[tor-relays] BadExit

[Georg Koppen]

teor:
> Hi,
> 
>> On 27 Mar 2020, at 02:00, niftybunny <abuse-contact at to-surf-and-protect.net> wrote:
>>
>> My bad. Never seen this before. I there a good reason for the accept 133.0.0.0/8:80 ?
>>
>>> On 26. Mar 2020, at 15:06, gerard at bulger.co.uk wrote:
>>>
>>> "btw, you need to have at least port 80 and 443 … port 80 is missing …"
>>>
>>> It there. But to a /8 area IPV4, all IPv6
>>>
>>> I have not changed my exit policy for years.  Port 80 is there, just limited to a  /8  network and all IPv6 addresses port 80 allowed.
>>> 443 all there IPv4 and IPv6
>>>
>>> Testing seems to be exiting OK, but badexit tag still there.
> 
> The Exit flag only request one IPv4 /8 :
> https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2628
> 
> But if the network health team is testing a different IPv4 /8, then your
> relay might appear down.

Yep, I think that's what happened. I'll get the badexit flag removed
from both of your relays and think about ways for improving our tests.
Sorry for the inconvenience.

(FWIW: I sent an email to the address you put into your ContactInfo. I
heard that mails for Tor Project addresses repeatedly land in spam
folders. Maybe that happened this time, too.)

> (If the DNS for the site they are testing has both IPv4 and IPv6, then
> the outcome will depend on their tor version and config. 0.4.3 and
> later will prefer IPv6 by default.)

Not sure what Arthur is running but I am just using what Debian ships on
the box I run the tests, which is currently 0.3.5.8. I guess it might be
worth thinking about switching away from that. Maybe tracking and using
the version Tor Browser ships is smarter?

Georg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200327/3ba104dd/attachment.sig>