----- Message from Simon Wilson <si...@simonandkate.net> ---------
Date: Fri, 09 Sep 2022 17:26:09 +1000
From: Simon Wilson <si...@simonandkate.net>
Reply-To: si...@simonandkate.net
Subject: Postfix.org website
To: Postfix users <postfix-users@postfix.org>
Yet I cannot open www.postfix.org (either over
http://www.postfix.org or https://www.postfix.org) - both just
timeout.
----- End message from Simon Wilson <si...@simonandkate.net> -----
Cause found, replying here for posterity.
The postfix website is hosted on an IP which is also a Tor network node.
My Unifi router (UDM Pro) has IDS/IPS enabled, and the standard
signature set and categories block Tor nodes. Exception added, website
now accessible.
Noting that whilst some may consider that block excessive, it does
appear that some 'authorities', including at least the Australian
government's cyber security department, Fortinet, and others,
recommend these IPs are blocked.
E.g. "The Australian Cyber Security Centre (ACSC) recommends
organisations block traffic from Tor exit nodes to their
internet-exposed services provided this will not meaningfully impact
accessibility for significant numbers of legitimate users"
https://www.cyber.gov.au/acsc/view-all-content/publications/defending-against-malicious-use-tor-network
I don't know enough about the real or imagined threat presented... but
I'm thinking i'm not going to be the only one with these nodes blocked.
Others with IPS on standard block lists may wish to check theirs.
Simon
--
Simon Wilson
M: 0400 12 11 16
