Is this a Tor exit node connecting to me?

Matt Ghali matt at snark.net
Tue Mar 27 19:58:10 UTC 2007 

On Mon, 26 Mar 2007, Roger Dingledine wrote:

> Matt, can you let us know if setting up sendmail with the
> relative-to-your-IP-address approach is just as easy? Are there common
> situations where it would make things harder?

While sendmail's default dnsbl() FEATURE, as well as Spamassassin's 
check_rbl_sub() do not have the flexibility to append the port 
information to the query (IE, seeing if the connecting host is in 
the list _and_ is allowing exits onport 25), it could possibly be 
easy to add similar functions that do.

The problem is that they aren't shipped by default, and the dnsbl 
lookup functions that do will likely be (ab)used to check the tor 
dnsbl and make decisions based on simply whether a host is present.

Possibly the easiest and friendliest way to cope would be to provide 
additional dnsbl views by port for interesting ports; perhaps zones 
such as 25.exit.dnsbl.zone or 80.exit.dnsbl.zone. This would allow 
existing software to easily perform a lookup without risking the binary 
good/bad problem.

> And while I'm asking, we could imagine setting up a dnsbl that looks
> at what IP address is asking the question, and answers relative to that
> address. Thus people in Matt's situation could just plug it in, and it
> would internally do what we all mean.

Not sure what's relative to the query source here. We're presumably 
looking to see if a host is a tor node and whether it's policy 
allows exit of an arbitrary port, right? None of that AFAIK is 
dependent on who's asking.

> I can see some downsides though --
> if the client querying the dnsbl is on a very different address than
> the service, or if proxying dns queries (or passing recursive queries)
> is commonplace. I suspect a few 'no, that wouldn't work' responses should
> be sufficient to discard this paragraph. :)

It would also be computationally hard :)

matto

--matt at snark.net------------------------------------------<darwin><
   Moral indignation is a technique to endow the idiot with dignity.
                                                 - Marshall McLuhan

More information about the tor-talk mailing list