Hello fellow Tor-Exit operators,
today I got the following Abuse message:
//Start
[ SpamCop V5.0.0 ] This message is brief for your comfort. Please use links below for details.
Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 +0000 https://www.spamcop.net/w3m?i=.....(removed) 5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html
[ Offending message ] Return-Path: admin@abc.gr X-Original-To: bingobongo69@cd.ru Delivered-To: bingobongo69@cd.ru Received: from 31.184.255.247 (unknown [5.199.130.188]) by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj for bingobongo69@cd.ru; Tue, 19 Mar 2019 12:20:30 +0000 Message-ID: EAAACECBFAFDDACFCAEABBBEC@abc.gr From: admin@abc.gr To: bingobongo69@cd.ru Subject: smtp:>>smtp.efg.es,587,test@efg.es,123456>> Date: Tue, 19 Mar 2019 13:20:18 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251"; Content-Transfer-Encoding: 7bit
smtp:>>smtp.efg.es,587,test@efg.es,123456>>
veblcshgtpwfdonxkebdghrwf pboqjycmmdslmliomafclayaheiuft uybveafdbnsuydqvbgyukf zsszifpadkpaufibjosuk
//End
I wasn't sure what to remove from the abuse message so I removed all the domains to protect the owners of these hosts/addresses, I hope I didn't miss any.
My question, what did I miss in in the exit policy, I have used the following in the torrc. Maybe I did not miss anything at all. Thanks for helping me to understand how the spammer could use the the exit for spamming.
I assume with the reduced exit policy spammers should not be enabled to use the exit.
// torrc # Reduced Exit policy according to: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ExitPolicy accept *:20-21 # FTP ExitPolicy accept *:22 # SSH ExitPolicy accept *:23 # Telnet ExitPolicy accept *:43 # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79 # finger ExitPolicy accept *:80-81 # HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 # LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 # kpasswd ExitPolicy accept *:465 # URD for SSM (more often: an alternative SUBMISSION port, see 587) ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here) ExitPolicy accept *:636 # LDAP over SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 # kerberos ExitPolicy accept *:853 # DNS over TLS ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-990 # FTP over SSL ExitPolicy accept *:991 # Netnews Administration System ExitPolicy accept *:992 # TELNETS ExitPolicy accept *:993 # IMAP over SSL ExitPolicy accept *:994 # IRCS ExitPolicy accept *:995 # POP3 over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:*
Regards yl