[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Spamcop question

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Spamcop question
From: Nathaniel Suchy <me@xxxxxxxxxxx>
Date: Tue, 2 Apr 2019 17:08:02 -0400
Arc-authentication-results: i=1; mail.lunar.systems; auth=pass smtp.auth=me@xxxxxxxxxxx smtp.mailfrom=me@xxxxxxxxxxx
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1554239297; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QUdVHhWrriSPF4c4cWLksBxr6JhresTyc/YEFuTi5H8=; b=Y0mOK3JUJde2B9M3P4JkVPuFoo9tEyReoRXnGcxYXDNLZPIwJZv54SynME9x+UmFCdV2xt /eYIyWwTGH9h4Jj2k2MVIOGPIE+lolXCFHCDk49TNcZkNPxpsG3k4zC6GNZt0BKMSp6s/T PeEuAdTHMIpiflXOqK+FlHzDfci1TAulC4xXKz1GHjuP/JaZrUhgfzG3BfXGas3/ld4B3z pEZeTwMHZ52ZdiC+h5mhHc1f8uOpVZ31TZM+kTrDPuUGS6BdrXOTuPFCSruU0G1cJz1MBv rB1F9PuIxVvrI609gw0mS5nR03EGk6OjqtMQkDLzJIogs6BmFnFA4aV8nDVK/Q==
Arc-seal: i=1; s=dkim; d=lunorian.is; t=1554239297; a=rsa-sha256; cv=none; b=ap/dme9azQYYXjr4GA0ClSO/gDwzz9YGguABn/Qeu4mP+lmB5kHr5qXYlWQcFVIGhh8dhU nRd9ZA+t10LRD0gnjPmzpgzYUu0g8fAH0MzkGs4AIJVTpf0upwjgJbTn4IhECLMI2lOzIM IbD+CX7qDYudo96cBGevqjnjVfJNNUUNMTG09EKr3xlX/ygPh7e7f9mCrYtdTFjL9bJ5sg naJldS9qipmUzX6+LjrDiG6L33/wxe3AzMINl0f67HfsVKw2NKIXkRphPIhEGi6z0YPpaJ xr6WQK6cjrOLolWp4U8U+RZdFGaUHZELrt2m2v7R7k74ZUksqzMbGCM3AHobOA==
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 02 Apr 2019 17:20:19 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1554239297; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QUdVHhWrriSPF4c4cWLksBxr6JhresTyc/YEFuTi5H8=; b=Zc71lEMgTTgxeuRM8qs9osgDqp/nmWTmVsYOfMyWg0FpcwlMK41K0Apsmlopf7tf31IfmR J+r0t0hwOMhxF5toUmWEwVRSZ4SDktn+qbfbt1OXy9saH+LLKIGYR9Kz0LByliG5/rqUkB 0csD1u/mPVO4CdBTe1yQioGVoerWAo06r3sYwFwqTfVjX20u73DQfH+C0RrUdOVmUWASou NyxKvJlJf3STENhiU/HP551jA+8n5l12pNWU9RL1/EwlgKZCBjy++Fz+WUqI6NnNvr/lXl Dn6QurY/pXhHbhuinCjh+QkKbjxmKetGB7z5LXIy0Xr7FwnU4+CTZuYP0251Gg==
In-reply-to: <439d888e-68de-4efc-a4e3-57ee84b60021@yl.ms>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <439d888e-68de-4efc-a4e3-57ee84b60021@yl.ms>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Someone likely abused a webmail provider. Respond to them that SMTP isn’t available from your exit and they’ll have to contact the email service provider directly.

