diff --git a/roles/queue/files/wipe-mailbox.sh b/roles/queue/files/wipe-mailbox.sh
new file mode 100644
index 0000000000000000000000000000000000000000..07e95cc3030fa8b5a1390e7cfe5a5c213a839a89
--- /dev/null
+++ b/roles/queue/files/wipe-mailbox.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+confirm=0
+mailbox=
+while [ $# -gt 0 ]; do
+    case "$1" in
+        --yes-i-am-sure)
+            confirm=1
+            ;;
+        -*)
+            echo "Unkown option $1" >&2
+            exit 2
+            ;;
+        *)
+            # First argument is the mailbox name.
+            if [ -n "${mailbox}" ]; then
+                echo "Too many arguments ">&2
+                exit 2
+            fi
+            mailbox="$1"
+            ;;
+    esac
+    shift
+done
+
+if [ -z "${mailbox}" ]; then
+    echo "Usage: $0 <mailbox>" >&2
+    exit 2
+fi
+
+if [ $confirm -ne 1 ]; then
+    echo "You did not pass the confirmation option --yes-i-am-sure!" >&2
+    exit 1
+fi
+
+set -euo pipefail
+
+# Get the list of mailboxes in an array.
+readarray -t mailbox_list < <(doveadm mailbox list -u ${mailbox} 2>&1)
+
+# Expunge each one.
+for m in "${mailbox_list[@]}"; do
+    doveadm mailbox expunge -u "${mailbox}" mailbox "${m}" all
+done
+
+doveadm purge -u "${mailbox}"
+
+exit 0
diff --git a/roles/queue/tasks/main.yml b/roles/queue/tasks/main.yml
index 891de84387abb0f2cf33de1fb42031aa4b78a726..ae4e8d703842df5cb1d4e2c12b3ef953d37f4ce6 100644
--- a/roles/queue/tasks/main.yml
+++ b/roles/queue/tasks/main.yml
@@ -37,3 +37,29 @@
       export ENQ_SSL_CA=/etc/credentials/x509/enq/ca.pem
       export ENQ_AUTH_TOKEN={{ enq_shared_secret }}
       export ENQ_SERVER_ADDR=queue.{{ domain }}:3373
+
+- name: Install wipe-mailbox.sh
+  copy:
+    src: "wipe-mailbox.sh"
+    dest: "/usr/local/bin/wipe-mailbox.sh"
+    owner: root
+    group: root
+    mode: "0750"
+
+- name: Create /etc/enq/worker.d
+  file:
+    path: "/etc/enq/worker.d"
+    state: directory
+    owner: root
+    group: root
+    mode: "0750"
+
+- name: Install work scripts
+  template:
+    src: "{{ item }}"
+    dest: "/etc/enq/worker.d/{{ item }}"
+    owner: root
+    group: root
+    mode: "0750"
+  loop:
+    - "wipe-mailbox"
diff --git a/roles/queue/templates/wipe-mailbox b/roles/queue/templates/wipe-mailbox
new file mode 100644
index 0000000000000000000000000000000000000000..7c292125a91b5b075406eaf1ae356ee8a6612e0f
--- /dev/null
+++ b/roles/queue/templates/wipe-mailbox
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+# Read the mailbox name as the first argument in the JSON list of
+# arguments passed on stdin.
+mailbox=$(jq -r '.[0]')
+
+if [ -z "${mailbox}" ]; then
+    echo "Invalid argument" >&2
+    exit 2
+fi
+
+# Wipe the abovementioned mailbox.
+echo "wiping mailbox ${mailbox}" \
+    | logger -t wipe-mailbox
+
+set -e
+
+/usr/local/bin/wipe-mailbox.sh --yes-i-am-sure "${mailbox}"
+
+# Output an empty object.
+echo '{}'
+
+exit 0