Safe delete for mailboxes

Move it, adding a date based suffix. A cronjob should purge or archive.

Author: helmo

install/tpl/server.ini.master

@@ -52,6 +52,7 @@ relayhost_user=
 relayhost_password=
 mailbox_size_limit=0
 message_size_limit=0
+mailbox_safe_delete=y
 mailbox_quota_stats=y
 realtime_blackhole_list=zen.spamhaus.org
 overquota_notify_admin=y

interface/web/admin/form/server_config.tform.php

@@ -685,6 +685,12 @@
 			'default' => 'y',
 			'value' => array(0 => 'n', 1 => 'y')
 		),
+		'mailbox_safe_delete' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'y',
+			'value' => array(0 => 'n', 1 => 'y')
+		),
 		'mailbox_quota_stats' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'CHECKBOX',

interface/web/admin/lib/lang/en_server_config.lng

@@ -332,3 +332,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['mailbox_safe_delete_txt'] = 'Mailbox direct delete';

interface/web/admin/templates/server_config_mail_edit.htm

@@ -120,6 +120,12 @@
                     <a data-toggle="tooltip" title="{tmpl_var name='tooltip_stress_adaptive_txt'}">{tmpl_var name="stress_adaptive"}</a>
                 </div>
             </div>
+            <div class="form-group">
+                <label class="col-sm-3 control-label">{tmpl_var name='mailbox_safe_delete_txt'}</label>
+                <div class="col-sm-9">
+                    {tmpl_var name='mailbox_safe_delete'}
+                </div>
+            </div>
             <div class="form-group">
                 <label class="col-sm-3 control-label">{tmpl_var name='mailbox_quota_stats_txt'}</label>
                 <div class="col-sm-9">

server/plugins-available/mail_plugin.inc.php

@@ -429,8 +429,15 @@ function user_delete($event_name, $data) {
 		$maildir_path_deleted = false;
 		$old_maildir_path = $data['old']['maildir'];
 		if($old_maildir_path != $mail_config['homedir_path'] && strlen($old_maildir_path) > strlen($mail_config['homedir_path']) && !stristr($old_maildir_path, '//') && !stristr($old_maildir_path, '..') && !stristr($old_maildir_path, '*') && strlen($old_maildir_path) >= 10) {
-			$app->system->exec_safe('rm -rf ?', $old_maildir_path);
-			$app->log('Deleted the Maildir: '.$data['old']['maildir'], LOGLEVEL_DEBUG);
+			if ($mail_config['mailbox_safe_delete'] == 'n') {
+				$app->system->exec_safe('rm -rf ?', $old_maildir_path);
+				$app->log('Deleted the Maildir: '.$data['old']['maildir'], LOGLEVEL_DEBUG);
+			} else  {
+				// Move it, adding a date based suffix. A cronjob should purge or archive.
+				$thrash_maildir_path = $old_maildir_path . '-' . date("YmdHis");
+				$app->system->exec_safe('mv ? ?', $old_maildir_path, $thrash_maildir_path);
+				$app->log('Renamed the Maildir: ' . $data['old']['maildir'] . ' to ' . $thrash_maildir_path, LOGLEVEL_DEBUG);
+			}
 			$maildir_path_deleted = true;
 		} else {
 			$app->log('Possible security violation when deleting the maildir: '.$data['old']['maildir'], LOGLEVEL_ERROR);