marking dynamic ranges, was fixing insecure email infrastructure

Tue Jan 25 18:34:23 UTC 2005

On Tue, Jan 25, 2005 at 12:51:43PM -0500, Valdis.Kletnieks at vt.edu wrote:
> On Tue, 25 Jan 2005 09:43:06 PST, "J.D. Falk" said:
> > 	(I'm also surprised you need 300 servers to handle such a small
> > 	load -- what is that, ~3333 messages per server per day?)
> Some mail software scales better than others. ;)

And some laws are more braindead than others.

In Germany providers of telecommunications are not allowed to filter or
block communication if there is no evidence that it would result in
severe operational issues (no closer definition) like e.g. in a DoS.
Providers of telecommunications can also be companies that allow
their employees to receive private email (or better that do not
explicity forbid receiving private email in the contract). This means
you cannot easily implement and activate spam filters without
permission and a lot of legal mumbo jumbo with each
user/employee/customer. So we host mailservers just like
we host webservers. Now the mailserver is under the authority of the
customer and we "only" do software/security management, but the
customer is activating (content) filters, virus scanners and blocks
within their own responsibility via web interfaces.

Also, there is a new law since 1.1.2005 which forces providers of
telecommunications that run more than 1000 Mailboxes to purchase
and operate "black boxes" that replicate all email traffic and
make it available to government investigators/law enforcement agencies.

Because all of this we gave up on the concept of one single mailserver
(cluster).

	\Maex
-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"