access to this shared mailboxes.

Users are informed about emails in the spam quarantine by recieving an notification to the e-mailaddress of the shared mailbox. So the users can see the notification inside the shared mailbox. Because it is a shared mailbox, the user don't know the username nor the password of the ldap (active directory) user behind the shared mailbox. And because the ldap user got created only for the shared mailbox, the user account is disabled inside active directory.

 

So .. how can release a member of a shared mailbox a quarantined mail for a shared mailbox usind the personal useraccount and password (and not the useraccount of the shared mailbox). We don't wonna have a centralized user account (additional), because this user can release all quarantined mails.

 

Dear Cisco, i'm shure i'm not the only one with this requirement.

Thank you for your answer.

Greetings

Gino

Hi,

Have you found a solution for your issue?

Thanks for the answer.

Greetings

Gino

Hello Gino and all other interested parties.

Shared mail boxes (or distribution lists) will be registered as just another email on the ESA - it has no way to differentiate the end users which the distribution list will send to once it gets to the exchange.

For example if you had a shared mailbox of "support@domain.com" and it's shared across all as it routes into your individual mailboxes there after at the exchange side, the ESA will not be able to distinguish this.

If you were to create a user access for this specific mail box through LDAP credentials and allow login for release, when you release, you won't be able to select which user in the shared list would get it, it will release to everyone. This is by design of the ESA.

The only alternative if you do not want to create an LDAP account for this distribution list mail address (but the caveat is if you release it'll go to every user within that list still) is to spin up a virtual ESA on it's own, any emails going to the shared list should be redirected to this standalone ESA and quarantined - create an administrator user for the quarantines and allow them as an 'admin' to release the emails.

(Only admins can view all mails in a quarantine).

Regards,
Matthew

Hi, 

Are the terrible, hacky work arounds listed in this article still the only way that users can access the quarantine of a shared mailbox? I see lots and lots of requests when I search for this problem, but nothing for an easy way to give non-admin users a way to access a shared mailbox quarantine? Cisco, at least one of your competitors makes it really easy.