1

I want to be able to delete specific email message from all mailboxes of one domain, does Dovecot has this type of functionality OR are there any known good solution for this? It's Maildir format and the domain is represented as /var/vmail/domain.tld/.

The problem

many disposable, one-shot bulk emails, often with multi-megabyte attachments.

What have I tried

I have looked to doveadm Batch, Altmove, Expunge commands, none of which seems to do the (exactly this type of) job?

What I'd like to avoid if possible

The last resort: grep recursively by either Message-ID header or ESMTP id part of one of the multiple Received headers.

EDIT: Thanks for comments and answer so far, by reading them I realize that I failed to make a point: it is not a SPAM issue - those bulk emails are perfectly legitimate but after a while completely unnecessary and since they weigh multi MBs the storage problem needs to be prevented.

Miloš Đakonović
  • 682
  • 3
  • 9
  • 28
  • Maybe you could use some IMAP library and write a script which iterates over the mailboxes looking for the email based on sender, subject, etc. It'll work with every IMAP server, not just Dovecot. – Jesús Ángel Oct 19 '20 at 21:58
  • 2
    You probably should introduce mail quotas for your users on your system. Deleting emails without their user's written consent is being viewed as a criminal offence in many countries. Doing what you want to do is in general a very bad idea, because most users won't appreciate that you are mingling with their mail boxes. – Marc Stürmer Oct 24 '20 at 20:37

1 Answers1

4

Doveadm can move or expunge mails, offering pretty much all the filters needed for this task.

First, try your filters using a read-only command, such as fetch, so you do not move or delete more mail than intended:

doveadm fetch -u victim@example.org 'hdr.from hdr.subject' FROM spammer.example HEADER message-id 'badid@spammer.example'

The syntax for the search is documented in man doveadm-search-query, but the precise query is still up to you - what is a good selection for you?

Note that deleting purely by message-id leads to unpleasant side-effects in the form of lost mail, as spammers and/or software bugs occasionally recycle meant-to-be-unique IDs.

When selecting copies or variants of essentially the same mail, you probably want to use some combination of date, relaying server and header value. If you only care about size, selecting by age and size should do the trick.

How to limit your command to a single domain?

If your mail account names look like joe@example.org, pass a wildcard:

doveadm move -u *@example.org spamfolder FROM spammer.example HEADER unique value

If your mail account names are less predictable names, supply a fixed list:

psql -c 'COPY (SELECT mailname FROM users WHERE ..) TO stdout (format csv);' > userlist_example.org
doveadm move -F userlist_example.org spamfolder FROM spammer.example HEADER unique value
anx
  • 8,963
  • 5
  • 24
  • 48
  • upvote so far. Thanks for pointing out `message-id` side effect. The good selection criteria for me would most certainly be `from` address possibly and optionally along with date, but from addr is #1 criteria – Miloš Đakonović Oct 21 '20 at 08:32