Re-deliver large quantity of messages

Questions and answers about how to do stuff
Post Reply
mcit
Posts: 17
Joined: 23 May 2014 01:24

Re-deliver large quantity of messages

Post by mcit » 05 Oct 2019 11:27

I am cleaning up an email server after ransomware encrypted the exchange database.

My backup of the database 2 days old. Once it is restored, I would like to release the last 2 days messages again from efa, so that the mailbox will be complete with all its incoming items. I realise this will show the dates based on when the messages were delivered, but that is manageable.

I am able to do this on a message by message basis, but I am hoping there is a way to do it in bulk.
Can I run a query of some sort that returns all messages sent to a specific user [or a specific domain] between 2 dates, then have them deliver again?

Matthew

mcit
Posts: 17
Joined: 23 May 2014 01:24

Re: Re-deliver large quantity of messages

Post by mcit » 18 Oct 2019 05:52

This post has generated over 300 views, but no responses.

Am I up against an impossible request here?
I am getting some pressure to get these messages restored so if it is a 1 by 1 process, I would love to know so I can get started.

Alternatively, any tips from people with higher EFA foo than me as to a bulk method would be great too!

Matthew

User avatar
shawniverson
Posts: 2842
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Re-deliver large quantity of messages

Post by shawniverson » 18 Oct 2019 15:12

This is doable with some scripting. Not an impossible request at all.

I may have some time to help you this weekend.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

mcit
Posts: 17
Joined: 23 May 2014 01:24

Re: Re-deliver large quantity of messages

Post by mcit » 19 Oct 2019 10:46

That would be great if you could. I am available all weekend.

Matthew

User avatar
shawniverson
Posts: 2842
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Re-deliver large quantity of messages

Post by shawniverson » 21 Oct 2019 10:07

Here's a crude PHP script....change the domain and date range in the example below to what you need.

Code: Select all

#!/usr/bin/php -q
<?php

require_once '/var/www/html/mailscanner/functions.php';

$sql = "
 SELECT
  id
FROM
  maillog
WHERE
  date >= '2019-10-20'
AND
  date <= '2019-10-21'
AND
  to_address LIKE '%@example.com'
";

$sth = dbquery($sql);
$rows = $sth->num_rows;

echo 'Message found: ' . $rows . PHP_EOL;

for ($r = 0; $r < $rows; $r++) {
    $row = $sth->fetch_row();
    $id = $row[0];
    $list = quarantine_list_items($id);
    $result = '';
    if (count($list) === 1) {
       $to = $list[0]['to'];
       $result = quarantine_release($list, array(0), $to);
       echo $id . ':' . $to . PHP_EOL;
    } else {
        $listCount = count($list);
        for ($i = 0; $i < $listCount; $i++) {
            if (preg_match('/message\/rfc822/', $list[$i]['type'])) {
                  $result = quarantine_release($list, array($i), $list[$i]['to']);
            }
        }
    }
}

dbclose();
?>
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

Post Reply