Privacy (GDPR)¶
Under Privacy, features for meeting GDPR requirements are provided.
Mail Archiving (BCC Archive)¶
nmg can store a copy of all inbound and outbound mails in an encrypted blob archive (BCC archive).
| Setting | Description |
|---|---|
| Enabled | Enable/disable archiving |
| Direction | inbound, outbound, or both |
| Encryption | Public GPG key for archive encryption |
| Retention | Maximum archiving period in days |
| Exceptions | Addresses or domains excluded from archiving |
Archived mails are stored under /var/lib/nmg/blobs/YYYY/MM/DD/ as encrypted blob files.
Legal review required
Archiving employee emails may require a works council agreement or equivalent under local labour law. Seek legal advice before enabling.
Access Requests and Deletion¶
On request from a data subject (Art. 15 and 17 GDPR), mails can be searched and deleted across all storage locations:
- Privacy → Search: Enter the data subject's email address
- nmg searches in:
- Mail logs
- Quarantine
- BCC archive (if enabled)
- Found records can be deleted individually or all at once
Data Minimisation¶
The following settings reduce the amount of data nmg stores:
- Quarantine Retention: Shorter interval reduces stored mail copies → Mail Configuration
- Log Retention: Default 90 days; adjustable in database administration
- Archiving Disabled: No BCC archive created (default)
Technical and Organisational Measures (TOMs)¶
nmg meets the following TOMs:
| Measure | Implementation |
|---|---|
| Encryption in transit | TLS 1.2/1.3 for SMTP (inbound and outbound) and HTTPS |
| Encryption at rest | BCC archive optionally GPG-encrypted |
| Access control | Role-based admin model, API keys with limited scope |
| Logging | Immutable audit log of all admin actions |
| Cluster communication | mTLS with mutual certificate authentication |
| License control | Separate license per node, not shareable cluster-wide |