[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Spamcop question
Hello all,
I bundle the reply to all three helpful replies in this email.
Basically the replies confirm my assumptions, I was wondering if there
is single malconfiguration on my end or if the problem is a little more
complex. I will watch the abuse complaints and if there will be more
about spam I will see what I can do.
This abuse ticket was part of a bundle of complaints (many abuse
complaints), most of them SSH bruteforce and WordPress "hacking"
attempts. So I relied with my standard reply as I always do, it is
generic and explains that the server is a Tor exit and I offer to block
their ip in the email. Not sure what my provider does with that reply,
but I never hear back from any people.
Thanks again for the help.
Regards
yl
Replies, just for reference:
1.
On 4/2/19 11:24 PM, Ralph Seichter wrote:> * ylms:
>
>> smtp:>>smtp.efg.es,587,test@xxxxxx,123456>>
>> [...]
>> ExitPolicy accept *:587
>
> You allow TCP port 587 (submission). That should not be a problem unless
> the targeted server fails to enforce authentication for all email
> submitted via this port. If that is the case, it is a configuration
> error on the destination server.
>
> -Ralph
2.
On 4/2/19 11:19 PM, nusenu wrote:>
>> My question, what did I miss in in the exit policy, I have used the
>> following in the torrc. Maybe I did not miss anything at all. Thanks for
>> helping me to understand how the spammer could use the the exit for
>> spamming.
>
> Emails and spam can be send via for example:
> - webmail (frequently port 80/443)
> - 465/587
>
> (not just port 25)
>
>
3.
On 4/2/19 11:08 PM, Nathaniel Suchy wrote:> Someone likely abused a
webmail provider. Respond to them that SMTP isn’t available from your
exit and they’ll have to contact the email service provider directly.
>
> Cordially,
> Nathaniel Suchy
On 4/2/19 11:04 PM, ylms wrote:
> Hello fellow Tor-Exit operators,
>
> today I got the following Abuse message:
>
> //Start
>
> [ SpamCop V5.0.0 ]
> This message is brief for your comfort. Please use links below for details.
>
> Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 +0000
> https://www.spamcop.net/w3m?i=.....(removed)
> 5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html
>
> [ Offending message ]
> Return-Path: <admin@xxxxxx>
> X-Original-To: bingobongo69@xxxxx
> Delivered-To: bingobongo69@xxxxx
> Received: from 31.184.255.247 (unknown [5.199.130.188])
> by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj
> for <bingobongo69@xxxxx>; Tue, 19 Mar 2019 12:20:30 +0000
> Message-ID: <EAAACECBFAFDDACFCAEABBBEC@xxxxxx>
> From: <admin@xxxxxx>
> To: <bingobongo69@xxxxx>
> Subject: smtp:>>smtp.efg.es,587,test@xxxxxx,123456>>
> Date: Tue, 19 Mar 2019 13:20:18 +0100
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="windows-1251";
> Content-Transfer-Encoding: 7bit
>
> smtp:>>smtp.efg.es,587,test@xxxxxx,123456>>
>
> veblcshgtpwfdonxkebdghrwf
> pboqjycmmdslmliomafclayaheiuft
> uybveafdbnsuydqvbgyukf
> zsszifpadkpaufibjosuk
>
> //End
>
> I wasn't sure what to remove from the abuse message so I removed all the
> domains to protect the owners of these hosts/addresses, I hope I didn't
> miss any.
>
> My question, what did I miss in in the exit policy, I have used the
> following in the torrc. Maybe I did not miss anything at all. Thanks for
> helping me to understand how the spammer could use the the exit for
> spamming.
>
> I assume with the reduced exit policy spammers should not be enabled to
> use the exit.
>
> // torrc
> # Reduced Exit policy according to:
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
> ExitPolicy accept *:20-21 # FTP
> ExitPolicy accept *:22 # SSH
> ExitPolicy accept *:23 # Telnet
> ExitPolicy accept *:43 # WHOIS
> ExitPolicy accept *:53 # DNS
> ExitPolicy accept *:79 # finger
> ExitPolicy accept *:80-81 # HTTP
> ExitPolicy accept *:88 # kerberos
> ExitPolicy accept *:110 # POP3
> ExitPolicy accept *:143 # IMAP
> ExitPolicy accept *:194 # IRC
> ExitPolicy accept *:220 # IMAP3
> ExitPolicy accept *:389 # LDAP
> ExitPolicy accept *:443 # HTTPS
> ExitPolicy accept *:464 # kpasswd
> ExitPolicy accept *:465 # URD for SSM (more often: an alternative
> SUBMISSION port, see 587)
> ExitPolicy accept *:531 # IRC/AIM
> ExitPolicy accept *:543-544 # Kerberos
> ExitPolicy accept *:554 # RTSP
> ExitPolicy accept *:563 # NNTP over SSL
> ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's
> like Thunderbird] send mail over STARTTLS SMTP here)
> ExitPolicy accept *:636 # LDAP over SSL
> ExitPolicy accept *:706 # SILC
> ExitPolicy accept *:749 # kerberos
> ExitPolicy accept *:853 # DNS over TLS
> ExitPolicy accept *:873 # rsync
> ExitPolicy accept *:902-904 # VMware
> ExitPolicy accept *:981 # Remote HTTPS management for firewall
> ExitPolicy accept *:989-990 # FTP over SSL
> ExitPolicy accept *:991 # Netnews Administration System
> ExitPolicy accept *:992 # TELNETS
> ExitPolicy accept *:993 # IMAP over SSL
> ExitPolicy accept *:994 # IRCS
> ExitPolicy accept *:995 # POP3 over SSL
> ExitPolicy accept *:1194 # OpenVPN
> ExitPolicy accept *:1220 # QT Server Admin
> ExitPolicy accept *:1293 # PKT-KRB-IPSec
> ExitPolicy accept *:1500 # VLSI License Manager
> ExitPolicy accept *:1533 # Sametime
> ExitPolicy accept *:1677 # GroupWise
> ExitPolicy accept *:1723 # PPTP
> ExitPolicy accept *:1755 # RTSP
> ExitPolicy accept *:1863 # MSNP
> ExitPolicy accept *:2082 # Infowave Mobility Server
> ExitPolicy accept *:2083 # Secure Radius Service (radsec)
> ExitPolicy accept *:2086-2087 # GNUnet, ELI
> ExitPolicy accept *:2095-2096 # NBX
> ExitPolicy accept *:2102-2104 # Zephyr
> ExitPolicy accept *:3128 # SQUID
> ExitPolicy accept *:3389 # MS WBT
> ExitPolicy accept *:3690 # SVN
> ExitPolicy accept *:4321 # RWHOIS
> ExitPolicy accept *:4643 # Virtuozzo
> ExitPolicy accept *:5050 # MMCC
> ExitPolicy accept *:5190 # ICQ
> ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
> ExitPolicy accept *:5228 # Android Market
> ExitPolicy accept *:5900 # VNC
> ExitPolicy accept *:6660-6669 # IRC
> ExitPolicy accept *:6679 # IRC SSL
> ExitPolicy accept *:6697 # IRC SSL
> ExitPolicy accept *:8000 # iRDMI
> ExitPolicy accept *:8008 # HTTP alternate
> ExitPolicy accept *:8074 # Gadu-Gadu
> ExitPolicy accept *:8080 # HTTP Proxies
> ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
> ExitPolicy accept *:64738 # Mumble
> ExitPolicy reject *:*
>
>
>
> Regards
> yl
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays