[tor-relays] Leaseweb exit relay notice

tor at t-3.net tor at t-3.net
Mon May 25 16:48:38 UTC 2015 


On 05/22/2015 12:19 AM, Speak Freely wrote:
 > The problem is compounded by the fact each BL company is racing 
it's way
 > to the bottom, adding each others finds to their own lists. 
SpamHaus has
 > OVER 1 *BILLION* addresses listed.
 >
 > I lost several relays (11) from OVH because DanTor recorded my 
relays,
 > then CBL recorded DanTor, then SpamHaus Zen recorded CBL, which 
allowed
 > OVH to claim "100% of your IPs are blacklisted on multiple lists" 
when
 > in reality it was from a guy in the UK who publishes all Tor relays 
-
 > guard, middle, exit - that caused this whole problem for me. Not 
one
 > single complaint from anyone against any of my relays.
 >
 >
 > Matt
 > Speak Freely
 > _______________________________________________
 > tor-relays mailing list
 > tor-relays at lists.torproject.org
 > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


A lot of trouble would be prevented for exit node operators if, when 
they brought their relays up for the first time, they ensured that the 
exit policy rejected port 25. Even if they desire to run as 
unrestricted a relay as possible, in my experience, that one really 
should be rejected. It is the port which email servers tend to use to 
deliver mail to one another, and some bad/old clients might try to use 
it as well.

In theory, open-relay port 25 is just about sending email. It can send 
email on behalf of anyone in the world. Big deal, right? But in 
practice, open-relay port 25 is all about spam. Has been for years and 
years. It's always been abused by awful spammers wherever it may be 
found. It's never been used as some great tool for anonymity or email 
freedom.

As far as Tor exits go specifically, there is someone out there who is 
apparently watching Tor for when exits appear that are willing to send 
on port 25. They very quickly begin dumping spam out of any such 
relays, should they appear. I know this because I briefly turned on 
relay for port 25, and the spammers found it fast. They immediately 
transformed it into a spam-vomiting heap of crap. Traffic graphs on it 
skyrocketed (although within the configured maximums). The new mail in 
the admin mailbox for the netblock clearly reflected what the box was 
doing. I closed that port off fast, and problem solved.

In addition to port 25, relay operators who want to be extra careful 
of their relationship with their ISP may also wish to reject ports 465 
and 587. Doing that would more-completely lock the Tor exit away from 
the tricks spammers use.

By blocking off the email portion of the relay (especially port 25), 
the machine doesn't spew spam, and therefore doesn't get noticed by 
those who are trying to stop spam. This is good for the relay because 
the 'net is more accepting of it (IP reputation lists, RBLs, etc), and 
good for the exit relay operator's working relationship with the 
hosting ISP. Reputable ISPs tend to dislike spam, and if a billion 
spam complaints flood in for your relay, it's not going to help your 
cause.

People who are trying to do anonymous email have means to do so which 
do not include dumping anything directly to port 25. And if a direct 
push from Tor to 465 or 587 is wanted, it can always go to the relays 
which don't perceive any ISP-related risk from it.

More information about the tor-relays mailing list