[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Exact criteria for receiving a BadExit flag

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Exact criteria for receiving a BadExit flag
From: forest-relay-contact--- via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 25 Nov 2025 20:58:54 -0000
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
Reply-to: forest-relay-contact@xxxxxxxxxxxxx
User-agent: HyperKitty on https://lists.torproject.org/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello.

I contacted an exit operator who had BadExit flags on the same host
that I run an exit on and we discussed possible reasons for this.
Eventually, we jointly set up a new relay on that host and I configured
it exactly as I had configured my own relay, and it still obtained the
BadExit flag. So far, these are the exact steps I took to configure it:

 - Unbound is configured to use a second, clean IPv4
 - sysctls are tweaked to ensure conntrack  does not drop connections
 - torrc is configured with safe, sensible exit defaults

And it still obtained a BadExit flag. We had discussed whether there
was a possibility that his family was "tainted" and somehow the BadExit
flag was being applied to new exits on his relay family, but starting
up a new relay unrelated to his did not help. We tried disabling
Unbound and instead using a popular upstream DNS resolver, but that did
not prevent a BadExit from being issued either.

What other troubleshooting steps are suggested? The provider does not
censor or block anything, and I have been successfully running an exit
on their infrastructure for more than a month, but when he sets one up,
even if he configures it identically to the way I configure mine, it
receives a BadExit flag within a matter of days.

The criteria for issuing the BadExit flag do not seem very clear. Since
it is not a flag intended to be issued to malicious exits, I would like
to understand the exact criteria for being issued a BadExit, beyond the
vague explanations that I can find on the Gitlab. Note that I am only
asking about the automated flag, not about the (potentially sensitive)
policies behind determining whether or not a relay is malicious and
should be manually excluded from the consensus.

Regards,
forest
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvLrj6cuOL+I/KdxYBh18rEKN1gsFAmkmGG8ACgkQBh18rEKN
1guZhxAAxUFcZm1SuoCO5OOST915LtPPmZ6mizq+NUfS3tPoJj6zKRd/grZJYIRj
TZzw7JqK62ajtMJLQcLLKuMNMHYZmzr0DP8jVo/JAoh/rcGIqXL+jWIupDDxIQG7
Mf25OF6OrhNb23HTwrudJIiM/PFH6Yyoj0hlDBxpSu3IcopP9xxPwPKYXQjgaZEx
mJPpbTb86vrs1TmBQ7C7W6pBoq6zOtne2NfqC6SJ1UNpk/dYxQnknuFYLDeaSPdz
qNkh/h2Ua0a0ASGswxTRatd2epkDKrJHoVJ5t/WBPnzPOUJdo6D26oLr1bKzSTM1
+nKkd5ws5b2d8Fi+FQk7LbgiLBSdGAIFL3bBL3FD5ERE+1LkOTaOs9wR0dlIFNRV
4draROjsgfYIw0LavO+O8EEbS5R5xyf5RNIueNMpqbV/IGhoYLYUUfdqITB1swHr
jFaEUoNIFAvBS1qp+9ApjmQJ/J2CiPZJ7Su73v6vA9Qq6Amv3ruMK+w5sqO1BpFB
V9L/pr/ZB3619SyqMVN2e+M58xDumwwMTHK1AVIGHZLlff5VYR4rBtqXR1T0qPKl
AdliLh39C+oBFD0q+12tbucjjJjg8LiiZfo7KReZDpN78zJWxtR+Z57/XfXYDqJd
9FDJdYAm4qLa9wEzAUslEdrfGnokYJQQcI07eNqPFgnl4B80V4I=
=N2Ia
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- [tor-relays] Re: Exact criteria for receiving a BadExit flag
  - From: Georg Koppen via tor-relays

Prev by Author: [tor-relays] Re: Intentionally obtaining a MiddleOnly flag
Next by Author: [tor-relays] Running a relay and bridge on the same /24
Previous by thread: [tor-relays] Re: OrNetStart AROI
Next by thread: [tor-relays] Re: Exact criteria for receiving a BadExit flag
Index(es):
- Author
- Thread