RE: [Exim] send copy of bounce message to postmaster

Página Inicial
Delete this message
Reply to this message
Autor: Nico Erfurth
Data:  
Para: Tony Earnshaw
CC: exim-users@exim.org, Nigel Metheringham
Assunto: RE: [Exim] send copy of bounce message to postmaster
On 9 Feb 2003, Tony Earnshaw wrote:

> >      2. bounces of a local user sending to an unknown remote user
> >         (unless this is 550-d in the SMTP then you are going to have to
> >         do heuristics on incoming mail and intercept some based on that
> >         - as I understand German law this would be *very* illegal)

>
> </snip>
>
> This is obviously OT for pure Exim stuff, but should be of interest to
> very many Europeans.
>
> <snip>
>
> > Frankly with EU data protection law as it is I would strongly advise you
> > *never* copy mail to postmaster unless you have good legal opinion
> > supporting the alternatives. You can get all the required detail for
> > diagnosis from the logs.


If I understand the german data protection law correctly (I heard a
speech about it some months ago) one is not allowed to log things not
directly related to the system. So the usual exim logs could be a breach
of the german law :-/. And I thing thinks like subject logging etc are not
allowed at all, unless your users knew about it.

> </snip>
>
> Not quite sure what you're on about here, and *no-one* else has shown
> the least reaction. I've lived in Holland, since 1976, but:
>
> 1: Why would it, according to German law, be illegal to do heuristics on
> bounced incoming mail? Why would an smtp 550 be acceptable in such a
> case?
>
> Nico E.?


Doing automated actions on the mail to find out about what happens should
be fine, but copying a bounced mail to a human could be a breach (if it
contains any personal information, even the subject could be problematic
here) of german law.

But a funny thing about the german (but maybe it's also EU) law is, that
IF you log informations you have to give it out to federal agencies if
required, so they are allowed to use informations, you aren't allowd to
log .....

As an example, normaly german flatrate ISPs are not allowed to log
connection times of their users, because it's not needed for billing or
something else, but one month ago or so, the biggest german ISP gave out
informations about a (flatrate)user (to track him).

Btw, the common apache log format isn't allowed in germany (because it
logs IPs and urls together) if you act strictly after the law....

Nico