On 3/8/2022 5:51 PM, doug wrote:
Hi All,
I'm trying to trace an attachment within an SIS subdirectory to the
email message(s) that link to it. I say messages because I'm also
using dovecot dedup. My understanding is the linked file name is the
hash value of the attachments contents concatenated with the GUID of
the email message. I have had marginal success with a message I
created myself.
Example: I generated an email with two attachments. Here are the links
in my attachment directory.
./26/c5/26c5c540d41779d83d2f5388041d05c67d720d9a-73eca8051acd276272310000f2bc99a3
./65/cd/65cd73112a489ef07f17ed5740aa60358e2dd3fb-74eca8051acd276272310000f2bc99a3
In my sent folder the actual GUID of the message is
75eca8051acd276272310000f2bc99a3. So the GUID of the attachment is
based on the GUID of the message, but not exact. The second hex byte
seems to be decremented as an offset of the attachment index from the
GUID of the message. At least in my one example.
# doveadm dump
/mailstore/doug/mail/mailboxes/Sent/dbox-Mails/dovecot.index | grep
guid | tail -1
- guid: 75eca8051acd276272310000f2bc99a3
With that actual GUID I can find the message with a search:
# doveadm search -u doug mailbox Sent guid
75eca8051acd276272310000f2bc99a3
doug e5711f1cf2c9294f71090000059b96e4 53526
Now let's try to track down another email when only the HASH-GUID
value is known. Here is one randomly picked.
./00/a2/00a2d5de3e41053d59bd10084826bbe094aa1c59-57857b09d1a327627e260000f2bc99a3
# doveadm search -A mailbox '*' guid 57857b09d1a327627e260000f2bc99a3
# doveadm search -A mailbox '*' guid 58857b09d1a327627e260000f2bc99a3
# doveadm search -A mailbox '*' guid 59857b09d1a327627e260000f2bc99a3
I repeated this incrementing and decrementing from 5085... through
5f85... and never located the message.
This seems like it should be trivial but I've been struggling with it
for days. The GUID isn't random, there must be a way to track the
attachment back. What am I missing?
And for those wondering why, our virus scanner flagged a number of
attachments, some with several links, and I want ask the users to
delete the offending messages so I can purge them from the server. If
I can find the emails I can give them the mail folder, date/time, and
subject of the message.
I keep experimenting with this and I still haven't found a reliable way
to track an attachment back to it's original message so I can either
notify the user or delete the message with doveadm. Is this not
possible? I'm using mdbox if that matters. I see a similar thread going
right now about virus scanning and deleting messages but that is maildir
and I suspect not using SIS for attachments.
--
Doug
