[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Spamcop question

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Spamcop question
From: ylms <tor@xxxxx>
Date: Tue, 2 Apr 2019 23:04:41 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 02 Apr 2019 17:04:59 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

Hello fellow Tor-Exit operators,

today I got the following Abuse message:

//Start

[ SpamCop V5.0.0 ]
This message is brief for your comfort.  Please use links below for details.

Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 +0000
https://www.spamcop.net/w3m?i=.....(removed)
5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html

[ Offending message ]
Return-Path: <admin@xxxxxx>
X-Original-To: bingobongo69@xxxxx
Delivered-To: bingobongo69@xxxxx
Received: from 31.184.255.247 (unknown [5.199.130.188])
	by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj
	for <bingobongo69@xxxxx>; Tue, 19 Mar 2019 12:20:30 +0000
Message-ID: <EAAACECBFAFDDACFCAEABBBEC@xxxxxx>
From: <admin@xxxxxx>
To: <bingobongo69@xxxxx>
Subject: smtp:>>smtp.efg.es,587,test@xxxxxx,123456>>
Date: Tue, 19 Mar 2019 13:20:18 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-1251";
Content-Transfer-Encoding: 7bit

smtp:>>smtp.efg.es,587,test@xxxxxx,123456>>

veblcshgtpwfdonxkebdghrwf
pboqjycmmdslmliomafclayaheiuft
uybveafdbnsuydqvbgyukf
zsszifpadkpaufibjosuk

//End

I wasn't sure what to remove from the abuse message so I removed all the
domains to protect the owners of these hosts/addresses, I hope I didn't
miss any.

My question, what did I miss in in the exit policy, I have used the
following in the torrc. Maybe I did not miss anything at all. Thanks for
helping me to understand how the spammer could use the the exit for
spamming.

I assume with the reduced exit policy spammers should not be enabled to
use the exit.

// torrc
# Reduced Exit policy according to:
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
ExitPolicy accept *:20-21     # FTP
ExitPolicy accept *:22        # SSH
ExitPolicy accept *:23        # Telnet
ExitPolicy accept *:43        # WHOIS
ExitPolicy accept *:53        # DNS
ExitPolicy accept *:79        # finger
ExitPolicy accept *:80-81     # HTTP
ExitPolicy accept *:88        # kerberos
ExitPolicy accept *:110       # POP3
ExitPolicy accept *:143       # IMAP
ExitPolicy accept *:194       # IRC
ExitPolicy accept *:220       # IMAP3
ExitPolicy accept *:389       # LDAP
ExitPolicy accept *:443       # HTTPS
ExitPolicy accept *:464       # kpasswd
ExitPolicy accept *:465       # URD for SSM (more often: an alternative
SUBMISSION port, see 587)
ExitPolicy accept *:531       # IRC/AIM
ExitPolicy accept *:543-544   # Kerberos
ExitPolicy accept *:554       # RTSP
ExitPolicy accept *:563       # NNTP over SSL
ExitPolicy accept *:587       # SUBMISSION (authenticated clients [MUA's
like Thunderbird] send mail over STARTTLS SMTP here)
ExitPolicy accept *:636       # LDAP over SSL
ExitPolicy accept *:706       # SILC
ExitPolicy accept *:749       # kerberos
ExitPolicy accept *:853       # DNS over TLS
ExitPolicy accept *:873       # rsync
ExitPolicy accept *:902-904   # VMware
ExitPolicy accept *:981       # Remote HTTPS management for firewall
ExitPolicy accept *:989-990   # FTP over SSL
ExitPolicy accept *:991       # Netnews Administration System
ExitPolicy accept *:992       # TELNETS
ExitPolicy accept *:993       # IMAP over SSL
ExitPolicy accept *:994       # IRCS
ExitPolicy accept *:995       # POP3 over SSL
ExitPolicy accept *:1194      # OpenVPN
ExitPolicy accept *:1220      # QT Server Admin
ExitPolicy accept *:1293      # PKT-KRB-IPSec
ExitPolicy accept *:1500      # VLSI License Manager
ExitPolicy accept *:1533      # Sametime
ExitPolicy accept *:1677      # GroupWise
ExitPolicy accept *:1723      # PPTP
ExitPolicy accept *:1755      # RTSP
ExitPolicy accept *:1863      # MSNP
ExitPolicy accept *:2082      # Infowave Mobility Server
ExitPolicy accept *:2083      # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128      # SQUID
ExitPolicy accept *:3389      # MS WBT
ExitPolicy accept *:3690      # SVN
ExitPolicy accept *:4321      # RWHOIS
ExitPolicy accept *:4643      # Virtuozzo
ExitPolicy accept *:5050      # MMCC
ExitPolicy accept *:5190      # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228      # Android Market
ExitPolicy accept *:5900      # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679      # IRC SSL
ExitPolicy accept *:6697      # IRC SSL
ExitPolicy accept *:8000      # iRDMI
ExitPolicy accept *:8008      # HTTP alternate
ExitPolicy accept *:8074      # Gadu-Gadu
ExitPolicy accept *:8080      # HTTP Proxies
ExitPolicy accept *:8082      # HTTPS Electrum Bitcoin port
ExitPolicy accept *:64738     # Mumble
ExitPolicy reject *:*



Regards
yl
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Spamcop question
  - From: Nathaniel Suchy
- Re: [tor-relays] Spamcop question
  - From: nusenu
- Re: [tor-relays] Spamcop question
  - From: Ralph Seichter
- Re: [tor-relays] Spamcop question
  - From: ylms

Prev by Author: Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
Next by Author: Re: [tor-relays] Spamcop question
Previous by thread: Re: [tor-relays] Question about new website
Next by thread: Re: [tor-relays] Spamcop question
Index(es):
- Author
- Thread