Forwarding email ports

Michael Holstein michael.holstein at csuohio.edu
Mon Feb 5 16:23:27 UTC 2007


(responses inline) :

> I read through the january archives on email ports, specifically 465,
> 587, and 995.
> 
> First, are these the ports needed to support standard secure email
> (SMTP and PoP)?

Except for tcp/587 (submission), yes. 465 is smtps (smtp via SSL) and 
995 is pops (pop via SSL). tcp/587 is part of the "standard" exit policy 
(deny).

> Second, why were there three of them for two protocols? Did I
> misunderstand something?

Nope .. 587 is an alternative to 25. Unlike the other two, it's not 
encrypted.

> Third, what are the implications -- both security, and legal -- if I
> open these on my machine. I'm thinking in particular, that:
> 1. If only one exit node is outputting these ports, it becomes an
> obvious snoop target -- how does that affect security?

Well, with TOR (and any anon proxy) you've got to trust the exit 
operator. This is why TOR says you should only trust it for transport, 
not end-to-end security, and you should use your own transport-layer 
security (eg: ssl, tls, ssh, ...)

> 2. If I'm forwarding email, am I likely to find my site "blacklisted" 
> somewhere?

Yep .. 100%. Open proxies are an email-admin's worst friend. Exiting 
tcp/25 is a sure way to never send email again from that IP. Also, many 
websites that you probably enjoy (craigslist, slashdot, etc) have been 
hassled by tor-wielding vandals one-too-many times and will block even 
read-only access. Thus, it's wise to have the TOR box on a separate IP 
(that you'll never-ever need again .. the one we used here -- 5.13 -- a 
year ago is still blocked a number of places).

> 3. Am I likely to get some sort of "Cease and desist" letter, or other
> legal hassle, for this?

Maybe .. but those are easy to respond to. A standard "I'm a TOR exit.." 
email usually does the trick. See the archives for examples .. I've 
posted one (SXW format) that has worked for $3_letter_agency subpoenas.

> 4. Since my machine has about 22K/s bandwidth, how likely is it that I
> will be badly backlogged / overtargetted?

Set the BandwidthMax and Min to appropriate values and sleep easy.

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University



More information about the tor-talk mailing list