On Wed, 20 Aug 2008 11:34:41 +0100 Dawney Smith <[EMAIL PROTECTED]> wrote: >7v5w7go9ub0o wrote: > >>> There is a clear misunderstanding of the issue at hand by many people >>> here. The exit policy was put in place to prevent connections between >>> Tor users and the last hop (the end MX server), *not* to prevent >>> connections between Tor users and SMTP relays, which is what everybody >>> keeps repeating. >>> >>> There is no problem with a Tor user connecting to an SMTP relay and >>> sending email. If they can do it using Tor, they can do it without using >>> Tor, faster. In those cases, it is the administrator of the SMTP relay >>> that is responsible to stop spam. >>> >>> Just to repeat the problem. It is Tor users connecting to the >>> destination MX server that is the problem. Mail relay, not mail >>> submission. >>> >>> Ports 465 and 587 are mail submission ports. Port 25 is for both >>> submission *and* relay.
Port 587 is a mail submission port. I'm not so sure about 465, though. A comment that I had left for myself in my torrc prompted me to check it out again to refresh my memory. The lines pertaining to it in my /etc/services say, #smtps 465/tcp #smtp protocol over TLS/SSL (was ssmtp) #smtps 465/udp #smtp protocol over TLS/SSL (was ssmtp) urd 465/tcp # URL Rendezvous Directory for SSM So I went back and dug it out (http://www.iana.org/assignments/port-numbers) again: urd 465/tcp URL Rendesvous Directory for SSM igmpv3lite 465/udp IGMP over UDP for SSM >>> >>> I have a *lot* of experience with email administration on a very large >>> scale, I know what I'm talking about. Must be interesting. I don't think I ever had to handle more than somewhere between 20,000 and 30,000 users, so it was fairly simple most of the time. And, I mustn't omit, there was a very dedicated secretary down the hall who dealt with things like forgotten passwords in between all her regular duties. :-) >> >> Thanks for pursuing this! > >No problem. Hopefully the relevant people are taking note. Who exactly >is responsible for setting the default exit policy, and what is their >opinion on this matter? > >> 1. Your arguments make good technical sense. >> >> 2. In fact, many endpoints have already enabled those ports without >> experiencing problems. > >Only a couple of dozen though unfortunately. If you ignore German and US >exit nodes, I can only see 4 at the moment that will let me exit on port >465. Well, my server has had 465 open for a long time, but it is one of the ones in the U.S. that you excluded above. I don't know offhand whether an exit to 65 has ever been used on my server, but I've gotten no complaints about it to date, so I don't currently see it as a problem. I do keep 25 closed and basically for the same reason that I keep 6668-6999 closed. > >> 3. Many of us routinely handle our ssl email accounts via TOR, and your >> proposal (open them by default) would help spread the load, as well as >> reasonably expanding the default functionality of TOR. >> >> Thanks Again! >> >> (p.s. this post is being sent via ssl GMAIL, which will include the >> "posting host" when using smtps. My posting host will be a TOR exit node >> :-) ) > >Ditto. > Fortunately for me, I don't need to do that at present, but given the way of the world, I figure I probably will sooner or later. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************