[Dovecot] using Lazy_Expunge to enforce retention policy
Jim Salter
jim at jrs-s.net
Sun Jul 25 22:37:00 EEST 2010
Hi,
I've been experimenting with using Lazy_Expunge as a tool to enforce
document retention policies (by keeping users from deleting emails
forever, instead expiring them after a set time). My problem is, how do
I keep the user from deleting/expunging mails *inside the expunge folder
itself*?
I am using dovecot-1.2.10 built from FreeBSD's ports tree, and I am
using the following settings for the "expunged" folder of Lazy_Expunge,
as part of the "three namespaces" approach suggested in the wiki:
# namespaces for lazy_expunge plugin:
namespace private {
prefix = .EXPUNGED/
separator = /
location = maildir:/usr/local/vpopmail/domains/%d/%n/EXPUNGED
}
When a user expunges mail, it shows up in the folder listed just fine.
But if the user expunges mail from /that/ folder, it's gone forever,
which defeats the purpose in regard to "enforcing retention."
As a partial workaround, I tried adding hidden=yes and list=no to the
setting, and restarting dovecot:
# namespaces for lazy_expunge plugin:
namespace private {
prefix = .EXPUNGED/
separator = /
location = maildir:/usr/local/vpopmail/domains/%d/%n/EXPUNGED
hidden = yes
list = no
}
The problem is, while this does indeed *hide* the namespace from the
user, it doesn't prevent them from *using* it if they know about it - I
discovered this because Thunderbird still "remembered" the namespace
from before I hid it; experimenting confirmed that, yes, I could still
use Thunderbird to go into my expunged folder and permanently delete any
email in it. If I remove the account from Thunderbird *completely* and
reset it up from scratch, I can no longer "see" the namespace - but
that's weak security at best, as I can still manually navigate to it and
wreak havoc.
How can I use Lazy_Expunge to completely PREVENT users from deleting
email permanently?
Thank you!
More information about the dovecot
mailing list