On Wed, Dec 26, 2018 at 06:36:52PM +0000, potlatch wrote: > One of my VPS providers has requested that I block exit output to ports 22, > 465 and 576. I have never received a request like this before even though I > have (now or in the past) operated almost 40 Tor exit relays in diverse > countries. The host making this request is understanding and the service > excellent. He sees these ports as generating the most abuse complaints. > Question: Is this a reasonable request and how much critical communications > would be booted if I block these ports. I think my alternative to blocking > as requested would be to close these accounts and find another host.
Port 22 is ssh, so turning it off would mean your relay won't be the exit point for helping people reach their ssh servers while protecting their communications metadata. Exiting to port 22 is a helpful thing to do, but web browsing is by far the most common activity over Tor (or at least it was last time we measured). Port 465 is for secure mail delivery, which probably doesn't work so well over Tor these days anyway. And I wonder what they meant by 576, and if it's a transcription error and they meant some other port (like 587). So, should you abandon them because they asked you to reject these extra ports? It depends on your situation and your alternatives. Answer #1: an exit that exits to 80 and 443 is still a very useful exit relay. So turning off those small lesser-used ports is fine and reasonable if it means you can keep running the main ports. See this tor-relays thread for a similar discussion: https://lists.torproject.org/pipermail/tor-relays/2018-December/thread.html#16736 Answer #2: if you want to use this event as a reason to explore other options, to figure out what other hosting places there are, how much they would cost, and how friendly they would be, it is a fine excuse for doing that. Who knows, you might even find a second great place and now you could be running two exits. :) Answer #3: it depends how many other relays are running at this particular VPS hoster. If it's a huge number, then it makes more sense to set out and find a place with fewer relays. If it's a tiny number, then the diversity that the network gets, from having your relay there, is a more important component. Hope that helps! And thanks for running exits. --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
