* Quanah Gibson-Mount <quanah_at_zimbra.com>:
> --On Monday, August 20, 2012 8:11 AM +0200 Patrick Ben Koetter
> <p_at_state-of-mind.de> wrote:
>
> >>now, if the milter fail, the mail still stay in a queue at *your* server.
> >
> >Which, of course, is illegal in Germany and that's why you need to run pre
> >queue filters in Germany only. A product that doesn't follow that path
> >will have it hard on the German market.
>
> So having postfix queue if Amavis is down is also illegal in
> Germany, when accepting local mail for delivery? That seems... odd.
> Can you point me to the law in question?
You can find a German version of "§206 - Verletzung des Post- oder
Fernmeldegeheimnisses" at <
http://dejure.org/gesetze/StGB/206.html> and here's
my understanding of the law:
Legal advice:
I am no lawyer, so don't quote me on that (because I could be sued for that
as I am no laywer ...). If you want some advice to rely on please ask a
lawyer.
The law basically says - see §206, (2), 2. - you must not suppress a mail
delivery to the recipient once you've accepted it for delivery. The law was
written with paper mail in mind, but gets applied to electronic mail as well
in Germany.
Filtering mail in Germany lawfully means:
- filter pre-queue
- do not suppress once you've accepted the message for delivery
That in general is not a problem. Wietse and Mark have dedicated some extra
work to the German mail situation and came up with smtpd_proxy_filter,
speed_adjust and other optimizations for SMTP based filtering to provide a
fast and reliable system.
Of course, just as you already mentioned for MILTERs, there's no way for
Postfix to queue the message if a pre queue SMTP filter or a MILTER fails.
I, personally, don't think this is a real problem because I expect to find
only 'real mail clients' (aka mail servers) on port 25 and they implement a
queue. If, for any reason, the MILTER or SMTP filter fails a TEMPFAIL reply
make the message sit and wait in the sending servers mail queue. The message
isn't lost and if the problem on the server side gets repaired within
reasonable time it will be delivered.
I even think that this is better, because this way the sender may receive a
deferral notification from her own server. This would likely not be the case
if the receiving server would accept the message and make the sender believe
the message has (already) been delivered to the recipient.
The only downside we run into when we implement SMTP filters lawfully in
Germany is we cannot run different policy actions on messages to multiple
recipients - its either ACCEPT or REJECT, but not ACCEPT for recipient A and
REJECT for recipient b. SMTP was not made to allow something like that. Claus
Assmann came up with a SMTP command to allow that, but to my knowledge if
hasn't become a standard. <- HINT for msk. ;)
p_at_rick
--
state of mind ()
Digitale Kommunikation
http://www.state-of-mind.de
Franziskanerstraße 15 Telefon +49 89 3090 4664
81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
Received on Mon Aug 20 2012 - 08:08:50 PST