[tor-relays] Two-step abuse management?

tor-relay.dirk at o.banes.ch tor-relay.dirk at o.banes.ch
Thu Sep 14 18:58:30 UTC 2017 

Hello Moritz,

we run such an setting since several years.

Whois records show our ripe object with abuse-ripe at ...as  abuse-mailbox
address.
This is connected to an auto-responder.

In auto-responder mail we explain what is going on and offer to write to
our abuse at .... email address.
This really is then distributed to the abuse team for response.

There is not much coming in this way.
Some people directly go for our website our write to our office address.

Recently we received a lot of  automatic fail2ban messages due to ssh
abuse. The downside here is
they also wrote to our provider.

But this seems to be the setting of fail2ban which checks also the
network abuse record.

best regards

Dirk



On 13.09.2017 15:49, Moritz Bartl wrote:
> Hi!
>
> tl;dr: We're thinking about introducing an auto responder to abuse mail
> which then requires clicking a link or replying to the mail again before
> the complaint actually reaches a human. What do you think? Can you help
> us set this up?
>
> So far, we do not have any auto responder for abuse mails. I always
> thought it was important to be friendly and get back to everyone
> individually, even if at the core we're reusing mail templates. There is
> a difference if a human gets back to you within a few hours, or you
> immediately get clearly a auto-sent something that basically tells you
> there's not much that can be done.
>
> But actually, most of what we're seeing is automated notification mail,
> and lately we also see more and more spam that survives the
> spamassassin. An ideal system would track used addresses, and only send
> an auto-response from our end once per sender every few months.
>
> We have very limited resources for abuse management, and it would be
> great to filter out the noise better than we currently do.
>
> Did anyone set up an infrastructure like that before? How would you do it?
>
> Also, if you just want to help with our abuse management, let me know!
> We can always use one or two more hands, it's fun, and it teaches you a
> lot about Tor exit operation.
>

More information about the tor-relays mailing list