Re-deliver large quantity of messages

Questions and answers about how to do stuff
Post Reply
mcit
Posts: 27
Joined: 23 May 2014 01:24

Re-deliver large quantity of messages

Post by mcit »

I am cleaning up an email server after ransomware encrypted the exchange database.

My backup of the database 2 days old. Once it is restored, I would like to release the last 2 days messages again from efa, so that the mailbox will be complete with all its incoming items. I realise this will show the dates based on when the messages were delivered, but that is manageable.

I am able to do this on a message by message basis, but I am hoping there is a way to do it in bulk.
Can I run a query of some sort that returns all messages sent to a specific user [or a specific domain] between 2 dates, then have them deliver again?

Matthew
mcit
Posts: 27
Joined: 23 May 2014 01:24

Re: Re-deliver large quantity of messages

Post by mcit »

This post has generated over 300 views, but no responses.

Am I up against an impossible request here?
I am getting some pressure to get these messages restored so if it is a 1 by 1 process, I would love to know so I can get started.

Alternatively, any tips from people with higher EFA foo than me as to a bulk method would be great too!

Matthew
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Re-deliver large quantity of messages

Post by shawniverson »

This is doable with some scripting. Not an impossible request at all.

I may have some time to help you this weekend.
mcit
Posts: 27
Joined: 23 May 2014 01:24

Re: Re-deliver large quantity of messages

Post by mcit »

That would be great if you could. I am available all weekend.

Matthew
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Re-deliver large quantity of messages

Post by shawniverson »

Here's a crude PHP script....change the domain and date range in the example below to what you need.

Code: Select all

#!/usr/bin/php -q
<?php

require_once '/var/www/html/mailscanner/functions.php';

$sql = "
 SELECT
  id
FROM
  maillog
WHERE
  date >= '2019-10-20'
AND
  date <= '2019-10-21'
AND
  to_address LIKE '%@example.com'
";

$sth = dbquery($sql);
$rows = $sth->num_rows;

echo 'Message found: ' . $rows . PHP_EOL;

for ($r = 0; $r < $rows; $r++) {
    $row = $sth->fetch_row();
    $id = $row[0];
    $list = quarantine_list_items($id);
    $result = '';
    if (count($list) === 1) {
       $to = $list[0]['to'];
       $result = quarantine_release($list, array(0), $to);
       echo $id . ':' . $to . PHP_EOL;
    } else {
        $listCount = count($list);
        for ($i = 0; $i < $listCount; $i++) {
            if (preg_match('/message\/rfc822/', $list[$i]['type'])) {
                  $result = quarantine_release($list, array($i), $list[$i]['to']);
            }
        }
    }
}

dbclose();
?>
mcit
Posts: 27
Joined: 23 May 2014 01:24

Re: Re-deliver large quantity of messages

Post by mcit »

Sorry for the delayed response. I have only just managed to get back to doing this.

Other than an error on each each during the restore, everything worked perfectly. Thank you for your help. That saved me hours of manual work.

The error was:

PHP Notice: Undefined index: REMOTE_ADDR in /var/www/html/mailscanner/functions.php on line 3809


But it still restored the messages.

Matthew
Post Reply