[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Update to default exit policy



Dawney Smith wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

krishna e bera wrote:

I'm not clear on how authentication (on any port) stops spam,
other than the ISP cutting off a given userid after complaints.
A lot of spam already comes from malware infected computers via their legitimately configured email. Those computers are probably not using Tor, let alone transparent proxy, but malware could grab their credentials and then use Tor on another host to send out spam over port 587,
if that port was allowed in exit policies.

There is a clear misunderstanding of the issue at hand by many people
here. The exit policy was put in place to prevent connections between
Tor users and the last hop (the end MX server), *not* to prevent
connections between Tor users and SMTP relays, which is what everybody
keeps repeating.

There is no problem with a Tor user connecting to an SMTP relay and
sending email. If they can do it using Tor, they can do it without using
Tor, faster. In those cases, it is the administrator of the SMTP relay
that is responsible to stop spam.

Just to repeat the problem. It is Tor users connecting to the
destination MX server that is the problem. Mail relay, not mail submission.

Ports 465 and 587 are mail submission ports. Port 25 is for both
submission *and* relay.

I have a *lot* of experience with email administration on a very large
scale, I know what I'm talking about.

Thanks for pursuing this!

1. Your arguments make good technical sense.

2. In fact, many endpoints have already enabled those ports without
experiencing problems.

3. Many of us routinely handle our ssl email accounts via TOR, and your
proposal (open them by default) would help spread the load, as well as
reasonably expanding the default functionality of TOR.

Thanks Again!

(p.s. this post is being sent via ssl GMAIL, which will include the "posting host" when using smtps. My posting host will be a TOR exit node :-) )