[tor-relays] 7 relays gone because of spammers

Zefir zefir at bluforce.net
Tue Mar 3 14:02:42 UTC 2015 

On 2015-02-25 14:20, Speak Freely wrote:

> Oh yes, my money is gone already. They have no interest in talking to 
> me
> anymore, as the decision was final. The Abuse department won't talk to
> the Support department, and the abuse department won't talk to me.

The idea of initiating chargeback is great. I did this couple times 
myself
when vendor was everything but honest. If that's what you're going to 
do,
I'd definitely like to hear what was OVH excuse for not following their 
own
policy as they have to explain and prove to the bank why the charge is 
valid.
Hopefully you'll get your money back.

> I'd be more inclined to think these spam assassin fellas/"evil doer
> finders" just parsed the exit-node files and decide WHOOPIDY-DO I did 
> my
> job! Over-zealous punks trying to get their lists larger than their
> competitor.
> 
> OVH appears to have based these accusations on what other websites have
> said about my IP addresses, and not a single actual complaint against
> the relays I run.

I haven't thought about it that way. I run mailserver myself and 
fighting with
spam is daunting task. To avoid situation of automagically reporting 
spamming IP
to SBLs providers I'd like to implement solution that'll do both 
reporting and
whitelisting (have neither). Is someone familiar or have already in 
place
(or need - I'll try to write one myself) a script/config module to 
spamassasin
or postfix milter that will do two following tasks. One would be 
periodical download of
a public list of tor exit relays. Second would involve "spammy email" 
management.
If an email passes through all filters and is deemed spam/malware/ebola, 
it should
be dropped, yet if it is received from exit relay (ip on the list 
downloaded on step 1)
it wouldn't do anything in terms of reporting anywhere. Otherwise 
forward for spam
analysis.

I'm also thinking about second possible solution, but I'm not sure if 
it's possible.
On the host that's an exit relay, one would also have installed some 
kind
of postfix (or other MTA) and not encrypted tor exit traffic directed to 
port 25,587
reroute to localhost's MTA for virus/spam scanning and then either 
forwarding or
dropping. Rerouting is doable in moments using iptables. I'm not sure 
what effect
that would have on the tor network and security though.

Zefir

More information about the tor-relays mailing list