Tag Archives: zip

Encrypted / Password ZIP email attachments stripped

I recently migrated from an Exchange 2007 Edge server to an Exchange 2010 Edge server.  I used the opportunity to not carry over some of the legacy settings and start clean.  Everything appeared fine till a few weeks later.

A user complained that their ZIP files were being stripped in attachments.  Their attachments would arrive with a TXT extension on it.  Within that TXT file it would say “This attachment was removed.”.  Having never seen this before and able to successfully email myself ZIP attachments I put it down to the senders email filtering.  The recipient was adamant that it wasn’t the senders fault.  So I managed to get a hold of the questionable ZIP files and send them to myself via Gmail, sure enough the attachments failed to arrive.  So began my investigations…

Not doing any filtering on our HUB or Mailbox servers I was immediately able to eliminate those services.  I then inspected our AV / Spam provider and confirmed via their logs that these emails were successfully passing to our Exchange Edge network.  So I focused my attention here.

Comparing the decommissioned Exchange 2007 Edge to the 2010 Edge I ran the PowerShell command Get-TransportAgent.  This outputted the below on each server.  The difference being that the “Attachment Filtering Agent” was disabled on the old Exchange 2007 Edge.

Image1. Exchange 2010 Edge

Image 2. Exchange 2007 Edge

On the new Exchange 2010 Edge I ran Get-AttachmentFilterEntry and inspected what default Attachment Filtering Microsoft had specified.  ZIP attachments was not one of them.  Never the less, as a test, I disabled Attachment Filtering with the PowerShell command

Disable-TransportAgent -Identity “Attachment Filtering Agent”

I then resent myself the failed ZIP files.  To my surprise they were successfully received.  Doing some research online seemed to indicate that this was the solution many people took to resolve this same issue.  This seemed like a pretty piss poor solution that I wasn’t going to accept.  Not if it meant that I would have to disabled all attachment filtering just for ZIP files.

I re-enabled the Attachment Filtering with Enable-TransportAgent -Identity “Attachment Filtering Agent”

After quite a few hours of playing around I finally found a viable solution.  The ZIP file I had been working with turned out to be an encrypted / password protected zip file.  Because of this the Exchange Edge server was having issues identifying the type of attachment.  By modifying the EdgeTransport.exe.config file I managed to find a workaround while continuing to maintain attachment filtering.

Solution:

1.       Go to the Edge server

2.       Stop the Transport service.

3.       Locate the EdgeTransport.exe.config file. This file is located in the following path: drive:Program FilesMicrosoftExchange ServerV14Bin

4.       Add the following entry between the <appSettings> element and the </appSettings> element of the EdgeTransport.exe.config file:

5.       <add key=”AllowInvalidAttachment” value=”true” />

6.       Restart the Transport service.