Re: Cleaning up deleted users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Deborah,


On Wed, Aug 7, 2024, at 13:39, Deborah Pickett wrote:
Hi everyone,

When someone leaves our company I bundle up all their email folders into 
a zip file, store that in our glacier backups for legal reasons, and 
then I use cyradm to delete all their mailboxes on the live server.

I suspect that this isn't completely sufficient to remove all trace of 
the user though. As space is tight on our mail server I want to clean up 
better.

If you compile in the replication code (--enable-replication to configure) then you'll have the sync_reset binary.  It can be used to wipe all data about a user from a server; sync_reset -f username 

If the user has access to other mailboxes (shared, or delegated by 
another user) then they'll still have ACLs on those folders. I can 
delete these with cyradm's dam command, easy.

Yep, they definitely need to be done through the APIs

There are entries in the various databases in /var/lib/cyrus/*. I assume 
that I can use cyr_dbtool judiciously to delete these.

I would hope not much.

I see per-user databases in /var/lib/cyrus/domain/x/xxx/user/y/yyy.*. 
Can I just delete these from the filesystem without disrupting imapd?

Yes, it will be safe to remove anything there that's not currently in use, though... ideally it's been cleaned up when you deleted the user.

I see per-user quota files 
in /var/lib/cyrus/domain/x/xxx/quota/s/user.yyy*. Can I just delete 
these from the filesystem without disrupting imapd?

Yes, they're fine to delete when not in use too.

I see there are files left behind by squatter in 
/var/spool/cyrus/search/mail/domain/x/xxx/y/user/yyy/xapian. Can I just 
delete these from the filesystem without corrupting the index for other 
users?

Yep, the Xapian directories can be cleaned up when the user is deleted.  And the xapianactive file for them too.

The user's directory records are deleted so there's no risk of further 
mail being delivered through lmtp, and the user is unable to 
authenticate to imapd.

Have I missed anything?

I don't think so - but I do recommend sync_reset, because it does all that work with the correct locks as well to make sure nothing tries to create the same user as it does the deletes.

Regards,

Bron.


--
  Bron Gondwana, CEO, Fastmail Pty Ltd
  brong@xxxxxxxxxxxxxxxx


[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]
  Powered by Linux