Hi all, FYI: Yesterday I got the notice below from Leaseweb. I picked them because Leaseweb is mentioned in the Good/Bad ISP <https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs> post. Apparently a blacklist named SECTOOR added a whole IP block of Leaseweb to block my Exit relay. Since this list is used by some bigger corporations, it got some other customers in trouble and they asked me to restrict the mentioned ports. I understand the reasoning and can't blame them for asking my I guess (and since most relevant ports are not mentioned I guess it is not too bad), but I found it a bit weird that a whole subnet is being listed. On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
It appears you are hosting a TOR node on your LeaseWeb IP address. This has resulted in the block of a (part) LeaseWeb IP subnet. (/24) As the subnet is added on the SECTOOR blacklist (http://www.sectoor.de/tor.php) this is affecting customers in the same range as yourself.
The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail. This results in other customers not being able to longer use the mail services of these companies. Sectoor TOR DNSBL lists every IP address which is known to run a tor server and allow their clients to connect to one of the following ports:
* Port 25 * Port 194 * Port 465 * Port 587 * Port 994 * Port 6657 * Ports 6660-6670 * Port 6697 * Ports 7000-7005 * Port 7070 * Ports 8000-8004 * Port 9000 * Port 9001 * Port 9998 * Port 9999
Therefore, we kindly, yet urgently ask you to disable the connection to the mentioned ports within 24 hours. Failure to comply and respond (confirm) to this warning, will result in a block of your involved IP address(es).
Thank you for your co-operation and understanding.
Kind regards,
Lesley Koomen Team Manager Abuse Prevention
Hi, I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party. For now, I have shutdown the server. Sorry to hear :( Best, Jurre On 05/21/2015 09:36 PM, blaatenator wrote:
Hi all,
FYI: Yesterday I got the notice below from Leaseweb. I picked them because Leaseweb is mentioned in the Good/Bad ISP <https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs> post. Apparently a blacklist named SECTOOR added a whole IP block of Leaseweb to block my Exit relay. Since this list is used by some bigger corporations, it got some other customers in trouble and they asked me to restrict the mentioned ports.
I understand the reasoning and can't blame them for asking my I guess (and since most relevant ports are not mentioned I guess it is not too bad), but I found it a bit weird that a whole subnet is being listed.
On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
It appears you are hosting a TOR node on your LeaseWeb IP address. This has resulted in the block of a (part) LeaseWeb IP subnet. (/24) As the subnet is added on the SECTOOR blacklist (http://www.sectoor.de/tor.php) this is affecting customers in the same range as yourself.
The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail. This results in other customers not being able to longer use the mail services of these companies. Sectoor TOR DNSBL lists every IP address which is known to run a tor server and allow their clients to connect to one of the following ports:
* Port 25 * Port 194 * Port 465 * Port 587 * Port 994 * Port 6657 * Ports 6660-6670 * Port 6697 * Ports 7000-7005 * Port 7070 * Ports 8000-8004 * Port 9000 * Port 9001 * Port 9998 * Port 9999
Therefore, we kindly, yet urgently ask you to disable the connection to the mentioned ports within 24 hours. Failure to comply and respond (confirm) to this warning, will result in a block of your involved IP address(es).
Thank you for your co-operation and understanding.
Kind regards,
Lesley Koomen Team Manager Abuse Prevention
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I got the same. Restricting the exit policy to 80/443 until Sectoor replies. Tom Jurre van Bergen schreef op 21/05/15 om 22:04:
Hi,
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
For now, I have shutdown the server.
Sorry to hear :(
Best, Jurre
On 05/21/2015 09:36 PM, blaatenator wrote:
Hi all,
FYI: Yesterday I got the notice below from Leaseweb. I picked them because Leaseweb is mentioned in the Good/Bad ISP <https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs> post. Apparently a blacklist named SECTOOR added a whole IP block of Leaseweb to block my Exit relay. Since this list is used by some bigger corporations, it got some other customers in trouble and they asked me to restrict the mentioned ports.
I understand the reasoning and can't blame them for asking my I guess (and since most relevant ports are not mentioned I guess it is not too bad), but I found it a bit weird that a whole subnet is being listed.
On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
It appears you are hosting a TOR node on your LeaseWeb IP address. This has resulted in the block of a (part) LeaseWeb IP subnet. (/24) As the subnet is added on the SECTOOR blacklist (http://www.sectoor.de/tor.php) this is affecting customers in the same range as yourself.
