I wouldn't recommend blocking at the DNS level, as this could flag your exit with a BADEXIT for modifying traffic.
The current official way to do this is through the exit policy, but this is in a configuration file. *Relay Operators*: is there a way to dynamically update the exit policy as a relay is running?
On 1 November 2016 at 10:35, teor teor2345@gmail.com wrote:
On 1 Nov. 2016, at 07:42, SuperSluether supersluether@gmail.com wrote:
They give me the IP address to block. The problem is yesterday it was on
s01.panelboxmanager.com. Today it was s502.panelboxmanager.com. I was hoping for a way to block all sub-domains of panelboxmanager.com to prevent further abuse on that particular network. Guess I'll keep going per-IP for now.
On 10/31/2016 03:38 PM, Jason Jung wrote:
You need to block them via IP address. Do a DNS lookup of the domain in question if the e-mail doesn't contain it.
On Mon, Oct 31, 2016 at 07:55:43AM -0500, Tristan wrote:
Is it possible to block domain names in Tor's ExitPolicy? I've been
getting
abuses on *.panelboxmanager.com, and I'd like to be proactive about
this if
possible.
If you run a local caching resolver, you can tell it not to answer requests for these domains. (Or, more precisely, answer them with NXDOMAIN.)
And you should block the IP addresses for the netblock in your exit policy as well, so the blocking is at least somewhat transparent.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays