[tor-relays] exit node experience: abuse over HTTP, stealrat infection
Toralf Förster
toralf.foerster at gmx.de
Sun Oct 19 14:14:47 UTC 2014
On 10/19/2014 01:24 PM, Kees Goossens wrote:
> Lesson (for me at least): since HTTP was used, even a very reduced exit
> policy is does not make one immune to abuse problems.
> At this point I reverted back to being a non-exit relay, as I have no
> interest in having to deal with this.
>
Well, no need to give up - I made similar experiences with the reduced exit policy. Even then my provider's inbox was hammered with DMCA mails.
But what worked (for me) is a further reduced policy containing ports below 1024 + few above. Said that this works for me till now:
# un-comment the next line to disallow exits
#
#ExitPolicy reject *:*
# abuse mails
#
ExitPolicy reject 217.112.0.0/16:* # AbuseID:11F39E:22 7th October 2014
# allowed exits
#
ExitPolicy accept *:43 # whois
ExitPolicy accept *:53 # dns
ExitPolicy accept *:80 # http
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:110 # pop3
ExitPolicy accept *:143 # imap
ExitPolicy accept *:194 # irc
ExitPolicy accept *:220 # imap3
ExitPolicy accept *:389 # ldap
ExitPolicy accept *:443 # http ssl
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:543-544 # kerberos
ExitPolicy accept *:531 # irc/aim
ExitPolicy accept *:563 # nntp ssl
ExitPolicy accept *:636 # ldap ssl
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:993 # imap ssl
ExitPolicy accept *:994 # irc ssl
ExitPolicy accept *:995 # pop3 ssl
ExitPolicy accept *:6660-6669 # irc
ExitPolicy accept *:6679 # irc ssl
ExitPolicy accept *:6697 # irc ssl
ExitPolicy accept *:11371 # OpenPGP hkp
# reject everyting else
#
ExitPolicy reject *:*
--
Toralf
pgp key: 0076 E94E
More information about the tor-relays
mailing list