> On 5 Jul 2017, at 00:18, Igor Mitrofanov <igor.n.mitrofanov@xxxxxxxxx> wrote: > > Hi, > > I am trying to run a few Exit relays on my 1 gbps connection. To keep > donating the exit capacity to the Tor project I have to keep abuse > reports to a minimum. > > In order to have the Exit flag I have read that I have to keep two of > ports 80, 443 and 6667 open, plus allow exiting to at least one /8 > network - is that still the Dir spec? Yes. > Is it correct that without the > Exit flag, no clients will choose the relay for their circuits - even > if its Exit policy allows the port they need? For example, take a look > at the "cry" relay (one of top 10) - it is not marked as "Exit" as it > only allows ports 6660-6667 - does that mean it is only ever used as a > middle relay? It means that clients won't chose the relay for preemptive exit circuits. I think it might get some other Exit usage, but I'm not sure. > I have read that port 80 generates quite a bit of abuse complaints as > it is used to tunnel non-HTTP traffic, by malware, etc. So, choosing > ports 443 and 6667 to get the 'Exit' flag looks like the safest > choice. I have also read that ports above 1024 are more likely to used > by BitTorrent clients, so they are to be rejected in order to minimize > abuse. > > My current, rather paranoid, list of accepted ports looks like this: > 20-21, 53, 443, 993, 995, 6667. I am not sure how useful this is to > Tor, and whether I will actually avoid complaints, but I guess I can > only wait and see. Most Tor traffic is HTTP or HTTPS, and the HTTPS proportion is growing. So this is useful. > My question is about 6667 - should Tor's 'Exit flag policy' allow 6697 > (IRC encrypted over SSL) as an alternative to 6667? I would rather > support people using 6697, if I had the choice. Some IRC services allow or require SSL on 6667, others require it on 6697. Why not enable both? So I can't see a strong case for switching to 6697, given that the Exit flag is only a hint to relay operators about the minimum useful ports. (And a hint to clients about good relays for preemptive Exit circuits.) T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays