dovecot - Mar 2011 - Question about "extracting" unwanted e-mails from mdbox

Imagine the following scenario

 Last Saturday, 3:00 AM a big phishing attack hits our e-mail inboxes.
Spamassassin does not mark them as spam, and our 50.000+ users have in their
mdbox a very credible phishing attack. What doveadm-fu could I use to delete (or
move to spam) that e-mail from each user INBOX (let?s imagine the Subject or a
Header is known)?

 I repeat: already delivered e-mail, how to filter/prune it.

 Regards

 Maria

On 03/20/2011 07:31 AM, Maria Arrea wrote:
> Imagine the following scenario
>
>   Last Saturday, 3:00 AM a big phishing attack hits our e-mail inboxes.
Spamassassin does not mark them as spam, and our 50.000+ users have in their
mdbox a very credible phishing attack. What doveadm-fu could I use to delete (or
move to spam) that e-mail from each user INBOX (let?s imagine the Subject or a
Header is known)?
>
>   I repeat: already delivered e-mail, how to filter/prune it.
>
>   Regards
>
>   Maria
>
Which type of mailbox?

-- 
-Eric 'shubes'

On Dom, 2011-03-20 at 14:31 +0000, Maria Arrea wrote:
> Imagine the following scenario
> 
>  Last Saturday, 3:00 AM a big phishing attack hits our e-mail inboxes.
Spamassassin does not mark them as spam, and our 50.000+ users have in their
mdbox a very credible phishing attack. What doveadm-fu could I use to delete (or
move to spam) that e-mail from each user INBOX (let?s imagine the Subject or a
Header is known)?
> 
>  I repeat: already delivered e-mail, how to filter/prune it.
> 
You can use doveadm expunge:

http://wiki2.dovecot.org/Tools/Doveadm/Expunge

Search query:

http://wiki2.dovecot.org/Tools/Doveadm/SearchQuery


Try first on a single mailbox, of course.

-- 
Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc
----------------------------------------------------------------
"Assumption is the Mother of Screw-Up" -- Mr. John Elwood Hale