Hi there,

 

I’m running also on a Residential-IP, but my IPv4 is not listed in Spamhaus – I only have that PBL-Entry which means I’m residential and should not run E-Mail Servers.

 

But I’n not pumpong as much traffic as you do :D

 

Could you check on Cisco Thalos (https://talosintelligence.com/) about you Mail Volume? Mine is zero and I maybe it would hint that there might be a real security concern, if excessive Mail-Volume is indeed detected.

 

 

Personally I never had any issues, except for rare IPv4 only Targets. All of my Clients use GUA-IPv6 Adresses, so their IP will never be on a blocklist, and luckily most banks support IPv6. Only the German BSI Website is still stuck in 1981 and has no IPv6 implemented so far and therefore are blocking me.

 

Maybe this can be a solution for you aswell? But i would really check the Mail volumes!

 

Best Regards,

 

Joker

 

 

Von: Ole Rydahl via tor-relays [mailto:tor-relays@lists.torproject.org]
Gesendet: Samstag, 13. Juni 2026 14:27
An: 'support and questions about running Tor relays (exit, non-exit, bridge)'
Cc: Ole Rydahl
Betreff: [tor-relays] Banned by Spamhaus and AWS

 

I have been running a non-exit Tor relay since Snowdon and a The Guardian journalist used Tor.

I am doing it using my public ip on my home network. 1Tbyte/day roughly.

 

Starting a year ago I was excluded from the Danish “internal revenue services” – skat.dk. However, using the Tor-browser I could still perform my duties there... Now! From May this year, my ip over and over again got listed at Spamhaus. My gateway only allows my MTA to use the ports 25, 465 and 587. Mysterious! Spamhaus’ services are used a lot, so it seriously limits who we can send mails to!

 

Spamhaus claims the following:

Why was this IP listed?

a.b.c.d has been classified as part of a proxy network. There is a type of malware using this IP that installs a proxy that can be used for nearly anything, including sending spam or stealing customer data. This should be of more concern than a Spamhaus listing, which is a symptom and not the problem.

The proxy is installed on a device - usually an Android mobile, firestick, smart doorbell, etc, but also iPads, and Windows computers - that is using your IP to send spam DIRECTLY to the internet via port 25: This is very often the result of third party "free" apps like VPNs, channel unlockers, streaming, etc being installed on someone's personal device, usually a phone.

 

After a throughout search for “infections” – including finding out that some Tor-relays are using port 465 and 587 as or-port – I caved in and stopped my tor-relay. After a few days the miracle happened my ban at Spamhaus was lifted _and_ I was allowed access to skat.dk directly.

 

My conclusions based on my experiments so far are: Spamhaus falsely considers my Tor relay as malware and so does AWS. (Skat.dk are performing their services at AWS – judging from the ip’s used.)

 

Hilfe!!!

 

/Ole

 

PS: no PTR-record relates my domain and ip and Google’s DNS-services are used.

PPS: I have opened a number of tickets at Spamhaus. However, I have not been successful in having a meaningful conversation with them - so far.