My vendor's database has been stolen and I started to receive spam messages in a huge amount. It is being sent by spambots / spam scripts, so sender and recipient email addresses are always fake. The only common thing is that these messages are:
- Always delivered in three copies (to all three addresses of mine)
- Always with exactly the same title and content
Since there is a very little chance that any legitimate sender will send three exactly the same copies of the same message, I was wondering, if there is any way filter out all messages that appears in Inbox that exists there in exactly three copies?
doveadm fetch ... | sort | uniq -c | grep "^3 " | cut -f2 | xargs -r .. doveadm copy tempfolder ... && sa-learn --spam temfolder/