GAK-killing amendments?

Quentin Campbell Q.G.Campbell at newcastle.ac.uk
Fri, 7 Jul 2000 16:43:51 +0100 (GMT) 

On Mon, 3 Jul 2000, Roland Perry wrote:

> In article <Pine.SOL.4.21.0007030927220.15539-100000@aidan.ncl.ac.uk>,
> Quentin Campbell <Q.G.Campbell@newcastle.ac.uk> writes
> >I am intrigued by the source and chronology of the "two line sendmail
> >rule" suggestion. If the source was the Home Office people as you suggest
> >above then they were surprisingly well briefed about the capabilities of a
> >completely new facility in sendmail released only a few months previously.
> 
> I'm afraid I don't buy your suggestion that the idea was to use that new
> Sendmail facility and do the filtering off-site. Everything they have
> ever said has rubbed in the necessity for the target's communications to
> be filtered out *as much as humanly possible* BEFORE being sent off to
> the agencies [1]. And the amount of bandwidth they are talking about is
> only useful for already-filtered-out emails.
> 
> [1] Or now, GTAC acting as a redistribution centre for the agencies.

As my original posting on this subject made clear Sendmail filters can
attach to a Unix socket on the MTA system itself or to a network socket on
a separate machine.

This latter capability allows the possibility of all the "secret" stuff
being done by a mail filter running on a machine that is separate to the
MTA(s) on the CSP's premises.

I suggested that this separate machine could be located at GTAC but it can
just as well be located on the CSPs premises too; this also overcomes the
bandwidth problem that Roland identifies. The "mediation system" referred
to in the Smith Report could be put to good use as the filter host.

The Sendmail 8.10/8.11 distributions even helpfully include a sample
filter which logs all incoming email. It is very simple and is easy to
modify to restrict the logging to particular sender/recipient addresses.
The job of building an email interception facility cannot have been made
any easier.
 
It is ironic that just when the development of Sendmail can make trivial
the selection and delivery of email intercepts in the way required by the
Smith Report, Richard Clayton and others point out that few if any of the
major UK ISP's now run Sendmail as their MTA, preferring instead software
such as Exim!

So much for the research carried out by the Smith Report (3.1.1/3.1.2)
into "technical architectures currently used by CSPs"!


Quentin
--
PHONE: +44 191 222 8209     Computing Service, University of Newcastle
FAX:   +44 191 222 8765     Newcastle upon Tyne, United Kingdom, NE1 7RU.
-------------------------------------------------------------------------
"Any opinions expressed above are mine. The University can get its own."