Bulk-deleting inbox mails managed by POSTFIX

2

Had an issue several hours ago with a client mail account, which got compromised. As a result, he had hundreds of thousands of spam queued in postfix, which lead to several issues. Everything's fixed and security's tied up, apart from one "small" issue: the client now has close to 100k of returned spam mails in his inbox. And obviously, I'm looking for a bulk operation with some filtering as everything's not junk. PF runs on Ubuntu server v10.x, with maildir.

I tried this command on a backed-up folder containing the same files:

grep -l -r 'Undelivered' | xargs rm

But it doesn't seem to do anything apart from running.

Can this come from the fact that all the "mails" are stored inside files named this way:

1395063807.V902Ib2081dM533672.ip.ip.ip:2,

shroom

Posted 2014-03-17T16:36:03.557

Reputation: 33

What is your mailbox type? mbox, maildir or other? What pop/imap server do you use? – clement – 2014-03-17T16:49:44.793

Using maildir, but the issue's been fixed: was just using an older version of grep that requires a directory to work. – shroom – 2014-03-17T17:24:38.387

Answers

1

Depending on your version of grep, this might wait forever because you don't have given a file (or directory) name as argument; grep's behavior to use the current working directory when -r is specified is a rather new feature. Thus if your version is an older one, this your call might wait forever for input on stdin. Just add . as last argument to grep to avoid this case.

To avoid issues with file names (which shouldn't be a problem in this case), it would be safest to call

grep -Zl -r 'Undelivered' . | xargs -0 rm --

This way, grep outputs the matching file names zero-byte ('\0') separated, which avoids trouble with spaces and alike in file names. -- tells rm to not treat the following arguments as options, i.e. if a file name starts with a - it doesn't break.

To see whether this command does anything at all, you could add the -v option to rm, so you could see whether rm does actually remove anything (in front of --, of course).

Andreas Wiese

Posted 2014-03-17T16:36:03.557

Reputation: 1 911

Thanks a lot, I kinda feel dumb for forgetting that dot, as it was indeed what caused the hang-up. – shroom – 2014-03-17T16:53:44.573

I had to edit this answer to get it, too, thus don't feel bad. ;) I'm using Gentoo/testing thus my grep supports the ommited ., too, and I regularly fall over this on other machines. – Andreas Wiese – 2014-03-17T16:55:18.783

Asked: 2014-03-17T16:36:03.557

Viewed: 1 019 times

Active: 2017-04-13T17:01:46.287