[Gllug] New EU data retention rules approved

Anthony Newman anthony.newman at uk.clara.net
Thu Dec 15 10:11:35 UTC 2005 

t.clarke wrote:
> Forgive my ignorance - I am fascinated to learn that Wanadoo already 'proxy'
> SMTP traffic and that it is easy to do.

If you have an ISP, all your data passes through their network already. 
Not viewing "the internet" as a nebulous thing "out there" rather than a 
relatively well orgaqnised collection of networking equipment is the 
first key to appreciating that providers can do exactly what they want, 
or are required to do ;-)

While people have argued that you could run an SMTP listener on any port 
to evade detection, the standard in the rest of the world is to receive 
mail via SMTP on a *destination port of 25*. You can't avoid that if you 
want to send email out to normal recipients. It is trivial to route that 
traffic through a smarthost. If you want to send data using SMTP to a 
pre-arranged recipient whose server listens on port 65525, you are 
welcome. FTP would be better though.

SMTP proxying is a good idea if you have potential spammers (whether 
they know it or not) within your network; fallout from spam attacks can 
involve a world of pain to providers. On the other hand, having your few 
outbound mail relays blacklisted is not a pretty sight. It also gives 
the potential for refusal to relay potentially malicious content, which 
will probably increasingly represent a legal risk to those held 
responsible for sending it, which will always implicate the ISP 
providing connectivity.

Actually inspecting the content of mail being transferred in detail in 
some "Big Brother" way seems unlikely to be required except in cases of 
direct intervention of the law, as I imagine there is still some element 
of privacy regarding interpersonal communiciation of law-abiding 
citizens. I could be wrong though.


> Surely, if we connect directly to the smtp port of a customer's machine,
> our ISP, in order to 'proxy' has to 'intercept' the entire data stream
> and process it for smtp commands - with loads of customers doing direct smtp
> surely this workload would be enormous?  I have always assumed that ADSL
> costs were relatively low because amongst other things the ISP was effectively
> just acting as a 'switchboard' and doing very little traffic monitoring other
> than basic bandwidth usage statistics?


As above, there is no "direct SMTP", but presently your ISP is unlikely 
to do anything other than pass the traffic to the appropriate network.


In terms of logging, the transit of an email usually results in the 
logging of several tens of bytes of data regarding the processing of the 
mail, which is about all you can log without intruding into the content 
of the mail, such as the headers (another can of worms).

When you start dealing with millions of mails a day, the burden 
obviously increases, but it is still a trivial task to maintain 
terabytes of logs, and increasingly cheaper. I've just had a quick look 
at some logs for a platform transmitting just over 2 million mails an 
average day, and that represents about 100MB of Exim main logs a day. To 
make a trivial and flippant example, at £100/300GB for cheap disk 
storage (who's going to waste SCSI on stupid logs the Government told 
you to keep :-)), that's about £10 for a year's storage (obviously 
ignoring the machine to plug it into, and the power to run it). Archive 
it on tapes, and the cost drops further.

I'm not arguing for it, as I have enough to do already, but the argument 
that ISPs are going to crumble under the strain is a little melodramatic.


Ant
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list