[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Re: Strange SMTP attempts from my tor relay
![]()
Hi,
I have to agree on this one, figure out which IP addresses are being
connected to. I have relays running on all kinds of popular ports
(80,143,443,465,587,995 and some more), I would strongly advise not to
block ports 465 or 587 as was suggested somewhere earlier in this
thread. The port you should block, and most likely is already blocked by
your provider, is port 25. I recognize some of the IP's in this list as
mine, like 37.221.209.198 for example belongs to 3 of my Hungarian guards.
Kind regards,
Dennis Bronk.
On 6/11/26 12:05, Roger Dingledine via tor-relays wrote:
> On Thu, Jun 11, 2026 at 04:01:49AM -0500, TheMadHacker Schism via tor-relays wrote:
>> That is a bad actor on tor, attempting to send spam email that uses smtp
>> ports to using your tor node as a relay
>> [...]
>>> I have noticed that my firewall registers connection attempts from my
>>> tor-server on port 465 and 587. My relay performs normally, so it appears
>>> that they have no significance for the operation.
> Hm, maybe it is the bad actor you describe, but another option is that
> these are normal Tor relays listening with their ORPort on port 465 or
> 587. There is nothing sacred about these numbers, and people can pick
> them for their ORPort, and it could even be a good idea if it means
> they are reachable from behind firewalls that other destination ports
> wouldn't allow.
>
> There is nothing wrong here, but you are right that some sysadmins
> might misunderstand what is going on and get upset at you for making
> connections on that port.
>
> There are 31 relays running with their ORPort set to 465:
>
> $ grep "^r " cached-consensus |grep " 465 "|cut -d' ' -f7-8|sort -n
> 31.57.219.143 465
> 37.221.209.198 465
> 45.80.171.211 465
> 45.84.107.101 465
> 45.84.107.128 465
> 45.84.107.142 465
> 45.84.107.172 465
> 45.84.107.174 465
> 45.84.107.17 465
> 45.84.107.182 465
> 45.84.107.198 465
> 45.84.107.222 465
> 45.84.107.236 465
> 45.84.107.33 465
> 45.84.107.44 465
> 45.84.107.47 465
> 45.84.107.54 465
> 45.84.107.55 465
> 45.84.107.74 465
> 45.84.107.76 465
> 45.84.107.84 465
> 45.84.107.97 465
> 65.108.136.190 465
> 81.232.160.94 465
> 95.217.112.245 465
> 103.167.234.110 465
> 176.123.3.14 465
> 194.147.140.101 465
> 194.147.140.102 465
> 194.147.140.106 465
> 194.147.140.107 465
>
> and a smaller but still non-zero set listening with their ORPort on 587:
>
> $ grep "^r " cached-consensus |grep " 587 "|cut -d' ' -f7-8|sort -n
> 45.80.171.211 587
> 45.84.107.142 587
> 45.84.107.236 587
> 45.84.107.44 587
> 45.84.107.84 587
> 78.34.104.67 587
> 89.25.152.215 587
> 89.58.5.0 587
> 89.58.54.129 587
> 89.58.56.112 587
> 94.142.241.153 587
>
> --Roger
>
> _______________________________________________
> tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx