[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Forwarding email ports
(responses inline) :
I read through the january archives on email ports, specifically 465,
587, and 995.
First, are these the ports needed to support standard secure email
(SMTP and PoP)?
Except for tcp/587 (submission), yes. 465 is smtps (smtp via SSL) and
995 is pops (pop via SSL). tcp/587 is part of the "standard" exit policy
(deny).
Second, why were there three of them for two protocols? Did I
misunderstand something?
Nope .. 587 is an alternative to 25. Unlike the other two, it's not
encrypted.
Third, what are the implications -- both security, and legal -- if I
open these on my machine. I'm thinking in particular, that:
1. If only one exit node is outputting these ports, it becomes an
obvious snoop target -- how does that affect security?
Well, with TOR (and any anon proxy) you've got to trust the exit
operator. This is why TOR says you should only trust it for transport,
not end-to-end security, and you should use your own transport-layer
security (eg: ssl, tls, ssh, ...)
2. If I'm forwarding email, am I likely to find my site "blacklisted"
somewhere?
Yep .. 100%. Open proxies are an email-admin's worst friend. Exiting
tcp/25 is a sure way to never send email again from that IP. Also, many
websites that you probably enjoy (craigslist, slashdot, etc) have been
hassled by tor-wielding vandals one-too-many times and will block even
read-only access. Thus, it's wise to have the TOR box on a separate IP
(that you'll never-ever need again .. the one we used here -- 5.13 -- a
year ago is still blocked a number of places).
3. Am I likely to get some sort of "Cease and desist" letter, or other
legal hassle, for this?
Maybe .. but those are easy to respond to. A standard "I'm a TOR exit.."
email usually does the trick. See the archives for examples .. I've
posted one (SXW format) that has worked for $3_letter_agency subpoenas.
4. Since my machine has about 22K/s bandwidth, how likely is it that I
will be badly backlogged / overtargetted?
Set the BandwidthMax and Min to appropriate values and sleep easy.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University