[tor-relays] Complaint about spam originating from my server
Roger Dingledine
arma at mit.edu
Thu Dec 13 18:46:09 UTC 2012
On Thu, Dec 13, 2012 at 08:28:30AM -0700, Brock Tice wrote:
> Hello all,
> I follow the guide for avoiding abuse notices, and generally I only
> get 1/year of the DMCA variety. However, I recently received this
> complaint, which appears to show spam originating from my Tor server
> (209.188.113.101 / tor-proxy.anfani.com). As far as I know, port 25 is
> blocked on my exit policy. Port 587 is allowed. I do have a mail server
> running on this machine, but it does not accept outside connections.
>
> Is there something I am missing? Is there anything else I should do to
> prevent this in the future? Could there be some way that a Tor user
> could locally send mail using my server?
>
> Thanks,
> --Brock
>
> received:_from_[10.235.200.97]_by_ochaua.tpn.terra.com_(LMTP);_Tue,_11_Dec_2012_12:26:15_+0000_(UTC)
> received:_from_nm17-vm0.bullet.mail.gq1.yahoo.com_(nm17-vm0.bullet.mail.gq1.yahoo.com_[98.137.177.224])_by_1j4.tpn.terra.com_(Postfix)_with_ESMTP_id_5A96DC0000DFA_for_<waleria.luis at itelefonica.com.br>;_Tue,_11_Dec_2012_12:25:02_+0000_(UTC)
> received:_from_[209.188.113.101]_by_web184904.mail.gq1.yahoo.com_via_HTTP;_Tue,_11_Dec_2012_03:54:56_PST
This looks like webmail -- somebody exited from your relay to port 80
on yahoo's website, and asked yahoo to send the mail. Yahoo sent the
mail, and the recipient didn't like it. Fortunately (for the recipient,
not for you), yahoo included the IP address of the "user" who asked its
website to send the mail.
We might not think of this behavior as 'spam' coming from your relay, but
I'm afraid the definition of spam has greatly expanded in the past decade.
--Roger
More information about the tor-relays
mailing list