Deleting an email sent to everyone in the company
Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr 3 2006)
libimta.so 6.2-6.01 (built 11:20:35, Apr 3 2006)
Hi forum:
This may have been asked before. What's the right way to delete and email sent to everybody in a partition.
Example:
Joe, the Vicepresident by mistake sends an email with sensitive information to everyone in the company. Management asked for the equivalent of the Exchange feature of recalling an email.
Besides doing a grep on the partition looking for the email and then deleting it to later do a reconstruct, is there any better way of doing this? I have the relinker option set. I'm looking into having 1TB on a few years, and I can only imaging how long will deleting specific emails on the future take.
Regards,
Sebastian
# 1
Since the Exchange feature doesn't work all that well, and there's really nothing like that in Messaging Server, you're looking at:
finding one instance per mail partiiton, then
doing a ls -i on it.
that will show you all the places that same file is linked to.
Unlink 'em all, and then do a global reconstruct -r
Or, replace the contents of ONE such file (per mail partition), and then do the reconstruct.
Messaging Server only has a single location on disk, that all the user mailboxes point to (we acutally use hard links, so one per mail partition), so changing one changes them all. Deleting one, however, only deletes that one link.
# 2
Hi Jay:Thank you for the quick answer, if I were to replace the contents of the email with blank spaces, but keep the header information, will I still require the reconstruct?Thanks again, Sebastian
# 3
It would still be a good idea to run the reconstruct. You can/normally run reconstruct -r while the server is in normal operation. One of the data pieces kept is size of message, so any change is likely to need a reconstruct.
# 4
Hi,
For the deletion of an email, you could try looking at the mail logs to see which accounts the email was delivered to (you would need to be logging the message ID or file name), then use IMAP and proxyauth to find the relevant message and delete it (be careful with this since if you forget to 'peek' at a message the seen flag can be set). You can also use this approach to search other folders in the account just in case a message was filed/deleted etc. No reconstruct is required and this is MUCH faster then 'grepping' over the filesystem. This is something we scraped together when a similar problem occured at my previous employer.
With regards to changing the message on disk, if you plan on changing the message you MUST reconstruct the folder that the email resides in (reconstruct -r user/<uid>/<folder name> otherwise email headers will not be replaced in the store.idx file - and the folder will be inconsistent.
Recalling emails is basically very difficult, since there is no guarantee that an email hasn't been forwarded/delivered to an external account which cannot be recalled - this applies equally for the MS exchange recall function.
Regards,
Shane.
# 5
Thanks guys, I'll work on enabling the loging of the IDs and the IMAP part of it. I'll post back how I managed to do this.Regards,Sebastian
# 6
I think Jay's way easy to do, and quicker, espeecially for secret content.find a copy. edit the content. than every other see a blank mail. then start to clean link.find /store -inum XXXXXX -exec rm -f {} \;Shane, can you explain more detail your way, I still not get
# 7
Shane is suggesting you parse through the mail.log* to see who got the message, and then use IMAP to delete each one of them. \The advantage is that no reconstruct is needed.The disadvantage is that you have to delete each one, independantly.
# 8
Hi,
The other advantages to the approach are that it is significantly faster (don't have to run a find across your entire mail-store), handles cases where the email is deleted if you also search trash for copies of the email (since a deleted email will have a different inode number), handles cases where an email is delivered across partitions (which results in different inode numbers) etc.
The big disadvantage is the time taken to develop and test the utility, which is why I recommend you try creating the utility now.
If you want to go down the inode path, you may want to investigate the use of the online relinker option, which ensures that the same emails have the same inode (hard-link) within any given partition.
Regards,
Shane.
# 9
Hi:Going the inode way doesn't imply a relinker configuration?
# 10
Hi,
Can you please clarify your question? As I noted in my reply, you may need to investigate the online relinker options to ensure that identical messages have the same inode.
By default messaging server attempts to hard-link identical messages on delivery (single-message-store). There are a number of reasons why messages may not be hard-linked including - a message being deleted (copied to trash folder) - split up of large email deliveries (from memory messaging server will split large recipient lists to manageable 99 recipient lots) etc.
So the relinker option improves the chances of identical emails on the same partition having the same inode. Of course if you have multiple partitions you would still need to track down the matching inode for each partition, which is why for large email deployments the mail.log* & IMAP approach can be much faster and have a better chance of finding the vast majority of copies.
Regards,
Shane.
# 11
Hi Shane:
I thought that the only way to work with the inode was if the relinker was already configured.
Could you elaborate on how to make imap/proxyauth part work? I'm think on doing some kind of password backup, delete the email, restore password on each user that received the email.
Regards,
Sebastian
# 12
Hi,
Relinker doesn't need to be enabled for the inode idea to work. BUT you may not get all the copies as I explained earlier.
The proxyauth user is defined by the store.admins parameter (and they must also be a member of the group defined by the store.serviceadmingroupdn parameter):
e.g.
./configutil -o store.admins
admin
***NOTE TO ALL, make sure that your admin user has a SECURE password, there have been a number of cases where this forgotten account has been used for bad things
You can then proxyauth into another users account:
bash-2.05# telnet hostname 143
Trying 10.11.12.13...
Connected to hostname.sun.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS CHILDREN BINARY UNSELECT LANGUAGE STARTTLS XSENDER X-NETSCAPE XSERVERINFO AUTH=PLAIN] hostname.sun.com IMAP4 service (Sun Java(tm) System Messaging Server 6.2-7.04 (built Aug 17 2006))
. login admin *********
. OK User logged in
. proxyauth user001
. OK Completed
. logout
I know that the Perl IMAPClient module supports the use of the proxyauth option to connect to other users accounts.
Regards,
Shane.
# 13
You can also use proxyauth with webmail. Construct a url that looks like this:
http://your-domain/login.msc?user=admin&password=admin&fmt-out=text/htm l&proxyauth=user_to_be-accessed
replace user=admin with user=proxyauthuser
replace password=admin with password=the-real-password
# 14
Yep this is true, just remember though that if you 'review' emails this way users will know (i.e. emails will be marked as read if you click on them).Regards,Shane.
# 16
I'm trying to proxy-auth into an account, and the url you mentioned (with the substitutions), didn't work ...
I also tried appending the ME port before login.msc
It redirects to a long string of uwcs in the url (tried Firefox and IE).
e.g. http://my.mailserver.com/uwcuwcuwcuwcuwcuwcuwcuwcuwcuwcuwcuwcuwcuwcuwcuwcuwcuwc uwcuwclogin.msc?user=proxyauthuser&password=myadminpasswd&fmt-out=text/h tml&proxyauth=user1
With the ME port appended, it goes to the login screen, and puts in the proxyauthuser into the login field and says login incorrect.
Thanks,
s7
# 17
do you have configutil set to allow proxyauth on webmail?service.http.allowadminproxyset to "yes", "on", or "1"?If not, use configutil to change, and then restart webmailstop-msg httpstart-msg http
# 18
i tried it with yes and 1, same results as first time.is this supposed to work for UWC or ME? doesn't work for either for me ...
# 19
It should work on both. You did restart? How?
# 20
I restarted by stopping all servers, and then starting all, e.g. ./stop-message./start-message. ME is on port:81 UWC on port:80.
