[tor-relays] Spamcop question

ylms tor at yl.ms
Tue Apr 2 21:04:41 UTC 2019 

Hello fellow Tor-Exit operators,

today I got the following Abuse message:

//Start

[ SpamCop V5.0.0 ]
This message is brief for your comfort.  Please use links below for details.

Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 +0000
https://www.spamcop.net/w3m?i=.....(removed)
5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html

[ Offending message ]
Return-Path: <admin at abc.gr>
X-Original-To: bingobongo69 at cd.ru
Delivered-To: bingobongo69 at cd.ru
Received: from 31.184.255.247 (unknown [5.199.130.188])
	by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj
	for <bingobongo69 at cd.ru>; Tue, 19 Mar 2019 12:20:30 +0000
Message-ID: <EAAACECBFAFDDACFCAEABBBEC at abc.gr>
From: <admin at abc.gr>
To: <bingobongo69 at cd.ru>
Subject: smtp:>>smtp.efg.es,587,test at efg.es,123456>>
Date: Tue, 19 Mar 2019 13:20:18 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-1251";
Content-Transfer-Encoding: 7bit

smtp:>>smtp.efg.es,587,test at efg.es,123456>>

veblcshgtpwfdonxkebdghrwf
pboqjycmmdslmliomafclayaheiuft
uybveafdbnsuydqvbgyukf
zsszifpadkpaufibjosuk

//End

I wasn't sure what to remove from the abuse message so I removed all the
domains to protect the owners of these hosts/addresses, I hope I didn't
miss any.

My question, what did I miss in in the exit policy, I have used the
following in the torrc. Maybe I did not miss anything at all. Thanks for
helping me to understand how the spammer could use the the exit for
spamming.

I assume with the reduced exit policy spammers should not be enabled to
use the exit.

// torrc
# Reduced Exit policy according to:
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
ExitPolicy accept *:20-21     # FTP
ExitPolicy accept *:22        # SSH
ExitPolicy accept *:23        # Telnet
ExitPolicy accept *:43        # WHOIS
ExitPolicy accept *:53        # DNS
ExitPolicy accept *:79        # finger
ExitPolicy accept *:80-81     # HTTP
ExitPolicy accept *:88        # kerberos
ExitPolicy accept *:110       # POP3
ExitPolicy accept *:143       # IMAP
ExitPolicy accept *:194       # IRC
ExitPolicy accept *:220       # IMAP3
ExitPolicy accept *:389       # LDAP
ExitPolicy accept *:443       # HTTPS
ExitPolicy accept *:464       # kpasswd
ExitPolicy accept *:465       # URD for SSM (more often: an alternative
SUBMISSION port, see 587)
ExitPolicy accept *:531       # IRC/AIM
ExitPolicy accept *:543-544   # Kerberos
ExitPolicy accept *:554       # RTSP
ExitPolicy accept *:563       # NNTP over SSL
ExitPolicy accept *:587       # SUBMISSION (authenticated clients [MUA's
like Thunderbird] send mail over STARTTLS SMTP here)
ExitPolicy accept *:636       # LDAP over SSL
ExitPolicy accept *:706       # SILC
ExitPolicy accept *:749       # kerberos
ExitPolicy accept *:853       # DNS over TLS
ExitPolicy accept *:873       # rsync
ExitPolicy accept *:902-904   # VMware
ExitPolicy accept *:981       # Remote HTTPS management for firewall
ExitPolicy accept *:989-990   # FTP over SSL
ExitPolicy accept *:991       # Netnews Administration System
ExitPolicy accept *:992       # TELNETS
ExitPolicy accept *:993       # IMAP over SSL
ExitPolicy accept *:994       # IRCS
ExitPolicy accept *:995       # POP3 over SSL
ExitPolicy accept *:1194      # OpenVPN
ExitPolicy accept *:1220      # QT Server Admin
ExitPolicy accept *:1293      # PKT-KRB-IPSec
ExitPolicy accept *:1500      # VLSI License Manager
ExitPolicy accept *:1533      # Sametime
ExitPolicy accept *:1677      # GroupWise
ExitPolicy accept *:1723      # PPTP
ExitPolicy accept *:1755      # RTSP
ExitPolicy accept *:1863      # MSNP
ExitPolicy accept *:2082      # Infowave Mobility Server
ExitPolicy accept *:2083      # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128      # SQUID
ExitPolicy accept *:3389      # MS WBT
ExitPolicy accept *:3690      # SVN
ExitPolicy accept *:4321      # RWHOIS
ExitPolicy accept *:4643      # Virtuozzo
ExitPolicy accept *:5050      # MMCC
ExitPolicy accept *:5190      # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228      # Android Market
ExitPolicy accept *:5900      # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679      # IRC SSL
ExitPolicy accept *:6697      # IRC SSL
ExitPolicy accept *:8000      # iRDMI
ExitPolicy accept *:8008      # HTTP alternate
ExitPolicy accept *:8074      # Gadu-Gadu
ExitPolicy accept *:8080      # HTTP Proxies
ExitPolicy accept *:8082      # HTTPS Electrum Bitcoin port
ExitPolicy accept *:64738     # Mumble
ExitPolicy reject *:*



Regards
yl

More information about the tor-relays mailing list