Open sherief opened 1 year ago
Mox currently does not have a way to prevent users from deleting messages in their accounts.
Each email message is stored in a separate file, data/accounts/<accountname>/msg/<dirseq>/<msgseq>
, where msgseq is the id of the database record of the message metadata as stored in the database file (in data/accounts/<accountname>/index.db
), dirseq is derived from msgseq and helps keep the number of files in each directory reasonable. Metadata in the database includes message flags (junk, archived, seen, etc), SMTP from/to (as opposed to the From/To headers in the message), IP of the remote mail server, spf/dkim/dmarc validation results, etc.
An account can remove their own messages, and mailboxes with messages, using IMAP. In IMAP, messages are typically first marked as "Deleted", and then "expunged". The expunge actually deletes them, both from the database and from the file system.
I don't think it's a good idea to prevent expunge from working, i.e. to have it return an error. That will probably cause problems with IMAP clients. I think a better approach would be to move messages away to some place when they are expunged. Perhaps to an otherwise read-only mailbox that users can still access.
I presume at least someone needs a mechanism to view the removed emails. If not the user themselves, then perhaps an admin. Mox also doesn't yet have a way to give a user access to another user's mailboxes. IMAP as protocol does allow for it, so it could be implemented.
Do you know how other mail server software is handling this? At the companies I've worked and had an email account I haven't encountered this setup. At least not without my knowledge. If it would have been done without me knowing it, I wouldn't feel happy about it.
Is it a regulatory requirement to keep all emails? And does the same apply to outgoing messages (they are currently also not saved by mox itself, but typically stored in a Sent IMAP folder by email clients)?
I unfortunately don't know how other server software is doing it. For my needs at least saving a copy of the message file in a retention folder on the server is sufficient, it doesn't have to be accessible over IMAP as long as the server admin(s) can access it. Sometimes this is a regulatory requirement, other times it's a client request for some projects (with mox, I can spin a separate email server for each project for inter-team communication, which is great!)
Is it possible to configure mox in such a way that messages are never fully deleted, or can not be deleted (only trashed) by users? I'm interested in using it in a small business setting, and this is desirable. I poked around the data dir a bit, but I'm not 100% sure what happens with deleting messages and I don't want to guess.