[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Abuse complaint 418289



> Port 22 is ssh, so turning it off would mean your relay won't be the exit
> point for helping people reach their ssh servers while protecting their
> communications metadata. Exiting to port 22 is a helpful thing to do

Yes.

> Port 465 is for secure mail delivery,
> which probably doesn't work so well over Tor these days anyway.

There are some onion services and nodes that directly deliver
outbound via exits to clearnet destinations. They tend to
be unreliable for obvious reasons of today's spam preventions.

Other implementations of Tor mail services rent a frontend
domain and clearnet shell, tunnel the Tor mail to that point
on clearnet via onion or exit, and deliver it on to clearnet
destinations from there. That model does not need 465.

Unfortunately there is some legacy mashup for sending mail,
regarding server and users use of "smtp" 25 and "smtps" 465,
and variously plaintext or tls or starttls on top of those ports.

Fortunately these days 25 and 465 hardly enable or
document for user use anymore.

> wonder what they meant by 576, and if it's a transcription error and
> they meant some other port (like 587).

Same here for 576.

587 is submission protocol, dedicated to authenticated users
sending mail smtp over starttls.

As with fetching pop3s 995 and imaps 993, sending submission 587
is critical for use with users mail clients.

pop3s 995 and imaps 993 are not any nuisance at all.
submission 587 could be spammy but gets account nuked quickly.
ssh 22 is just internet scanning noise with occaisional crack.

You could negotiate away 567 for free.
See about discussing proportion of 22 noise coming from exit
versus clearnet, and the huge legit use it has.
And keep the three mail client ports as equally legit.

You could also analyse all the exits in consensus
to see which ports are at risk of not having enough
exit support and thus might be more needed.
And publish your analysis project results.

Since you operate exits, you might want to join
tor-relays@xxxxxxxxxxxxxxxxxxxx
where all these things and more help are in the archives.
ttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

And there are wiki.torproject.org pages to list
results of searches for ISP's.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk