Zimbra SkillZ: Legal Intercept in Zimbra (updated April 2023)

Hi Zimbra Customers, Partners & Friends,

Did you know that Zimbra has a Legal Intercept for Law Enforcement feature? This is used to obtain copies of email messages that are sent, received or saved as drafts from targeted accounts. Intercepted messages are sent to a designated shadow email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.

In this post, we will cover setting the Legal Intercept via the Admin Console and via the command line.

In Zimbra 9 and above you can configure the Legal Intercept feature on accounts via the Admin Console: Accounts→Advanced→Legal Intercept

Once configured, emails received and sent from the account will now also be copied to the Legal Intercept address.

More configuration options and enabling Legal Intercept on a Class of Service (COS) can be done via zmprov on the command line.

You can use zmprov to configure Legal Intercept on a Class of Service or for individual accounts. The following attributes are used to configure the feature.

Attribute Description


Intercepted messages are sent to this address. When this attributes is empty, legal intercept is off. You can have multiple recipients for an intercepted message.


The default is False. Change to True to have only the message headers sent, not the message body.


Used to construct the From: header content used in the intercept message. The default is Postmaster@<address.com>


The template used to construct the subject line the intercept message should show. The default subject line reads Intercept message for account@example.com [intercepted message subject]


The template used to construct the body of the intercept message. The default message is Intercepted message for account@example.com. Operation=[type of message], folder=[folder], folder ID=[#].

The following parameters can be used in the From, Subject and Body templates to modify the default intercept message.

Parameter Description


Domain of the account being intercepted.


Address being intercepted.


Subject of the message being intercepted.


Operation that the user is performing, add messagesend message or save draft.


Name of the folder to which the message was saved.


ID of the folder to which the message was saved.


Used for formatting multi-line message bodies.

Command line examples:

If enabling by COS, type:

zmprov gac #to list all CoS'es
zmprov mc <cosname> zimbraInterceptAddress account@intercept_example.gov


If enabling by account, type:

zmprov gaa #to list all accounts
zmprov ma accountname@domain.com zimbraInterceptAddress account@intercept_example.gov


The below blogs describe how you can create a delegated or domain administrator to delegate administrative tasks.

In you want the enable the delegated administrator to configure Legal Intercept from the Admin Console UI you can add the rights via the command line as the user zimbra as follows:

zmprov grr domain example.com usr delegated-admin@example.com set.account.zimbraInterceptAddress
zmprov grr domain example.com usr delegated-admin@example.com set.account.zimbraInterceptSendHeadersOnly

Replace example.com and delegated-admin with your actual domain and account.

Further reading

Your Zimbra Team

, ,

Comments are closed.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures