SORBS vs Tor and the world
Mike Cardwell
tor at lists.grepular.com
Mon Jan 7 23:06:32 UTC 2008
Nick Mathewson wrote:
> On the other hand, if your only goal is to block anonymous SMTP, and
> you agree that blocking all Tor servers is very overreaching, you
> might instead try looking at the more targetted DNSEL service
> available at
> http://exitlist.torproject.org/
> It lets you block _exactly_ those servers that relay traffic on given
> ports to your address. For a more thorough rationale, and a fairly
> detailed spec of how to make a compatible implementation, see
> https://www.torproject.org/svn/trunk/doc/contrib/torel-design.txt
For reference, one might use this list in an ACL chunk in Exim4 as follows:
deny dnslists =
$interface_port.${sg{$interface_address}{\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}{\$4.\$3.\$2.\$1}}.ip-port.exitlist.torproject.org=127.0.0.2
message = $sender_host_address is running a Tor exit node that
exits to $interface_address:$interface_port
Mike
More information about the tor-talk
mailing list