The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail. This results in other customers not being able to longer use the mail services of these companies. Sectoor TOR DNSBL lists every IP address which is known to run a tor server and allow their clients to connect to one of the following ports:
* Port 25 * Port 194 * Port 465 * Port 587 * Port 994 * Port 6657 * Ports 6660-6670 * Port 6697 * Ports 7000-7005 * Port 7070 * Ports 8000-8004 * Port 9000 * Port 9001 * Port 9998 * Port 9999
Therefore, we kindly, yet urgently ask you to disable the connection to the mentioned ports within 24 hours. Failure to comply and respond (confirm) to this warning, will result in a block of your involved IP address(es).
Thank you for your co-operation and understanding.
Kind regards,
Lesley Koomen Team Manager Abuse Prevention
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
++ 21/05/15 22:04 +0200 - Jurre van Bergen:
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
This DNSBL has a fairly straightforward listing for an IP-address: ((the IP-address itself is a Tor exit-node OR the IP-address is within a /24 that has some other IP-address with a Tor exit-node) AND the Tor exit-node(s) allow clients to connect to a list of about 15 different ports). Administrators are supposed to use this list as a scoring mechanisme, not for blocking. Of course, any administrator is free to use this DNSBL he or she wants. There's not much you can do - other than just not running the Tor-node. -- Rejo Zenger E rejo@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J rejo@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF Signal 0507 A41B F4D6 5DB4 937D E8A1 29B6 AAA6 524F B68B 93D4 4C6E 8BAB 7C9E 17C9 FB28 03
On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen wrote:
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
Doesn't sectoor publish two lists, one which is just Tor exit IP addresses, and another which is the /24's around them? And then they encourage people to use the more conservative list, but of course they hint that using the broader list will catch more spammers? So it's possible that the answer is "some website somewhere on the Internet is using sectoor's lists wrong". :/ And in case you haven't read this lately (I read it every few months and it makes me freshly angry each time), here's your pointer to http://paulgraham.com/spamhausblacklist.html --Roger
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 The lists of SECTOOR might be used wrongly but they sound like they belong to the ever growing list of 'shitty blacklists'. In my work for a hosting company I receive complaints regarding malpractices of such lists on a daily basis. For example there are lists who blacklist whole IP ranges based on generic rDNS (hello Spamrats Dyna). Being a company that sets rDNS to [IP-ADDRESS].companyname.tld for all non-used IP addresses you are basically fucked. Most of these blacklists are actually used by parties who probably started using them when these lists were not vigilante-like. Hooray for shitty blacklists... On 5/21/15 10:15 PM, Roger Dingledine wrote:
On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen wrote:
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
Doesn't sectoor publish two lists, one which is just Tor exit IP addresses, and another which is the /24's around them? And then they encourage people to use the more conservative list, but of course they hint that using the broader list will catch more spammers?
So it's possible that the answer is "some website somewhere on the Internet is using sectoor's lists wrong". :/
And in case you haven't read this lately (I read it every few months and it makes me freshly angry each time), here's your pointer to http://paulgraham.com/spamhausblacklist.html
--Roger
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJVXkGeAAoJEIZioqpbik3fODoP/RiHaxmOgCWzvMgIgnA+nVp6 jn5zD+WkgvnbY2fRnPsq7rJPZBl6zKZ9DgkuPlbqcvgGWzLHPuJm8Rx7zDHbG1Wj h1hEzr1vXff+iPYoGBIVmSv9hXp0HoKiNvjpLHHrlY0zF2XGJ3uuu2XlaKY3ISDx u9LfeTsg2Quf/MMR5ueHG1nEjBWJsKkFFSduwRrUhyjRmWEYerbKxgfh5JVChgNZ NhEUERKLZm6/iP0iP5PAui8nHJ34RpO+oXuzxvMywKhGBITLclwHhz5pRv9tUJlL rabaXcyV1y/SJrTkiKuR26zCIH59Epx+OPwVEXTRypYELhCL45+ny/ryAdT2rCj8 9SAzdCANN7qJCyave490zUoqZTxaryk7aFtg9YGx/FhdTRGtIPNy2WrgqfR0n03u RQr0NzPZ7Tg8d4DllmTfhFzZqF63wvBOI5TcmGB4F+6/6XOdxyrVICYE0YXJhssr 6JdB8U+KvzumdToOr+dGIGFctbdx5muoZPmWWpLd7X0OFJ6FAexxmSSzrnDulMYi EqxzUtQckKULMz8knTJgC0geTIIW/Vi+SxWXZHbn/PfA7or+HtAFPN8fzPtM9Z29 /lWUp/BC06XjKsixInGQVX+ufF/AD+hPXaOD2N0nbmBWPda1UIE6XCTqhnPhwhJW R4jON6/+TAvQ6fIY/N4V =l0Kn -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I forgot to mention the list of 'shitty blacklists' offers hardly any way to request delisting when the event occurs an IP address gets handed out to a different user. As far as I have seen SECTOOR belongs on this list based on the fact that delisting is a pain. On 5/21/15 10:35 PM, Tim Semeijn wrote:
The lists of SECTOOR might be used wrongly but they sound like they belong to the ever growing list of 'shitty blacklists'. In my work for a hosting company I receive complaints regarding malpractices of such lists on a daily basis. For example there are lists who blacklist whole IP ranges based on generic rDNS (hello Spamrats Dyna). Being a company that sets rDNS to [IP-ADDRESS].companyname.tld for all non-used IP addresses you are basically fucked.
