[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SORBS vs Tor and the world



Nick Mathewson wrote:

On the other hand, if your only goal is to block anonymous SMTP, and
you agree that blocking all Tor servers is very overreaching, you
might instead try looking at the more targetted DNSEL service
available at
   http://exitlist.torproject.org/
It lets you block _exactly_ those servers that relay traffic on given
ports to your address.  For a more thorough rationale, and a fairly
detailed spec of how to make a compatible implementation, see
   https://www.torproject.org/svn/trunk/doc/contrib/torel-design.txt

For reference, one might use this list in an ACL chunk in Exim4 as follows:

deny dnslists = $interface_port.${sg{$interface_address}{\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}{\$4.\$3.\$2.\$1}}.ip-port.exitlist.torproject.org=127.0.0.2 message = $sender_host_address is running a Tor exit node that exits to $interface_address:$interface_port

Mike