Page 1 of 1

Re-deliver large quantity of messages

Posted: 05 Oct 2019 11:27
by mcit
I am cleaning up an email server after ransomware encrypted the exchange database.

My backup of the database 2 days old. Once it is restored, I would like to release the last 2 days messages again from efa, so that the mailbox will be complete with all its incoming items. I realise this will show the dates based on when the messages were delivered, but that is manageable.

I am able to do this on a message by message basis, but I am hoping there is a way to do it in bulk.
Can I run a query of some sort that returns all messages sent to a specific user [or a specific domain] between 2 dates, then have them deliver again?

Matthew

Re: Re-deliver large quantity of messages

Posted: 18 Oct 2019 05:52
by mcit
This post has generated over 300 views, but no responses.

Am I up against an impossible request here?
I am getting some pressure to get these messages restored so if it is a 1 by 1 process, I would love to know so I can get started.

Alternatively, any tips from people with higher EFA foo than me as to a bulk method would be great too!

Matthew

Re: Re-deliver large quantity of messages

Posted: 18 Oct 2019 15:12
by shawniverson
This is doable with some scripting. Not an impossible request at all.

I may have some time to help you this weekend.

Re: Re-deliver large quantity of messages

Posted: 19 Oct 2019 10:46
by mcit
That would be great if you could. I am available all weekend.

Matthew

Re: Re-deliver large quantity of messages

Posted: 21 Oct 2019 10:07
by shawniverson
Here's a crude PHP script....change the domain and date range in the example below to what you need.

Code: Select all

#!/usr/bin/php -q
<?php

require_once '/var/www/html/mailscanner/functions.php';

$sql = "
 SELECT
  id
FROM
  maillog
WHERE
  date >= '2019-10-20'
AND
  date <= '2019-10-21'
AND
  to_address LIKE '%@example.com'
";

$sth = dbquery($sql);
$rows = $sth->num_rows;

echo 'Message found: ' . $rows . PHP_EOL;

for ($r = 0; $r < $rows; $r++) {
    $row = $sth->fetch_row();
    $id = $row[0];
    $list = quarantine_list_items($id);
    $result = '';
    if (count($list) === 1) {
       $to = $list[0]['to'];
       $result = quarantine_release($list, array(0), $to);
       echo $id . ':' . $to . PHP_EOL;
    } else {
        $listCount = count($list);
        for ($i = 0; $i < $listCount; $i++) {
            if (preg_match('/message\/rfc822/', $list[$i]['type'])) {
                  $result = quarantine_release($list, array($i), $list[$i]['to']);
            }
        }
    }
}

dbclose();
?>

Re: Re-deliver large quantity of messages

Posted: 15 Nov 2019 07:03
by mcit
Sorry for the delayed response. I have only just managed to get back to doing this.

Other than an error on each each during the restore, everything worked perfectly. Thank you for your help. That saved me hours of manual work.

The error was:

PHP Notice: Undefined index: REMOTE_ADDR in /var/www/html/mailscanner/functions.php on line 3809


But it still restored the messages.

Matthew