Topic: Searching and deleting phishing emails
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: CentOS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
we get quite a lot of phishing emails that come from hijacked legal email accounts so they easily go through the filters and they arrive into users inbox.
Currently we are doing manual procedure of searching and deleting emails from the whole server.
- We get phishing emails into our collector account
- We check the content and manually set the search parameter based on it
- We search for emails for all account based on from, subject, date, message-id and also body (but this takes a long time)
sudo -u vmail doveadm search -A mailbox INBOX subject 'Preverjanje računa !' from "nkbm" BEFORE 2022-11-25 SINCE 2022-11-24 sudo -u vmail doveadm search -u firstname.lastname@example.org mailbox INBOX subject 'račun za preverjanje!' from "@smartr.me" HEADER message-id "@22.214.171.124" BEFORE 2022-10-04 SINCE 2022-10-03
- We check the search results if the are really phishing emails
- We delete or put into spam
sudo -u vmail doveadm expunge -A mailbox INBOX subject "račun za preverjanje" from "@smartr.me" or we do a little more secure way, by only doing move or expunge on users that were in search results sudo -u vmail doveadm move -F 24_11_2022_users.txt Junk mailbox INBOX subject 'Preverjanje računa !' from "nkbm" BEFORE 2022-11-25 SINCE 2022-11-24
Now my question is if it is possible to implement some way fighting phishing emails into iRedAdmin-Pro, at least some way of securely deleting phishing emails from all the email accounts.
This cannot be fully automatic, but we could get a lot of steps down if we provide admins a simple way to identify phishing and then search for similar messages, verify them and in the end delete or move to spam.
Or how do we implement more advanced protection against phishing emails?
Thank you very much!
----Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.