Most of these blacklists are actually used by parties who probably started using them when these lists were not vigilante-like.
Hooray for shitty blacklists...
On 5/21/15 10:15 PM, Roger Dingledine wrote:
On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen wrote:
I got the same message yesterday, I asked leaseweb to put our exit node(hviv103) in a "dirty" ip-block and asked sectoor for a clarification on what happened. No reply to date of any party.
Doesn't sectoor publish two lists, one which is just Tor exit IP addresses, and another which is the /24's around them? And then they encourage people to use the more conservative list, but of course they hint that using the broader list will catch more spammers?
So it's possible that the answer is "some website somewhere on the Internet is using sectoor's lists wrong". :/
And in case you haven't read this lately (I read it every few months and it makes me freshly angry each time), here's your pointer to http://paulgraham.com/spamhausblacklist.html
--Roger
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJVXkNBAAoJEIZioqpbik3fgpEP/inQTt3WB8RG1pmAIltx92/L emog+azFnm5xdxUXB5Eg1U0CqyVOAl0RS8wVUKSnAHYfG0W6KZZ/0pRpierT6Kxm 623+g8j4Q547dbPSyXpd7mQ/hwmMLTvdlUIS5nON1xLXtS5eatPwyid6KJaY40dQ XlevcUyhxRAxl5ckn6me+5K+3u/QW07h1U27TCNCGzTkpsoP8QTY4hPeNA3q8VrW wwWErfNaQ/A4d4HHMUC5yTclc1m3O86FIHTV6ks4DBAGOVf7XIrM1L/1NGgIJRXR gh3Mqlx7i5/0LGiAcSd1VmvgUgxci1Y/k9ig77WvVEb8mSCR/vtLMDnH6L+vQ0+G Ys1LD/QoZgv+ka6lC0Jl3Bx6qTGcyG8ykGG1HE7pXVvGLvOltnuSiiyS269vLi1K ezeypTgPjHjIgF8gbUnfs1tOaZhX5qdrbm1oSck2v3CsRVQkTuv5H2FANaSOgB6C U8QWWOEM7dC1zD1VJRMvCJDXaFDPA4Vf3kgJDv+/BuQYaMdkyXrO7gyhgRU7dNzu 9XVIZHLza9HsCuBjUzv7DsCcwHw75x9q1EmaBlbOd1TB5wtxxr22Tt+v1GxWm8GT ij6z2Xgq00bUX+nf84Q00l2m3+a7/UDQAzrlB8uYhCRgUJ24NVu11itVCz2y7pYn 8apsND5k8o1InjsNLhby =BkaQ -----END PGP SIGNATURE-----
The problem is compounded by the fact each BL company is racing it's way to the bottom, adding each others finds to their own lists. SpamHaus has OVER 1 *BILLION* addresses listed. I lost several relays (11) from OVH because DanTor recorded my relays, then CBL recorded DanTor, then SpamHaus Zen recorded CBL, which allowed OVH to claim "100% of your IPs are blacklisted on multiple lists" when in reality it was from a guy in the UK who publishes all Tor relays - guard, middle, exit - that caused this whole problem for me. Not one single complaint from anyone against any of my relays. Matt Speak Freely
++ 21/05/15 22:35 +0200 - Tim Semeijn:
The lists of SECTOOR might be used wrongly but they sound like they belong to the ever growing list of 'shitty blacklists'. In my work for
In my personal opinion: you are barking at the wrong tree. It's your freedom to create a list of whatever you like with whatever criteria you please and name it whatever it makes you feel good. And yes, of course, it is your freedom to label one more of those lists as "shitty blacklists". Point is: I don't think there is such a thing as a shitty blacklist. In the end it's up to the administrator of a server to use or not to use a list. And yes, I am aware some issues may arise if one of thoses lists has a large user base (as, in that case, the compiler of that list may (ab)use that power). It's not that I am 100% in favor of these lists. :) -- Rejo Zenger E rejo@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J rejo@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF Signal 0507 A41B F4D6 5DB4 937D E8A1 29B6 AAA6 524F B68B 93D4 4C6E 8BAB 7C9E 17C9 FB28 03
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Good point. I should have thought better about phrasing my opinion as labeling the lists as simply shitty might be a bit blindsighted. Listing whole ranges though seems to do more damage than good in most cases, certainly when no proper delisting policy is in place. On 5/21/15 10:46 PM, Rejo Zenger wrote:
++ 21/05/15 22:35 +0200 - Tim Semeijn:
The lists of SECTOOR might be used wrongly but they sound like they belong to the ever growing list of 'shitty blacklists'. In my work for
In my personal opinion: you are barking at the wrong tree. It's your freedom to create a list of whatever you like with whatever criteria you please and name it whatever it makes you feel good. And yes, of course, it is your freedom to label one more of those lists as "shitty blacklists".
Point is: I don't think there is such a thing as a shitty blacklist. In the end it's up to the administrator of a server to use or not to use a list.
And yes, I am aware some issues may arise if one of thoses lists has a large user base (as, in that case, the compiler of that list may (ab)use that power). It's not that I am 100% in favor of these lists. :)
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJVXkZAAAoJEIZioqpbik3fayIP/jqr98PUj06rZkWqu/dyEmWK DXDTvD4Vt7wBik5NW0xQhUlRlcjtflkVEW9jM5KjslORdLS2A03nUt85pp2CzlfP gAcWuGAQJqUjDVySnyNxR7RB5MyCrAOtXf0Cr1UhJjVdebyRoAmtZfRwzMT8b6XJ V3/KJQszw45RofKaLDQ33996LX1eNvILswSG3+ueEOUSt4sXPvpxuxMZRPX5wGW4 32GEPBlSGgPeSjvaDxZ+B+2zKa0aKlD2ARaDTv2W/ye+J+yevvfVAzBJgP9v00ap 7+yp4yUhgIsNDzV9BG+EYK8fEq1ve1H302kw52s7Zk2jGAozPNgBnZgCVfL46m4O sA/hPwIsUGDk6Gx5Vs5iwAzkCpO5sOq2VoSEKklbfvu8pJN+DOvCJkYuyMIWdbp/ JYl/rk79zwlX37n4Cm8dLZeLpJtBXlRy/cPhunlPbF7sdv0UDahqyMP0sYiuHhUz jDIzpDGw8K6UWmK9DGyqkomoUF5LNot4y9GmyFRrLd6P9c18OKDGHg3TdEpvuBYV SChnvDp1auBR8eIXWKdvba7eKe+yhA/aK2Ld/gDFYM+HMwKPSyC+Y+W1qT1M40Ra HawPewnd3S2mfAGwL1HXmuNzxdbrljLDVltC53tF/Tjn0EvVnRC15loAzNN94Sys 7A4D0oPu3QXXSyO1HxmP =+RXC -----END PGP SIGNATURE-----
blaatenator:
* Port 25 * Port 194 * Port 465 * Port 587 * Port 994 * Port 6657 * Ports 6660-6670 * Port 6697 * Ports 7000-7005 * Port 7070 * Ports 8000-8004 * Port 9000 * Port 9001 * Port 9998 * Port 9999
Were you using the recommended reduced exit policy? It seems like it'd block most of the ports they're complaining about: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy If you haven't, you might want to start now, and make sure it covers the extra ports they're mentioning, to make them happy. You may also want to see the other of tips for running an exit node with less harassment: https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
participants (8)
-
blaatenator -
Jurre van Bergen -
ncl@cock.li -
Rejo Zenger -
Roger Dingledine -
Speak Freely -
Tim Semeijn -
Tom van der Woerdt