Re: [tor-relays] tor relay - impact on e-mail system reputation
If you have a good deal on a powerful VPS you wish to run as a relay, suggest you rent a second dirt-cheap low resource VPS for email. MTA softwares tolerate flaky connectivity and system performance well. RBLs are a fact of life. I use them to great benefit on my MTAs. Reason no-port-25 exits are blacklisted is that web-form spammers use them. Here are two excellent resources for viewing the blacklist status of IP addresses (helpful to check IPs, when known, before purchase): http://multirbl.valli.org/lookup/x.x.x.x.html # single IP https://www.senderbase.org/lookup/?search_string=x.x.x.x/24 # block, directs to Talos The lists which matter most are Spamhaus, CBL and Barracuda. Good luck with it! On 2Thu Nov 22 13:08:55 UTC 2018, Artem Dziubenko wrote:
Hi,
no its not possible. This is powerful VPS with single IP. I simply do not want to have blacklisted IP because tor relay is running on it.
In the past many times IP was blaclisted and afterwards I had several problems with email delivery.
I do not understand why rbls blocking tor non exit relay ip's... It stupid...
Cheers Dlugasny
Sent from ProtonMail mobile
-------- Original Message -------- On 22 Nov 2018, 08:30, Artem Dziubenko wrote:
Is it possible to get a second IP address for that server from your ISP?
------ Original Message ------
Hi,
I haven an e-mail server which has a lot of not consumed resources (CPU/Traffic etc.). Base on my practice I know that my E-mail server will loose reputation if Tor relay will run on the same IP.
Is there any other way to utilize resources of that machine without
any reputation impact on the IP.
Thanks in advance for any feedback.
Cheers Dlugasny
When I`m building new system usually I`m trying to utilize all resources which I have - I mean CPU/MEM net bandwith etc. Thats why I`m installing many different services on one host. I know that from the security point of view for some people it is not the proper way. I`m green IT activist and I`m really focus on the resources which my system is using and consuming - my target is not to create as many systems as possible with single service (this could be to easy and to expensive), but to let many services running smoothly on the single host. Tor network is growing every month - include power and resource consumption. I do not see here any reason to buy next VPS with separate IP only for tor if I have a lot of free resources on the e-mail server. I think that we should start to force RBL Services to let people use IPs also for tor and do not let them to block IPs only because tor relay is running on it. Some example: One of my e-mail hosts is using IP from the IP range, where is also running tor relay (from some other person). Complete subnet is blacklisted by RAT RBL and I`m not able even to react and say - "Hey RAT RBL! - My system is not part of the tor, so why You are blocking complete subnet ? ". My e-mail system is 100% compatible with RFC (I have implemented everything ... reverse dns, SPF, DKIM,DMARC, S/MIME ... and so on) but even with this 30% of wrong configured services marking my e-mails as potential spam... because of that RAT RBL... If e-mail system doesnt sent spam - why its blocked ? Thats why I`m searching for some solution which will help me to connect two e-mail worlds: internet with Tor. The one thing which is coming to my mind is to write some article in the internet about RBL Services - that some of them are against privacy or they do not understand what they are doing and how big stupid impact they generate on the communication in the internet. I decided that I will build tor relay on my e-mail server. We will see what will happend. I will write article about it. If some of You have similar experiences, please let me know. Cheers Dlugasny Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, November 24, 2018 5:24 PM, <starlight.2018q2@binnacle.cx> wrote:
If you have a good deal on a powerful VPS you wish to run as a relay, suggest you rent a second dirt-cheap low resource VPS for email. MTA softwares tolerate flaky connectivity and system performance well.
RBLs are a fact of life. I use them to great benefit on my MTAs. Reason no-port-25 exits are blacklisted is that web-form spammers use them.
Here are two excellent resources for viewing the blacklist status of IP addresses (helpful to check IPs, when known, before purchase):
http://multirbl.valli.org/lookup/x.x.x.x.html # single IP https://www.senderbase.org/lookup/?search_string=x.x.x.x/24 # block, directs to Talos
The lists which matter most are Spamhaus, CBL and Barracuda.
Good luck with it!
On 2Thu Nov 22 13:08:55 UTC 2018, Artem Dziubenko wrote:
Hi, no its not possible. This is powerful VPS with single IP. I simply do not want to have blacklisted IP because tor relay is running on it. In the past many times IP was blaclisted and afterwards I had several problems with email delivery. I do not understand why rbls blocking tor non exit relay ip's... It stupid... Cheers Dlugasny Sent from ProtonMail mobile -------- Original Message -------- On 22 Nov 2018, 08:30, Artem Dziubenko wrote:
Is it possible to get a second IP address for that server from your ISP? ------ Original Message ------
Hi, I haven an e-mail server which has a lot of not consumed resources (CPU/Traffic etc.). Base on my practice I know that my E-mail server will loose reputation if Tor relay will run on the same IP. Is there any other way to utilize resources of that machine without
any reputation impact on the IP.
Thanks in advance for any feedback. Cheers Dlugasny
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Nov 25 10:21:06 UTC 2018, Artem Dziubenko wrote:
The one thing which is coming to my mind is to write some article in the internet about RBL Services - that some of them are against privacy or they do not understand what they are doing and how big stupid impact they generate on the communication in the internet.
