Ports 465/587 in exit policy (was Re: Update to default exit policy)

John Brooks aspecialj at gmail.com
Thu Sep 4 06:51:14 UTC 2008 

But it is worth noting that ISPs often are very unfriendly to spam. I've
received several abuse notifications from my dedi's ISP due to tor exit
traffic, all of it because of outgoing spam using insecure webmail services
(where my node's IP shows up in the headers as originating IP). I imagine
they'd take direct spam (from you to a mailserver) much more seriously, so
it could create more problems for node operators if their nodes are involved
in that so directly. I would say that is reason enough to not open port 25
by default, and likewise with 465/587 *IF* they are commonly unsecured.
Running an exit node is difficult enough already without having the ISP all
over you for being a spammer :P

It's an interesting balancing act, but might be worth trying for the uses it
does have. The other option would be for operators to explicitly allow these
ports to gmail IPs, but there might be quite a few of those, and it wouldn't
take care of other providers.

- John Brooks

On Wed, Sep 3, 2008 at 10:36 PM, Roger Dingledine <arma at mit.edu> wrote:

> On Sun, Aug 31, 2008 at 04:32:29PM +0100, Dawney Smith wrote:
> > Dawney Smith wrote:
> >
> > >> I know this has been discussed before, but I thought I'd bring it up
> > >> again. The following rules are in the default exit policy and I can't
> > >> see any reason why they would be:
> > >>
> > >> reject *:465
> > >> reject *:587
> >
> > So is there going to be a change to the default Exit Policy?
> >
> > Dawn
>
> Hi Dawn,
>
> Thanks for sticking with this. I'm probably the closest person there is
> for changing the default exit policy. I confess I still haven't worked
> my way through all the off-topic garbage on or-talk from a few weeks ago.
>
> Unfortunately, I'm not up on all the different ways that people screw up
> configuring their mail services these days. Back in 2005 when we first
> added 465 and 587 to the exit policies:
> http://archives.seul.org/or/cvs/Sep-2005/msg00090.html
> we did it because people showed up and explained that many sites were
> running services on those ports that were basically equivalent to what
> they run on port 25.
>
> It sounds like nobody has any objections to opening these ports back up.
> And it sounds like it could help those folks using gmail, etc.
>
> So I am inclined to do it.
>
> We can do it in the 0.2.1.x development series, and that way it'll be
> pretty easy to change our minds if anything comes up.
>
> (Ultimately, I don't think it should even be necessary to reject port
> 25 by default. The spammers are doing great on the Internet already,
> and Tor is tremendously inefficient compared to the spamming engines
> they use now. But these economic arguments are too subtle when used on a
> really really angry person, so we've preferred the simpler "Tor doesn't
> allow that" approach so far.)
>
> Thanks,
> --Roger
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080904/69eaf84c/attachment.htm>

More information about the tor-talk mailing list