Thanks. Funny that my long time restricted IPv4 port 80 exit was noticed just now giving the bad exit tag. I suspect the hour one of my server was quarantined by my ISP may have precipitated the system to look hard.
As for my single /8 for port 80, for reason not clear to me, having many ports open including 443 open to all, IPV6 open on port 80 to all, while restricting IPV4 to a single /8 stops all abuse complaints. I have been free of abuse complaints and copyright claims for two years now. I tried to offer more IPv4 /8 ranges but abuses notices soon popped up, as if traffic is being en-route by some agencies. The free-text nature of port 80 meant contents read too easily, and IPV6 still not used enough... yet. Gerry -----Original Message----- From: tor-relays <tor-relays-boun...@lists.torproject.org> On Behalf Of Georg Koppen Sent: 27 March 2020 12:40 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] BadExit teor: > Hi, > >> On 27 Mar 2020, at 02:00, niftybunny <abuse-cont...@to-surf-and-protect.net> >> wrote: >> >> My bad. Never seen this before. I there a good reason for the accept >> 133.0.0.0/8:80 ? >> >>> On 26. Mar 2020, at 15:06, ger...@bulger.co.uk wrote: >>> >>> "btw, you need to have at least port 80 and 443 … port 80 is missing …" >>> >>> It there. But to a /8 area IPV4, all IPv6 >>> >>> I have not changed my exit policy for years. Port 80 is there, just >>> limited to a /8 network and all IPv6 addresses port 80 allowed. >>> 443 all there IPv4 and IPv6 >>> >>> Testing seems to be exiting OK, but badexit tag still there. > > The Exit flag only request one IPv4 /8 : > https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2628 > > But if the network health team is testing a different IPv4 /8, then > your relay might appear down. Yep, I think that's what happened. I'll get the badexit flag removed from both of your relays and think about ways for improving our tests. Sorry for the inconvenience. (FWIW: I sent an email to the address you put into your ContactInfo. I heard that mails for Tor Project addresses repeatedly land in spam folders. Maybe that happened this time, too.) > (If the DNS for the site they are testing has both IPv4 and IPv6, then > the outcome will depend on their tor version and config. 0.4.3 and > later will prefer IPv6 by default.) Not sure what Arthur is running but I am just using what Debian ships on the box I run the tests, which is currently 0.3.5.8. I guess it might be worth thinking about switching away from that. Maybe tracking and using the version Tor Browser ships is smarter? Georg _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays