[tor-relays] my provider null routed my exit. advice?

Fri Jul 31 09:41:22 UTC 2015

On 2015-07-31 05:30, Christopher Yeager wrote:
> Hello,
>
> I run a 100mb exit hosted at server.lu since sometime in late 2013. There
> have been a couple dozen abuse reports but normally they forward them to me
> to deal with and nothing much happens. However a week or so ago, while I
> was travelling, there was an abuse report that made them decide to file a
> ticket which then led to them suspending my IP as I 'ignored' it while I
> was gone. So now I'm trying to convince them to turn the system back on and
> they are pushing back, and after some back and forth they say they want me
> to run an exit policy consisting of ports 53, 80, and 443. I've been
> running the suggested reduced exit policy since day one and am very
> reluctant to pare it down further, and certainly not to just 3 ports. I
> wrote a short note explaining my point of view and I wonder if any of you
> would do me the courtesy of telling me if I am likely to convince them to
> let me leave the exit policy alone. I'm very willing to edit my response as
> required. I think it bears mentioning that I am several messages in and I
> did not get a good sense that whoever I am talking to understands Tor very
> well at all - I was repeatedly asked to find and block my customer, and
> told I must have logs if I provide a service, etc. I can show you the
> longer exchange if you think it might be helpful. Thanks in advance and
> here goes:
>
> ---
> Hello,
>
> We have nothing against Tor but IP is listed at 11 blacklists including
> Spamhaus ZEN.
> So we have to ask you block all ports except 80, 53 and 443 to prevent
> scan, spam and other infringing activity from your IP.
> Hope such proposal will be suitable for you.
>
> Regards,
> ROOT S.A.
>
> ---
>
> Hello again,
>
> I would rather not block any more ports that are already blocked. The
> system is already set up to use the reduced exit policy detailed at
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy which
> allows as many Internet services as possible while still blocking the
> majority of TCP ports. Currently, the policy allows approximately 65 ports.
> I am reluctant to further reduce the ports because there is vastly more to
> the internet than just the world wide web. Email, chat, remote desktop,
> cache, and vpn services are all valid uses of the network that would not be
> allowed by such a restrictive exit policy. I'm also afraid that it will not
> help much in getting this IP off the various blocklists that it is on, as
> 2/3rds of the abuse reports I've been sent were due to traffic on ports 80
> or 443. Several of the lists such as SECTOOR and Dans TOREXIT and related
> are simply reporting to the world that this system is a Tor node. The
> system is only in the Spamhaus Zen list due to its listing in the CBL for
> being "infected with, or is NATting for a machine infected with s_vawtrak"
> which is a Microsoft Windows virus that connected to their sinkhole IP on
> port 80. Being on blocklists is something that happens when you are running
> a Tor exit node and supporting Tor means putting up with them and
> explaining why Tor is worth supporting even though abuse is guaranteed to
> happen.
>
> Naturally if you require this change I will be forced to make it. I hope,
> however, that you can be persuaded that it is not helpful to Tor and will
> not solve the problem of abuse and blacklists even if it were. Thanks again.
>
> --
>
> Thanks for getting this far. I await your replies with interest. :)
>
>

Hi

We are running gigabit servers at server.lu.
Normally they just want you to be quick when it comes to abuses. Respond
fast, block the resource destination for a month or so and they will be
happy.
But when it comes to spam they get, indeed, a bit upset. I recommend you
to block the mail ports as we do it. ---> 25, 465, 587

If your IP has been put on a Spamhaus blacklist because of webspam
(blogs, boards...) you can contact spamhaus. Tell them that you blocked
the destination IP's and explain that you are a tor exit node.
That should do the trick. If not, go for their advise and open only 3 to
5 ports. Let the node run for a least a month with this configuration
and then inform them that you are now opening more ports again and that
you promise faster responses to abuse mails.

Greetings

-- 
Sam Grüneisen - President
Frënn vun der Ënn A.S.B.L.
enn.lu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150731/bd1737e4/attachment.html>