I have been running a non-exit Tor relay since Snowdon and a The Guardian journalist used Tor.

I am doing it using my public ip on my home network. 1Tbyte/day roughly.

Starting a year ago I was excluded from the Danish “internal revenue services” – skat.dk. However, using the Tor-browser I could still perform my duties there... Now! From May this year, my ip over and over again got listed at Spamhaus. My gateway only allows my MTA to use the ports 25, 465 and 587. Mysterious! Spamhaus’ services are used a lot, so it seriously limits who we can send mails to!

Spamhaus claims the following:

Why was this IP listed?

a.b.c.d has been classified as part of a proxy network. There is a type of malware using this IP that installs a proxy that can be used for nearly anything, including sending spam or stealing customer data. This should be of more concern than a Spamhaus listing, which is a symptom and not the problem.

The proxy is installed on a device - usually an Android mobile, firestick, smart doorbell, etc, but also iPads, and Windows computers - that is using your IP to send spam DIRECTLY to the internet via port 25: This is very often the result of third party "free" apps like VPNs, channel unlockers, streaming, etc being installed on someone's personal device, usually a phone.

After a throughout search for “infections” – including finding out that some Tor-relays are using port 465 and 587 as or-port – I caved in and stopped my tor-relay. After a few days the miracle happened my ban at Spamhaus was lifted _and_ I was allowed access to skat.dk directly.

My conclusions based on my experiments so far are: Spamhaus falsely considers my Tor relay as malware and so does AWS. (Skat.dk are performing their services at AWS – judging from the ip’s used.)

Hilfe!!!

/Ole

PS: no PTR-record relates my domain and ip and Google’s DNS-services are used.

PPS: I have opened a number of tickets at Spamhaus. However, I have not been successful in having a meaningful conversation with them - so far.