[Dovecot] Shredding instead of deleting

Wed Sep 14 17:15:35 EEST 2011

On 14/09/11 15:06, Timo Sirainen wrote:

>> I have a wishlist item. Is there an appropriate place for me to post it?
>> Basically, I would like to know that my email isn't recoverable from the
>> local disk on the mail server after I delete it. So instead of just
>> deleting the file from my Maildir, I'd like the option to exist for
>> Dovecot to shred it.. Ie, overwrite the file with random data and/or
>> null bytes before deletion. In the same way that GNU shred behaves:
> 
> Well, the choices are:
> 
> a) Patch Dovecot sources
> 
> b) Use a LD_PRELOAD library to override unlink()
> 
> c) Use a FUSE filesystem that replaces unlinks with shredding
> 
> d) Wait until I've finished making dbox code use lib-fs, and write a lib-fs wrapper plugin that replaces unlink()
>
> I'm not anyway planning on distributing any of these solutions with Dovecot. It won't even work with newer copy-on-write filesystems (ZFS, BTRFS, etc.)

Is there no general wishlist area for Dovecot then? I didn't necessarily
expect the functionality to be packaged with Dovecot, but thought that
somebody might pick up the idea and write a plugin for it if it was
written down somewhere. From a privacy/security perspective, making sure
deleted email isn't recoverable does have real value for some people. I
did consider FUSE. I might tackle that one myself. I don't really have
the expertise to modify Dovecot it's self though.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20110914/c348105a/attachment-0004.bin>