[tor-relays] Complaint about spam originating from my server

Steve Snyder swsnyder at snydernet.net
Thu Dec 13 19:32:17 UTC 2012


On Thursday, December 13, 2012 1:46pm, "Roger Dingledine" <arma at mit.edu> said:

> On Thu, Dec 13, 2012 at 08:28:30AM -0700, Brock Tice wrote:
>> Hello all,
>>   I follow the guide for avoiding abuse notices, and generally I only
>> get 1/year of the DMCA variety. However, I recently received this
>> complaint, which appears to show spam originating from my Tor server
>> (209.188.113.101 / tor-proxy.anfani.com). As far as I know, port 25 is
>> blocked on my exit policy. Port 587 is allowed. I do have a mail server
>> running on this machine, but it does not accept outside connections.
>>
>> Is there something I am missing? Is there anything else I should do to
>> prevent this in the future? Could there be some way that a Tor user
>> could locally send mail using my server?
>>
>> Thanks,
>>   --Brock
>>
>> received:_from_[10.235.200.97]_by_ochaua.tpn.terra.com_(LMTP);_Tue,_11_Dec_2012_12:26:15_+0000_(UTC)
>> received:_from_nm17-vm0.bullet.mail.gq1.yahoo.com_(nm17-vm0.bullet.mail.gq1.yahoo.com_[98.137.177.224])_by_1j4.tpn.terra.com_(Postfix)_with_ESMTP_id_5A96DC0000DFA_for_<waleria.luis at itelefonica.com.br>;_Tue,_11_Dec_2012_12:25:02_+0000_(UTC)
>> received:_from_[209.188.113.101]_by_web184904.mail.gq1.yahoo.com_via_HTTP;_Tue,_11_Dec_2012_03:54:56_PST
> 
> This looks like webmail -- somebody exited from your relay to port 80
> on yahoo's website, and asked yahoo to send the mail. Yahoo sent the
> mail, and the recipient didn't like it. Fortunately (for the recipient,
> not for you), yahoo included the IP address of the "user" who asked its
> website to send the mail.
> 
> We might not think of this behavior as 'spam' coming from your relay, but
> I'm afraid the definition of spam has greatly expanded in the past decade.

I've been burned by this too.

And this is a problem that will only get worse as the trend continues from actual e-mail clients to webmail.

hotmail.com, live.com, webmail.aol.com, mail.google.com, yahoo.com; there are so many unknown IP addresses behind these few webmail domains that it is impractical to block them.




More information about the tor-relays mailing list