Cordially,
Nathaniel Suchy

> On Apr 2, 2019, at 5:04 PM, ylms <tor@xxxxx> wrote:
> 
> Hello fellow Tor-Exit operators,
> 
> today I got the following Abuse message:
> 
> //Start
> 
> [ SpamCop V5.0.0 ]
> This message is brief for your comfort.  Please use links below for details.
> 
> Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 +0000
> https://www.spamcop.net/w3m?i=.....(removed)
> 5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html
> 
> [ Offending message ]
> Return-Path: <admin@xxxxxx>
> X-Original-To: bingobongo69@xxxxx
> Delivered-To: bingobongo69@xxxxx
> Received: from 31.184.255.247 (unknown [5.199.130.188])
>    by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj
>    for <bingobongo69@xxxxx>; Tue, 19 Mar 2019 12:20:30 +0000
> Message-ID: <EAAACECBFAFDDACFCAEABBBEC@xxxxxx>
> From: <admin@xxxxxx>
> To: <bingobongo69@xxxxx>
> Subject: smtp:>>smtp.efg.es,587,test@xxxxxx,123456>>
> Date: Tue, 19 Mar 2019 13:20:18 +0100
> MIME-Version: 1.0
> Content-Type: text/plain;
>    charset="windows-1251";
> Content-Transfer-Encoding: 7bit
> 
> smtp:>>smtp.efg.es,587,test@xxxxxx,123456>>
> 
> veblcshgtpwfdonxkebdghrwf
> pboqjycmmdslmliomafclayaheiuft
> uybveafdbnsuydqvbgyukf
> zsszifpadkpaufibjosuk
> 
> //End
> 
> I wasn't sure what to remove from the abuse message so I removed all the
> domains to protect the owners of these hosts/addresses, I hope I didn't
> miss any.
> 
> My question, what did I miss in in the exit policy, I have used the
> following in the torrc. Maybe I did not miss anything at all. Thanks for
> helping me to understand how the spammer could use the the exit for
> spamming.
> 
> I assume with the reduced exit policy spammers should not be enabled to
> use the exit.
> 
> // torrc
> # Reduced Exit policy according to:
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
> ExitPolicy accept *:20-21     # FTP
> ExitPolicy accept *:22        # SSH
> ExitPolicy accept *:23        # Telnet
> ExitPolicy accept *:43        # WHOIS
> ExitPolicy accept *:53        # DNS
> ExitPolicy accept *:79        # finger
> ExitPolicy accept *:80-81     # HTTP
> ExitPolicy accept *:88        # kerberos
> ExitPolicy accept *:110       # POP3
> ExitPolicy accept *:143       # IMAP
> ExitPolicy accept *:194       # IRC
> ExitPolicy accept *:220       # IMAP3
> ExitPolicy accept *:389       # LDAP
> ExitPolicy accept *:443       # HTTPS
> ExitPolicy accept *:464       # kpasswd
> ExitPolicy accept *:465       # URD for SSM (more often: an alternative
> SUBMISSION port, see 587)
> ExitPolicy accept *:531       # IRC/AIM
> ExitPolicy accept *:543-544   # Kerberos
> ExitPolicy accept *:554       # RTSP
> ExitPolicy accept *:563       # NNTP over SSL
> ExitPolicy accept *:587       # SUBMISSION (authenticated clients [MUA's
> like Thunderbird] send mail over STARTTLS SMTP here)
> ExitPolicy accept *:636       # LDAP over SSL
> ExitPolicy accept *:706       # SILC
> ExitPolicy accept *:749       # kerberos
> ExitPolicy accept *:853       # DNS over TLS
> ExitPolicy accept *:873       # rsync
> ExitPolicy accept *:902-904   # VMware
> ExitPolicy accept *:981       # Remote HTTPS management for firewall
> ExitPolicy accept *:989-990   # FTP over SSL
> ExitPolicy accept *:991       # Netnews Administration System
> ExitPolicy accept *:992       # TELNETS
> ExitPolicy accept *:993       # IMAP over SSL
> ExitPolicy accept *:994       # IRCS
> ExitPolicy accept *:995       # POP3 over SSL
> ExitPolicy accept *:1194      # OpenVPN
> ExitPolicy accept *:1220      # QT Server Admin
> ExitPolicy accept *:1293      # PKT-KRB-IPSec
> ExitPolicy accept *:1500      # VLSI License Manager
> ExitPolicy accept *:1533      # Sametime
> ExitPolicy accept *:1677      # GroupWise
> ExitPolicy accept *:1723      # PPTP
> ExitPolicy accept *:1755      # RTSP
> ExitPolicy accept *:1863      # MSNP
> ExitPolicy accept *:2082      # Infowave Mobility Server
> ExitPolicy accept *:2083      # Secure Radius Service (radsec)
> ExitPolicy accept *:2086-2087 # GNUnet, ELI
> ExitPolicy accept *:2095-2096 # NBX
> ExitPolicy accept *:2102-2104 # Zephyr
> ExitPolicy accept *:3128      # SQUID
> ExitPolicy accept *:3389      # MS WBT
> ExitPolicy accept *:3690      # SVN
> ExitPolicy accept *:4321      # RWHOIS
> ExitPolicy accept *:4643      # Virtuozzo
> ExitPolicy accept *:5050      # MMCC
> ExitPolicy accept *:5190      # ICQ
> ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
> ExitPolicy accept *:5228      # Android Market
> ExitPolicy accept *:5900      # VNC
> ExitPolicy accept *:6660-6669 # IRC
> ExitPolicy accept *:6679      # IRC SSL
> ExitPolicy accept *:6697      # IRC SSL
> ExitPolicy accept *:8000      # iRDMI
> ExitPolicy accept *:8008      # HTTP alternate
> ExitPolicy accept *:8074      # Gadu-Gadu
> ExitPolicy accept *:8080      # HTTP Proxies
> ExitPolicy accept *:8082      # HTTPS Electrum Bitcoin port
> ExitPolicy accept *:64738     # Mumble
> ExitPolicy reject *:*
> 
> 
> 
> Regards
> yl
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Spamcop question
  - From: ylms

Prev by Author: Re: [tor-relays] is a good idea to run a ssh honeypot?
Next by Author: Re: [tor-relays] Hello
Previous by thread: Re: [tor-relays] Spamcop question
Next by thread: Re: [tor-relays] Spamcop question
Index(es):
- Author
- Thread