On 2/17/20 2:35 AM, Benoit Panizzon via mailop wrote:
Now I got into discussion with the operator of several TOR exit nodes. He claims that his ISP threatened to disconnect his TOR servers because they were subject to a couple of abuse complaints from our spamtraps.
It sound to me like /he/ has made a choice to allow email through /his/ ToR Exit Node and now needs to deal with the ramifications of /his/ choice. As I see it, /he/ can make the same choice again, or /he/ an make a different choice and block email.
I'm not saying that it's a good, much less pleasant, choice. But it is /his/ choice to make.
My opinion is that /he/ should make that choice /independently/ of what other people on the Internet do.
As he has no way to block the abusers on the TOR network, without completely blocking any ports involved in email abuse which would render using email sending over TOR unusable if all TOR exit node operators would block those ports.
That is /his/ choice. Emphasis on /his/, as in /he/ needs to make it. /He/ should not depend on anyone else to decide for /him/.
I told him to sort this out with his ISP and that his ISP would for sure understand, that he is not himself be the origin of this abuse.
I agree with this.
He told me that his ISP did not care what service he operates and for them, only the count of complaints is the criteria to get disconnected.
That is /their/ choice. /He/ has no influence in how /they/ operate /their/ business. /He/ can choose to not do business with /them/. Or, perhaps /they/ will make that choice for /him/.
So he suggests I use public available TOR exist node lists, to block them from accessing the spamtraps.
My knee jerk reaction is /why/ do /you/ need to alter how /you/ run /your/ services because of something that /he/ did / does?
/You/ may pontificate this issue and decide independently that /you/ want to block access to (part of) /your/ email infrastructure from ToR Exit Nodes (et al.). But that is /your/ choice and /you/ should make it independent of this particular ToR Exit Node operator.
I understand his claim.
In my (not so) humble opinion, the validity of his claim has, and should have, little to no influence on how an administrator chooses to operate /their/ network.
But I also see a benefit from our blacklists to list abused TOR exit nodes.
Indeed.
So what are your opinions about this?
I think that /he/ needs to make a choice.I suspect that /his/ ISP has already made a choice and it's a simple counting game before /they/ act on /their/ choice.
I think that /you/ need to make a choice. Each of your choices are different, but do interact with each other.
How do other spamtrap / honeypot operators deal with TOR exit nodes?
I can't / won't speak for others. I don't find ToR to be that much of an annoyance. So I allow it for now. If the annoyance level goes high enough, I'll likely block them. I might start with specific services. I might block them wholesale. I might even block the IPs at the edge of my network. That's /my/ choice.
Everybody has their own choice to make. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
