[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Automated threat messages force limitation of Exit Policy (Softlayer)



Mondior Folimun(mfolimun@xxxxxxxxxxxxx)@Sun, Jun 27, 2010 at 04:17:15AM +0200:
> On Wed, 23 Jun 2010 12:49 +0200, "Moritz Bartl" <tor@xxxxxxxxxxxxxx>
> wrote:
> > Hi,
> >
> > > Out of curiosity, what exit policy are you now using? Perhaps we
> > > want to standardize on a policy that is effective at reducing these
> > > complaints.
> >
> > At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993,
> > 995,8008,8080,8888. Feel free to suggest others.
> 
> I also allow 465 and 563. Those are used by authenticated SMTPS and
> NNTPS.
> So far, I have not received any spam abuse complaints from them, after
> running a 10Mbit+ exit for the past 2-3 years (though I do occasionally
> get web spam abuse complaints).

Interestingly, I was contacted by the police at some university a couple
of years ago about abuse through my Tor node on port 587 (authenticated
SMTP).  After a ton of explaining what Tor was (at first they believed the
abuser to be a client of mine because his bits were coming from my
machine), it turned out that they had a severely busted submission port:
it was the same as port 25 (so, accepted unauthenticated email from the
world).  The person they were investigating had used this to send email
via Tor to an address there.

I finally explained to them that their damaged configuration was letting
spam through, and they stopped bothering me.  Ah well.

I'd suggest adding that port to the mix, since it should be authenticated
and TLSed (despite the occasional evidence otherwise).

-- 
Bill Weiss
 
Break yo pipe man, and the funny dudes scribblin' licence plates go away.
    -- Kha0s, alt.2600

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/