[Dovecot] Question about "extracting" unwanted e-mails from mdbox
Imagine the following scenario
Last Saturday, 3:00 AM a big phishing attack hits our e-mail inboxes. Spamassassin does not mark them as spam, and our 50.000+ users have in their mdbox a very credible phishing attack. What doveadm-fu could I use to delete (or move to spam) that e-mail from each user INBOX (let´s imagine the Subject or a Header is known)?
I repeat: already delivered e-mail, how to filter/prune it.
Regards
Maria
On 03/20/2011 07:31 AM, Maria Arrea wrote:
Imagine the following scenario
Last Saturday, 3:00 AM a big phishing attack hits our e-mail inboxes. Spamassassin does not mark them as spam, and our 50.000+ users have in their mdbox a very credible phishing attack. What doveadm-fu could I use to delete (or move to spam) that e-mail from each user INBOX (let´s imagine the Subject or a Header is known)?
I repeat: already delivered e-mail, how to filter/prune it.
Regards
Maria
Which type of mailbox?
-- -Eric 'shubes'
On Dom, 2011-03-20 at 14:31 +0000, Maria Arrea wrote:
Imagine the following scenario
Last Saturday, 3:00 AM a big phishing attack hits our e-mail inboxes. Spamassassin does not mark them as spam, and our 50.000+ users have in their mdbox a very credible phishing attack. What doveadm-fu could I use to delete (or move to spam) that e-mail from each user INBOX (let´s imagine the Subject or a Header is known)?
I repeat: already delivered e-mail, how to filter/prune it.
You can use doveadm expunge:
http://wiki2.dovecot.org/Tools/Doveadm/Expunge
Search query:
http://wiki2.dovecot.org/Tools/Doveadm/SearchQuery
Try first on a single mailbox, of course.
-- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc
"Assumption is the Mother of Screw-Up" -- Mr. John Elwood Hale
participants (3)
-
Eric Shubert
-
Jose Celestino
-
Maria Arrea