Hi Deborah,
On Wed, Aug 7, 2024, at 13:39, Deborah Pickett wrote:
Hi everyone,When someone leaves our company I bundle up all their email folders intoa zip file, store that in our glacier backups for legal reasons, andthen I use cyradm to delete all their mailboxes on the live server.I suspect that this isn't completely sufficient to remove all trace ofthe user though. As space is tight on our mail server I want to clean upbetter.
If you compile in the replication code (--enable-replication to configure) then you'll have the sync_reset binary. It can be used to wipe all data about a user from a server;
sync_reset -f username
If the user has access to other mailboxes (shared, or delegated byanother user) then they'll still have ACLs on those folders. I candelete these with cyradm's dam command, easy.
Yep, they definitely need to be done through the APIs
There are entries in the various databases in /var/lib/cyrus/*. I assumethat I can use cyr_dbtool judiciously to delete these.
I would hope not much.
I see per-user databases in /var/lib/cyrus/domain/x/xxx/user/y/yyy.*.Can I just delete these from the filesystem without disrupting imapd?
Yes, it will be safe to remove anything there that's not currently in use, though... ideally it's been cleaned up when you deleted the user.
I see per-user quota filesin /var/lib/cyrus/domain/x/xxx/quota/s/user.yyy*. Can I just deletethese from the filesystem without disrupting imapd?
Yes, they're fine to delete when not in use too.
I see there are files left behind by squatter in/var/spool/cyrus/search/mail/domain/x/xxx/y/user/yyy/xapian. Can I justdelete these from the filesystem without corrupting the index for otherusers?
Yep, the Xapian directories can be cleaned up when the user is deleted. And the xapianactive file for them too.
The user's directory records are deleted so there's no risk of furthermail being delivered through lmtp, and the user is unable toauthenticate to imapd.Have I missed anything?
I don't think so - but I do recommend sync_reset, because it does all that work with the correct locks as well to make sure nothing tries to create the same user as it does the deletes.
Regards,
Bron.
--
Bron Gondwana, CEO, Fastmail Pty Ltd
brong@xxxxxxxxxxxxxxxx