How to remove all emails from server via command line based on email subject line
I have emails in a maildir dovecot setup on the server.
I have run the WHM/Cpanel tool:
https://github.com/CpanelInc/tech-MSP
Which lists most common email subjects server-wide.
Report from this lists common email subject lines such as:
Subjects by commonality:
58 Melt fat fast! Without diet or exercise
56 Will revolutionize your s-e-x life
50 Effortless Cleaning
50 lfd on serverhost.co.uk: SSH login alert for user Z-Z-Z from IP.IP.IP.IP
12 Instant Two-Way Language Translator
30 Mail delivery failed: returning message to sender
Some of these emails are clearly spam and I want to be able to remove all of these from the server based on the subject line, from numerous email addresses on numerous accounts,
I expect to be able to do this using Doveadm . I have tried running THIS: https://serverfault.com/questions/932275/remove-dovecot-emails-based-on-subject but this is extremely slow, as it needs to run through all the folders of the server /home directory.
I have considered trying to list this to make it only check for small files (<10kb) but that get's tricky.
I want to use doveadm directly on the command line but that system only appears to work on a per-user basis and can't seem to search by subject (or I can't make it work).
eg:
doveadm search -A HEADER Subject 'Melt fat fast! Without diet or exercise'
Which I developed from: https://forums.freebsd.org/threads/dovecot-delete-certain-message.84172/ but gives no result.
But as mentioned, this doesn't seem to work - what can be suggested as a way of server wide removing (deleting) emails sitting on the server that have a specific subject line, regardless of user, location .
I have also tried the guidance from here: https://support.cpanel.net/hc/en-us/articles/360052897714-How-to-delete-emails-on-the-command-line but this seems to require to do this on a user-by-user basis and I've not found a way of doing it by criteria of subject.
doveadm search -A mailbox INBOX Subject 'Melt fat fast! Without diet or exercise' | while read guid uid;do doveadm fetch -A "hdr.subject date.saved" mailbox-guid $guid uid $uid;echo "----------";done
But this also gives no result, no errors, just no result on the command line.
Any help on this would be appreciated. Thanks.
-
Hey there! I personally don't have a way to do this, and even if I did I'm not sure I'd be comfortable posting a 'delete all the emails' type of command in public. I'm not sure if there is going to be a better option than the slow way you found.
0 -
Hi Rex,
Thanks. I have found after posting this that doveadm requires specifying a mailbox for expunge actions, so I am going to try and build a system (probably perl script) to read all the mailboxes on the server and then loop through each one removing messages with a certain criteria - in this case a subject line containing a spam message as found using the CPanel tool.
Cheers0 -
Hi again Rex,
As a quick follow up - I have found from the /var/log/maillog file that over the last 2 days there have been almost 2,000 (1986) connections via:
Oct 16 11:52:14 basic dovecot: imap-login: Login: user=<__cpanel__service__auth__imap__6aajhn0_p7ukexr2xanjz0sho4w3bjmtf5bii_2iygrrbg...>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=12339, secured, session=<OLbX3JUkqrp/AAAB>
Oct 16 11:52:14 basic dovecot: imap(__cpanel__service__auth__imap__6aajhn0_p7ukexr2xanjz0sho4w3bjmtf5bii_2iygrrbgovfxc_m_uydqhzyyvb)<12339><OLbX3JUkqrp/AAAB>: Disconnected: Logged out in=11, out=519, bytes=11/519
Is this normal, it seems quite excessive? What is this login doing? Thanks0 -
Yes it's normal cPanel checking that IMAP is working, every 5 minutes.
I would not call it excessive.
1 -
Thanks
0
Please sign in to leave a comment.
Comments
5 comments