Have to point out you are arriving *very* late to the debate about DNSBLs / rDNSBLs. Has been settled for years the operators of these services have the freedom of speech to publish the lists and individual MTA operators have the right to use them if they wish. Zero chance anyone will change their mind at this stage of the game. I misread the original post and see you are running a non-exit. Generally this should be no problem since critical lists (no more than five exist, is more like three) do not include non-exit relays. My long running guard node is on just seven BLs (out of 226) of no consequence. ubl.nszones.com (fake) rbl.rbldns.ru fulldom.rfc-clueless.org postmaster.rfc-clueless.org all.s5h.net netblockbl.spamgrouper.to dnsbl.spfbl.net No one has heard of any of these and nobody uses them. To the extent a small BL appears to be impacting your mail delivery, usually you can ask them (nicely) to remove the IP in question explaining in technical terms why the IP should not be included. Some of the above are concerned about improper reverse DNS and certainly if you run an MTA the single biggest thing that can be done to obtain decent delivery is configure proper matching forward and reverse DNS entries with a not-stupid domain (e.g. no IP address information coded in it). If an IP is not on Spamhaus and not on Barracuda it should have no problem obtaining a decent reputation, notwithstanding Microsoft's Outlook service. M$ has idiotic filtering criteria: essentially "guilty until proven innocent and give us money while you are at it."
On Nov 25, 2018, at 10:10, starlight.2018q2@binnacle.cx wrote:
If an IP is not on Spamhaus and not on Barracuda it should have no problem obtaining a decent reputation.
Not too many years back, I had a non-exit relay on the same IP address I use for my general home WiFi network. Mail reputation didn't seem to be affected, but I found that I was blacklisted by a number of media companies. I don't remember which ones, exactly, but services like Hulu and Netflix started giving me error messages to the effect that I was in a geographic region they didn't support (California, US). When I'd call customer support, they'd just deny that there was any problem and blame my ISP. It took quite a bit of sleuthing to figure out that the companies simply block any Tor-associated IP addresses. The impression I get is that it's deliberate and purely punitive. They see Tor as a service that might affect their bottom line (by facilitating piracy and/or getting around geographic restrictions), so they do anything they can to punish people who support it. They know perfectly well that a non-exit relay can't be used to bypass geographic restrictions, but they block them anyway out of arrogance. I moved my relay to a different IP and over the span of a month or two the blocking stopped. All of which is to say that there are certainly companies out there that *will* attack you for running a middle node. --Ron
Yup, a few years ago Netflix blocked all VPN Provider IPs and all Tor IPs including middle and guards … they completely ignored that guards / middle could not send traffic to Netflix. After all someone at Netflix read the TLDR about Tor and changed it.
On 26. Nov 2018, at 21:55, ronqtorrelays@risley.net wrote:
On Nov 25, 2018, at 10:10, starlight.2018q2@binnacle.cx wrote:
If an IP is not on Spamhaus and not on Barracuda it should have no problem obtaining a decent reputation.
Not too many years back, I had a non-exit relay on the same IP address I use for my general home WiFi network. Mail reputation didn't seem to be affected, but I found that I was blacklisted by a number of media companies. I don't remember which ones, exactly, but services like Hulu and Netflix started giving me error messages to the effect that I was in a geographic region they didn't support (California, US). When I'd call customer support, they'd just deny that there was any problem and blame my ISP. It took quite a bit of sleuthing to figure out that the companies simply block any Tor-associated IP addresses.
The impression I get is that it's deliberate and purely punitive. They see Tor as a service that might affect their bottom line (by facilitating piracy and/or getting around geographic restrictions), so they do anything they can to punish people who support it. They know perfectly well that a non-exit relay can't be used to bypass geographic restrictions, but they block them anyway out of arrogance.
I moved my relay to a different IP and over the span of a month or two the blocking stopped.
All of which is to say that there are certainly companies out there that *will* attack you for running a middle node.
--Ron _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
We are talking about about communication between two e-mail service providers where one of them hosting also tor relay using public mail exchange IPs. Netflix ;) I would say could be completly ignored in that case - they has nothing to do with an e-mail communication (except spamming with newsletters and notifications ;) ). For me it will be much helpful to have a list of RBLs which also include IPs of tor relays (exit and non exit). Till now I have found only some small private RBLs with list of tor relay ips, but they are not commonly used. If some one of You knows RBLS with tor relay ips please publish it. Thanks in advance for any support. Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, November 26, 2018 4:10 PM, niftybunny <abuse@to-surf-and-protect.net> wrote:
Yup, a few years ago Netflix blocked all VPN Provider IPs and all Tor IPs including middle and guards … they completely ignored that guards / middle could not send traffic to Netflix. After all someone at Netflix read the TLDR about Tor and changed it.
On 26. Nov 2018, at 21:55, ronqtorrelays@risley.net wrote:
On Nov 25, 2018, at 10:10, starlight.2018q2@binnacle.cx wrote: If an IP is not on Spamhaus and not on Barracuda it should have no problem obtaining a decent reputation.
Not too many years back, I had a non-exit relay on the same IP address I use for my general home WiFi network. Mail reputation didn't seem to be affected, but I found that I was blacklisted by a number of media companies. I don't remember which ones, exactly, but services like Hulu and Netflix started giving me error messages to the effect that I was in a geographic region they didn't support (California, US). When I'd call customer support, they'd just deny that there was any problem and blame my ISP. It took quite a bit of sleuthing to figure out that the companies simply block any Tor-associated IP addresses. The impression I get is that it's deliberate and purely punitive. They see Tor as a service that might affect their bottom line (by facilitating piracy and/or getting around geographic restrictions), so they do anything they can to punish people who support it. They know perfectly well that a non-exit relay can't be used to bypass geographic restrictions, but they block them anyway out of arrogance. I moved my relay to a different IP and over the span of a month or two the blocking stopped. All of which is to say that there are certainly companies out there that will attack you for running a middle node. --Ron
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (4)
-
dlugasny@protonmail.com -
niftybunny -
ronqtorrelays@risley.net -
starlight.2018q2@binnacle.cx