[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Unexpected SMTP

Cyrus wrote:
> My server is behind a Tor transparent proxy on a separate machine.
> Customers have just started reporting getting email from their sites,
> and the headers show this to be coming from exit nodes. I can't see any
> update news that the policy on SMTP has changed.
> It might just be bad exit nodes, but according to one of these customers
> emails have been coming constantly since Dec 31. For a lot of idiots
> this means their sites are now leaking information. This can include
> information on password resets, account activities, and even private
> messages.

Sorry, I can't quite tell what configuration this is you're talking about.
Did you mean: "I run a Web hosting service accessible primarily or only
via Tor; outgoing traffic is routed via Tor as well, and I expected this
to implicitly block all outgoing email, but many users run dynamic websites
with backend code that sends email anyway, which is now being insecurely
routed"?  (If so, it would have been nice if you'd mentioned that

If you actually need to _block_ email, you need to actually block it, not
rely on "no exit would ever accept this connection" (which you have already
found out).

If your users want to be able to run all the Cool New Web Applications that
rely on the open Internet in all the popular ways, but then also run them
behind Tor and not get weirdly hosed at random, that's... less than practical
without an awful lot of mediating work (as you also probably know).  The sets
of prevailing assumptions are too incompatible.

As far as I know, the Tor network and Tor project set no global hard policy
on where exit nodes are allowed to exit; the Tor project provides defaults
and some sets of suggested rules, but each node can override this however
they want.  (For instance, allowing exit to the SMTP relay port at a specific
set of servers known to handle this well could be entirely reasonable.  The
distinction between SMTP relay and SMTP submission ports may also be relevant,
depending on what your users are seeing.)

   ---> Drake Wilson

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to