-----Oprindelig meddelelse----- Fra: Roger Dingledine via tor-relays <tor-relays@lists.torproject.org> Sendt: 11. juni 2026 12:06 Til: support and questions about running Tor relays (exit, non-exit, bridge) <tor-relays@lists.torproject.org> Cc: Roger Dingledine <arma@torproject.org> Emne: [tor-relays] Re: Strange SMTP attempts from my tor relay On Thu, Jun 11, 2026 at 04:01:49AM -0500, TheMadHacker Schism via tor-relays wrote:
That is a bad actor on tor, attempting to send spam email that uses smtp ports to using your tor node as a relay [...]
I have noticed that my firewall registers connection attempts from my tor-server on port 465 and 587. My relay performs normally, so it appears that they have no significance for the operation.
Hm, maybe it is the bad actor you describe, but another option is that these are normal Tor relays listening with their ORPort on port 465 or 587. There is nothing sacred about these numbers, and people can pick them for their ORPort, and it could even be a good idea if it means they are reachable from behind firewalls that other destination ports wouldn't allow. There is nothing wrong here, but you are right that some sysadmins might misunderstand what is going on and get upset at you for making connections on that port. There are 31 relays running with their ORPort set to 465: $ grep "^r " cached-consensus |grep " 465 "|cut -d' ' -f7-8|sort -n 31.57.219.143 465 37.221.209.198 465 45.80.171.211 465 45.84.107.101 465 45.84.107.128 465 45.84.107.142 465 45.84.107.172 465 45.84.107.174 465 45.84.107.17 465 45.84.107.182 465 45.84.107.198 465 45.84.107.222 465 45.84.107.236 465 45.84.107.33 465 45.84.107.44 465 45.84.107.47 465 45.84.107.54 465 45.84.107.55 465 45.84.107.74 465 45.84.107.76 465 45.84.107.84 465 45.84.107.97 465 65.108.136.190 465 81.232.160.94 465 95.217.112.245 465 103.167.234.110 465 176.123.3.14 465 194.147.140.101 465 194.147.140.102 465 194.147.140.106 465 194.147.140.107 465 and a smaller but still non-zero set listening with their ORPort on 587: $ grep "^r " cached-consensus |grep " 587 "|cut -d' ' -f7-8|sort -n 45.80.171.211 587 45.84.107.142 587 45.84.107.236 587 45.84.107.44 587 45.84.107.84 587 78.34.104.67 587 89.25.152.215 587 89.58.5.0 587 89.58.54.129 587 89.58.56.112 587 94.142.241.153 587 --Roger [Ole Rydahl ] Thank you Roger! The Wireshark recordings I made fits nicely with your list of ip's using 465/587 as or-port. /Ole _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org