On 3/16/2022 6:05 AM, Patrick Cernko wrote:
Hi all,
On 15.03.22 22:40, doug wrote:
On 3/15/2022 3:45 PM, Oscar del Rio wrote:
On 2022-03-15 9:02 a.m., doug wrote:
On 3/8/2022 5:51 PM, doug wrote:
I'm trying to trace an attachment within an SIS subdirectory to the email message(s) that link to it. I say messages because I'm also using dovecot dedup. My understanding is the linked file name is the hash value of the attachments contents concatenated with the GUID of the email message. I have had marginal success with a message I created myself.
Example: I generated an email with two attachments. Here are the links in my attachment directory. ./26/c5/26c5c540d41779d83d2f5388041d05c67d720d9a-73eca8051acd276272310000f2bc99a3
./65/cd/65cd73112a489ef07f17ed5740aa60358e2dd3fb-74eca8051acd276272310000f2bc99a3
I keep experimenting with this and I still haven't found a reliable way to track an attachment back to it's original message so I can either notify the user or delete the message with doveadm. Is this not possible? I'm using mdbox if that matters. I see a similar thread going right now about virus scanning and deleting messages but that is maildir and I suspect not using SIS for attachments.
The very few times I've needed to trace a SIS attachment to a mailbox, I just grep the "storage" folders for the file hash
find username/storage -type f -exec grep 9ffa4b246589f8039d123ea909f1520e791bd880 {} + username/storage/m.46588:X908 2409141 B72 9f/fa/9ffa4b246589f8039d123ea909f1520e791bd880-c9ee303687e13062cf740012bfe47a40
username/storage/m.46589:X1918 2409141 B72 9f/fa/9ffa4b246589f8039d123ea909f1520e791bd880-080ce71390e1306299730012bfe47a40
username/storage/m.46588: BSent X908 2409141 B72 9f/fa/9ffa4b246589f8039d123ea909f1520e791bd880-c9ee303687e13062cf740012bfe47a40
username/storage/m.46589: BINBOX X1918 2409141 B72 9f/fa/9ffa4b246589f8039d123ea909f1520e791bd880-080ce71390e1306299730012bfe47a40
-> Attachment in username's INBOX and Sent folders.
Thank you for the suggestion Oscar. My mdbox files are encrypted and compressed, so unfortunately directly grepping them will not work.
You can use "doveadm dump" to decompress the files for grepping them, not sure about encryption:
find path/to/userhomes/mdbox/storage -name 'm.*' |
while read f; do doveadm dump $f |
grep -E '^msg.(ext-ref|orig-mailbox|guid)' |
grep -B2 xx/yy/hash-guid || continue echo "Match in $f" doneThe dump also contains several other fields you might want to display.
Best,
I'll give that a try. With access to the encryption key doveadm dump should handle it just fine. I was hopeful there was a method using search and index files to minimize overhead.
To summarize what I think I have learned on this journey is the link to the hash file only exists within the contents of the email body, but not in a way that doveadm search will find it. Hence raw scanning the contents of the emails is required.
Many thanks for everyone's help.
-- Doug