Totally your call, but there is a LOT of AUTH abuse going on. If folks are mad that their TOR nodes are getting reported for abuse, well… thems the breaks.
I get it, TOR is useful and there are legitimate reasons to use TOR. Probing ports and attempting to crack passwords is not what I consider legitimate. If the network owners react to that by saying their customers can’t run TOR output nodes, well, those are the consequences. Might it be worth talking to the TOR folks to see if they have some insight into how to minimize the actual abuse? Certainly they’re not going to want output nodes shut down or ports 587 and 465 completely. They need to stop the bad traffic in order to allow the good uses. laura > On 20 Feb 2020, at 10:02, Benoit Panizzon via mailop <mailop@mailop.org> > wrote: > > Hi > > Just a clarification on the issue, as we just got a 2nd similar > complaint from another Tor Exit node operator (obviously same attacker > being routed through another exit, guessing from the involved email > addresses). > > The Spamtrap / HoneyPot in question not only listens to port 25 but also > listens on port 465 (smtps) and 587 (submission). > > If an attacker is doing some dictionary attack on this to check for > valid passwords (every authentication attempt is accepted) or attempts > to relay spam mails (every relay attempt is answered with 200 OK) he > is being blacklisted and an ARF reports is sent to the abuse contact of > the submitting IP range. > > This is what causes those reports, not emails received on port 25. > > But I guess, just silently blacklisting Tor exist nodes and not sending > a ARF report to the ISP could be an option to solve that issue. > > Mit freundlichen Grüssen > > -Benoît Panizzon- > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > ______________________________________________________ > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
