[tor-relays] Spamcop question

Nathaniel Suchy me at lunorian.is
Tue Apr 2 21:08:02 UTC 2019


Someone likely abused a webmail provider. Respond to them that SMTP isn’t available from your exit and they’ll have to contact the email service provider directly.

Cordially,
Nathaniel Suchy

> On Apr 2, 2019, at 5:04 PM, ylms <tor at yl.ms> wrote:
> 
> Hello fellow Tor-Exit operators,
> 
> today I got the following Abuse message:
> 
> //Start
> 
> [ SpamCop V5.0.0 ]
> This message is brief for your comfort.  Please use links below for details.
> 
> Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 +0000
> https://www.spamcop.net/w3m?i=.....(removed)
> 5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html
> 
> [ Offending message ]
> Return-Path: <admin at abc.gr>
> X-Original-To: bingobongo69 at cd.ru
> Delivered-To: bingobongo69 at cd.ru
> Received: from 31.184.255.247 (unknown [5.199.130.188])
>    by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj
>    for <bingobongo69 at cd.ru>; Tue, 19 Mar 2019 12:20:30 +0000
> Message-ID: <EAAACECBFAFDDACFCAEABBBEC at abc.gr>
> From: <admin at abc.gr>
> To: <bingobongo69 at cd.ru>
> Subject: smtp:>>smtp.efg.es,587,test at efg.es,123456>>
> Date: Tue, 19 Mar 2019 13:20:18 +0100
> MIME-Version: 1.0
> Content-Type: text/plain;
>    charset="windows-1251";
> Content-Transfer-Encoding: 7bit
> 
> smtp:>>smtp.efg.es,587,test at efg.es,123456>>
> 
> veblcshgtpwfdonxkebdghrwf
> pboqjycmmdslmliomafclayaheiuft
> uybveafdbnsuydqvbgyukf
> zsszifpadkpaufibjosuk
> 
> //End
> 
> I wasn't sure what to remove from the abuse message so I removed all the
> domains to protect the owners of these hosts/addresses, I hope I didn't
> miss any.
> 
> My question, what did I miss in in the exit policy, I have used the
> following in the torrc. Maybe I did not miss anything at all. Thanks for
> helping me to understand how the spammer could use the the exit for
> spamming.
> 
> I assume with the reduced exit policy spammers should not be enabled to
> use the exit.
> 
> // torrc
> # Reduced Exit policy according to:
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
> ExitPolicy accept *:20-21     # FTP
> ExitPolicy accept *:22        # SSH
> ExitPolicy accept *:23        # Telnet
> ExitPolicy accept *:43        # WHOIS
> ExitPolicy accept *:53        # DNS
> ExitPolicy accept *:79        # finger
> ExitPolicy accept *:80-81     # HTTP
> ExitPolicy accept *:88        # kerberos
> ExitPolicy accept *:110       # POP3
> ExitPolicy accept *:143       # IMAP
> ExitPolicy accept *:194       # IRC
> ExitPolicy accept *:220       # IMAP3
> ExitPolicy accept *:389       # LDAP
> ExitPolicy accept *:443       # HTTPS
> ExitPolicy accept *:464       # kpasswd
> ExitPolicy accept *:465       # URD for SSM (more often: an alternative
> SUBMISSION port, see 587)
> ExitPolicy accept *:531       # IRC/AIM
> ExitPolicy accept *:543-544   # Kerberos
> ExitPolicy accept *:554       # RTSP
> ExitPolicy accept *:563       # NNTP over SSL
> ExitPolicy accept *:587       # SUBMISSION (authenticated clients [MUA's
> like Thunderbird] send mail over STARTTLS SMTP here)
> ExitPolicy accept *:636       # LDAP over SSL
> ExitPolicy accept *:706       # SILC
> ExitPolicy accept *:749       # kerberos
> ExitPolicy accept *:853       # DNS over TLS
> ExitPolicy accept *:873       # rsync
> ExitPolicy accept *:902-904   # VMware
> ExitPolicy accept *:981       # Remote HTTPS management for firewall
> ExitPolicy accept *:989-990   # FTP over SSL
> ExitPolicy accept *:991       # Netnews Administration System
> ExitPolicy accept *:992       # TELNETS
> ExitPolicy accept *:993       # IMAP over SSL
> ExitPolicy accept *:994       # IRCS
> ExitPolicy accept *:995       # POP3 over SSL
> ExitPolicy accept *:1194      # OpenVPN
> ExitPolicy accept *:1220      # QT Server Admin
> ExitPolicy accept *:1293      # PKT-KRB-IPSec
> ExitPolicy accept *:1500      # VLSI License Manager
> ExitPolicy accept *:1533      # Sametime
> ExitPolicy accept *:1677      # GroupWise
> ExitPolicy accept *:1723      # PPTP
> ExitPolicy accept *:1755      # RTSP
> ExitPolicy accept *:1863      # MSNP
> ExitPolicy accept *:2082      # Infowave Mobility Server
> ExitPolicy accept *:2083      # Secure Radius Service (radsec)
> ExitPolicy accept *:2086-2087 # GNUnet, ELI
> ExitPolicy accept *:2095-2096 # NBX
> ExitPolicy accept *:2102-2104 # Zephyr
> ExitPolicy accept *:3128      # SQUID
> ExitPolicy accept *:3389      # MS WBT
> ExitPolicy accept *:3690      # SVN
> ExitPolicy accept *:4321      # RWHOIS
> ExitPolicy accept *:4643      # Virtuozzo
> ExitPolicy accept *:5050      # MMCC
> ExitPolicy accept *:5190      # ICQ
> ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
> ExitPolicy accept *:5228      # Android Market
> ExitPolicy accept *:5900      # VNC
> ExitPolicy accept *:6660-6669 # IRC
> ExitPolicy accept *:6679      # IRC SSL
> ExitPolicy accept *:6697      # IRC SSL
> ExitPolicy accept *:8000      # iRDMI
> ExitPolicy accept *:8008      # HTTP alternate
> ExitPolicy accept *:8074      # Gadu-Gadu
> ExitPolicy accept *:8080      # HTTP Proxies
> ExitPolicy accept *:8082      # HTTPS Electrum Bitcoin port
> ExitPolicy accept *:64738     # Mumble
> ExitPolicy reject *:*
> 
> 
> 
> Regards
> yl
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



More information about the tor-relays mailing list