Hi,
I got stuck in analysis of a zimbra mailbox.
Unfortunately the account is hosted by an external provider and the account is already disabled.
The user used Zimbra Outlook Connector to snyc his mailbox.
The data files of Zimbra Outlook Connector are still on the harddisk. Zimbra.zbr has a size of more than 2GB but I didn't succeed extract mails from it.
The file itself seems to be encrypted. Does anyone know more detail about the structure of the .zbr file?
I set up a local test scenario with a Zimbra Collaboration Suite Server, an Outlook client with integrated Zimbra Outlook Connector and a properly configured zimbra account. Later I changed the newly (in the test scenario) .zbr file with the suspicious one. When I tried to restart Outlook it just crashed.
So I converted the suspicoius system to a virtual machine, booted it and tried to start outlook in the context in which the .zbr file was originally used. But there occured a new problem during start up Outlook prompted for the password of the zimbra mailbox to authenticate at the remote zimbraserver. I recoverd the password from the stored passwords in the browser. But the account is disabled… So I added a identical mailbox (username and password) on my test system, edited the hosts file that the domain of the zimbraserver pointed to my server. At the next try to start Outlook I got the error message that the GUID (40 chars - not guessable ( ) has changed and the configuration failed. So I couldn't access the Zimbra folder in Outlook.
Now I don't have any further idea how to inspect this mailbox. Has anyone expericene in analysis of this zimbra files?
Regards meandi