On Thu, Dec 13, 2012 at 08:28:30AM -0700, Brock Tice wrote:
Hello all, I follow the guide for avoiding abuse notices, and generally I only get 1/year of the DMCA variety. However, I recently received this complaint, which appears to show spam originating from my Tor server (209.188.113.101 / tor-proxy.anfani.com). As far as I know, port 25 is blocked on my exit policy. Port 587 is allowed. I do have a mail server running on this machine, but it does not accept outside connections.
Is there something I am missing? Is there anything else I should do to prevent this in the future? Could there be some way that a Tor user could locally send mail using my server?
Thanks, --Brock
received:_from_[10.235.200.97]_by_ochaua.tpn.terra.com_(LMTP);_Tue,_11_Dec_2012_12:26:15_+0000_(UTC) received:_from_nm17-vm0.bullet.mail.gq1.yahoo.com_(nm17-vm0.bullet.mail.gq1.yahoo.com_[98.137.177.224])_by_1j4.tpn.terra.com_(Postfix)_with_ESMTP_id_5A96DC0000DFA_for_waleria.luis@itelefonica.com.br;_Tue,_11_Dec_2012_12:25:02_+0000_(UTC) received:_from_[209.188.113.101]_by_web184904.mail.gq1.yahoo.com_via_HTTP;_Tue,_11_Dec_2012_03:54:56_PST
This looks like webmail -- somebody exited from your relay to port 80 on yahoo's website, and asked yahoo to send the mail. Yahoo sent the mail, and the recipient didn't like it. Fortunately (for the recipient, not for you), yahoo included the IP address of the "user" who asked its website to send the mail.
We might not think of this behavior as 'spam' coming from your relay, but I'm afraid the definition of spam has greatly expanded in the past decade.
--Roger