Hello all, I bundle the reply to all three helpful replies in this email. Basically the replies confirm my assumptions, I was wondering if there is single malconfiguration on my end or if the problem is a little more complex. I will watch the abuse complaints and if there will be more about spam I will see what I can do.
This abuse ticket was part of a bundle of complaints (many abuse complaints), most of them SSH bruteforce and WordPress "hacking" attempts. So I relied with my standard reply as I always do, it is generic and explains that the server is a Tor exit and I offer to block their ip in the email. Not sure what my provider does with that reply, but I never hear back from any people. Thanks again for the help. Regards yl Replies, just for reference: 1. On 4/2/19 11:24 PM, Ralph Seichter wrote:> * ylms: > >> smtp:>>smtp.efg.es,587,[email protected],123456>> >> [...] >> ExitPolicy accept *:587 > > You allow TCP port 587 (submission). That should not be a problem unless > the targeted server fails to enforce authentication for all email > submitted via this port. If that is the case, it is a configuration > error on the destination server. > > -Ralph 2. On 4/2/19 11:19 PM, nusenu wrote:> >> My question, what did I miss in in the exit policy, I have used the >> following in the torrc. Maybe I did not miss anything at all. Thanks for >> helping me to understand how the spammer could use the the exit for >> spamming. > > Emails and spam can be send via for example: > - webmail (frequently port 80/443) > - 465/587 > > (not just port 25) > > 3. On 4/2/19 11:08 PM, Nathaniel Suchy wrote:> Someone likely abused a webmail provider. Respond to them that SMTP isn’t available from your exit and they’ll have to contact the email service provider directly. > > Cordially, > Nathaniel Suchy On 4/2/19 11:04 PM, ylms wrote: > Hello fellow Tor-Exit operators, > > today I got the following Abuse message: > > //Start > > [ SpamCop V5.0.0 ] > This message is brief for your comfort. Please use links below for details. > > Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 +0000 > https://www.spamcop.net/w3m?i=.....(removed) > 5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html > > [ Offending message ] > Return-Path: <[email protected]> > X-Original-To: [email protected] > Delivered-To: [email protected] > Received: from 31.184.255.247 (unknown [5.199.130.188]) > by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj > for <[email protected]>; Tue, 19 Mar 2019 12:20:30 +0000 > Message-ID: <[email protected]> > From: <[email protected]> > To: <[email protected]> > Subject: smtp:>>smtp.efg.es,587,[email protected],123456>> > Date: Tue, 19 Mar 2019 13:20:18 +0100 > MIME-Version: 1.0 > Content-Type: text/plain; > charset="windows-1251"; > Content-Transfer-Encoding: 7bit > > smtp:>>smtp.efg.es,587,[email protected],123456>> > > veblcshgtpwfdonxkebdghrwf > pboqjycmmdslmliomafclayaheiuft > uybveafdbnsuydqvbgyukf > zsszifpadkpaufibjosuk > > //End > > I wasn't sure what to remove from the abuse message so I removed all the > domains to protect the owners of these hosts/addresses, I hope I didn't > miss any. > > My question, what did I miss in in the exit policy, I have used the > following in the torrc. Maybe I did not miss anything at all. Thanks for > helping me to understand how the spammer could use the the exit for > spamming. > > I assume with the reduced exit policy spammers should not be enabled to > use the exit. > > // torrc > # Reduced Exit policy according to: > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy > ExitPolicy accept *:20-21 # FTP > ExitPolicy accept *:22 # SSH > ExitPolicy accept *:23 # Telnet > ExitPolicy accept *:43 # WHOIS > ExitPolicy accept *:53 # DNS > ExitPolicy accept *:79 # finger > ExitPolicy accept *:80-81 # HTTP > ExitPolicy accept *:88 # kerberos > ExitPolicy accept *:110 # POP3 > ExitPolicy accept *:143 # IMAP > ExitPolicy accept *:194 # IRC > ExitPolicy accept *:220 # IMAP3 > ExitPolicy accept *:389 # LDAP > ExitPolicy accept *:443 # HTTPS > ExitPolicy accept *:464 # kpasswd > ExitPolicy accept *:465 # URD for SSM (more often: an alternative > SUBMISSION port, see 587) > ExitPolicy accept *:531 # IRC/AIM > ExitPolicy accept *:543-544 # Kerberos > ExitPolicy accept *:554 # RTSP > ExitPolicy accept *:563 # NNTP over SSL > ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's > like Thunderbird] send mail over STARTTLS SMTP here) > ExitPolicy accept *:636 # LDAP over SSL > ExitPolicy accept *:706 # SILC > ExitPolicy accept *:749 # kerberos > ExitPolicy accept *:853 # DNS over TLS > ExitPolicy accept *:873 # rsync > ExitPolicy accept *:902-904 # VMware > ExitPolicy accept *:981 # Remote HTTPS management for firewall > ExitPolicy accept *:989-990 # FTP over SSL > ExitPolicy accept *:991 # Netnews Administration System > ExitPolicy accept *:992 # TELNETS > ExitPolicy accept *:993 # IMAP over SSL > ExitPolicy accept *:994 # IRCS > ExitPolicy accept *:995 # POP3 over SSL > ExitPolicy accept *:1194 # OpenVPN > ExitPolicy accept *:1220 # QT Server Admin > ExitPolicy accept *:1293 # PKT-KRB-IPSec > ExitPolicy accept *:1500 # VLSI License Manager > ExitPolicy accept *:1533 # Sametime > ExitPolicy accept *:1677 # GroupWise > ExitPolicy accept *:1723 # PPTP > ExitPolicy accept *:1755 # RTSP > ExitPolicy accept *:1863 # MSNP > ExitPolicy accept *:2082 # Infowave Mobility Server > ExitPolicy accept *:2083 # Secure Radius Service (radsec) > ExitPolicy accept *:2086-2087 # GNUnet, ELI > ExitPolicy accept *:2095-2096 # NBX > ExitPolicy accept *:2102-2104 # Zephyr > ExitPolicy accept *:3128 # SQUID > ExitPolicy accept *:3389 # MS WBT > ExitPolicy accept *:3690 # SVN > ExitPolicy accept *:4321 # RWHOIS > ExitPolicy accept *:4643 # Virtuozzo > ExitPolicy accept *:5050 # MMCC > ExitPolicy accept *:5190 # ICQ > ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL > ExitPolicy accept *:5228 # Android Market > ExitPolicy accept *:5900 # VNC > ExitPolicy accept *:6660-6669 # IRC > ExitPolicy accept *:6679 # IRC SSL > ExitPolicy accept *:6697 # IRC SSL > ExitPolicy accept *:8000 # iRDMI > ExitPolicy accept *:8008 # HTTP alternate > ExitPolicy accept *:8074 # Gadu-Gadu > ExitPolicy accept *:8080 # HTTP Proxies > ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port > ExitPolicy accept *:64738 # Mumble > ExitPolicy reject *:* > > > > Regards > yl > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
