[Dovecot] Shredding instead of deleting

[Timo Sirainen]

On 14.9.2011, at 17.15, dovecot at lists.grepular.com wrote:

> On 14/09/11 15:06, Timo Sirainen wrote:
> 
>>> I have a wishlist item. Is there an appropriate place for me to post it?
>>> Basically, I would like to know that my email isn't recoverable from the
>>> local disk on the mail server after I delete it. So instead of just
>>> deleting the file from my Maildir, I'd like the option to exist for
>>> Dovecot to shred it.. Ie, overwrite the file with random data and/or
>>> null bytes before deletion. In the same way that GNU shred behaves:
>> 
>> Well, the choices are:
..
> Is there no general wishlist area for Dovecot then?

There's my internal TODO list distributed with source code :)

> I didn't necessarily
> expect the functionality to be packaged with Dovecot, but thought that
> somebody might pick up the idea and write a plugin for it if it was
> written down somewhere.

I guess some wishlist page could be added to wiki, but I don't know if it would be all that useful. Few people want to code features they don't want themselves, and things I want to add are already being added to my own TODO list.

> From a privacy/security perspective, making sure
> deleted email isn't recoverable does have real value for some people. I
> did consider FUSE. I might tackle that one myself. I don't really have
> the expertise to modify Dovecot it's self though.

The LD_PRELOAD way would be simple. Probably 10-20 lines of C code for something that would replace unlink()s to mail files with fork+exec to /usr/bin/shred.