[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Update to default exit policy
On Wed, 20 Aug 2008 11:34:41 +0100 Dawney Smith
<dawneysmith@xxxxxxxxxxxxxx> wrote:
>7v5w7go9ub0o wrote:
>
>>> There is a clear misunderstanding of the issue at hand by many people
>>> here. The exit policy was put in place to prevent connections between
>>> Tor users and the last hop (the end MX server), *not* to prevent
>>> connections between Tor users and SMTP relays, which is what everybody
>>> keeps repeating.
>>>
>>> There is no problem with a Tor user connecting to an SMTP relay and
>>> sending email. If they can do it using Tor, they can do it without using
>>> Tor, faster. In those cases, it is the administrator of the SMTP relay
>>> that is responsible to stop spam.
>>>
>>> Just to repeat the problem. It is Tor users connecting to the
>>> destination MX server that is the problem. Mail relay, not mail
>>> submission.
>>>
>>> Ports 465 and 587 are mail submission ports. Port 25 is for both
>>> submission *and* relay.
Port 587 is a mail submission port. I'm not so sure about 465, though.
A comment that I had left for myself in my torrc prompted me to check it out
again to refresh my memory. The lines pertaining to it in my /etc/services
say,
#smtps 465/tcp #smtp protocol over TLS/SSL (was ssmtp)
#smtps 465/udp #smtp protocol over TLS/SSL (was ssmtp)
urd 465/tcp # URL Rendezvous Directory for SSM
So I went back and dug it out (http://www.iana.org/assignments/port-numbers)
again:
urd 465/tcp URL Rendesvous Directory for SSM
igmpv3lite 465/udp IGMP over UDP for SSM
>>>
>>> I have a *lot* of experience with email administration on a very large
>>> scale, I know what I'm talking about.
Must be interesting. I don't think I ever had to handle more than
somewhere between 20,000 and 30,000 users, so it was fairly simple most of
the time. And, I mustn't omit, there was a very dedicated secretary down
the hall who dealt with things like forgotten passwords in between all her
regular duties. :-)
>>
>> Thanks for pursuing this!
>
>No problem. Hopefully the relevant people are taking note. Who exactly
>is responsible for setting the default exit policy, and what is their
>opinion on this matter?
>
>> 1. Your arguments make good technical sense.
>>
>> 2. In fact, many endpoints have already enabled those ports without
>> experiencing problems.
>
>Only a couple of dozen though unfortunately. If you ignore German and US
>exit nodes, I can only see 4 at the moment that will let me exit on port
>465.
Well, my server has had 465 open for a long time, but it is one of
the ones in the U.S. that you excluded above. I don't know offhand whether
an exit to 65 has ever been used on my server, but I've gotten no complaints
about it to date, so I don't currently see it as a problem.
I do keep 25 closed and basically for the same reason that I keep
6668-6999 closed.
>
>> 3. Many of us routinely handle our ssl email accounts via TOR, and your
>> proposal (open them by default) would help spread the load, as well as
>> reasonably expanding the default functionality of TOR.
>>
>> Thanks Again!
>>
>> (p.s. this post is being sent via ssl GMAIL, which will include the
>> "posting host" when using smtps. My posting host will be a TOR exit node
>> :-) )
>
>Ditto.
>
Fortunately for me, I don't need to do that at present, but given the
way of the world, I figure I probably will sooner or later.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************