Re: [tor-relays] BitTorrent complaint

2013-04-13 Thread Moritz Bartl 
On 13.04.2013 09:05, Jorge-Leon wrote:
 1) Allow everything (except port 25, which is reasonable to block)
 2) If you don't want the DMCA spam notices, use the reduced exit policy.
 Please expand on except port 25, which is reasonable to block, or
 point me to an explanation.

In short: We had port 25 (SMTP) open for a while, which results in a lot
of spam directly sent to mailservers across the globe, which then
immediately will get your IP blacklisted at a lot of DNSBLs. Many ISPs
don't like their own ranges to contain blacklisted IPs, because that
results in lower overall reputation scores, and sometimes
blacklistings are extended to a whole range of IPs, which then affects
other customers.

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BitTorrent complaint

2013-04-13 Thread Matt Joyce 
On 12/04/13 22:54, Moritz Bartl wrote:
 On 12.04.2013 19:16, Matt Joyce wrote:
 It would help a lot if we used versioning and stopped sending almost
 unchanged data constantly and instead only providing the changes 
 I doubt that this is easy to do in a privacy-preserving way. You don't
 want to be able to discriminate relays based on what diffs/what amount
 of data they pull, right?

That could be a valid point I hadn't considered that but yes in theory
if a node used only one dir mirror or a collection of dir mirrors that
all co-operated you could gain profiling info based on which version
they claim to have etc.



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BitTorrent complaint

2013-04-13 Thread Matt Joyce 
On 13/04/13 11:49, Moritz Bartl wrote:
 On 13.04.2013 09:05, Jorge-Leon wrote:
 1) Allow everything (except port 25, which is reasonable to block)
 2) If you don't want the DMCA spam notices, use the reduced exit policy.
 Please expand on except port 25, which is reasonable to block, or
 point me to an explanation.
 In short: We had port 25 (SMTP) open for a while, which results in a lot
 of spam directly sent to mailservers across the globe, which then
 immediately will get your IP blacklisted at a lot of DNSBLs. Many ISPs
 don't like their own ranges to contain blacklisted IPs, because that
 results in lower overall reputation scores, and sometimes
 blacklistings are extended to a whole range of IPs, which then affects
 other customers.

Also in addition to the above it's fairly few providers that only accept
on 25 and it's rarely the recommended setup.  Most end user facing Mail
Transfer Agents (MTA's) servers intending to receive mail from Mail User
Agents (MUA's ie Thunderbird, Outlook Express whatever) will accept
SMTPS on 465 or Submission usually with TLS on 587 which also have other
advantages SMTPS is encrypted and Submission and both are usually
authenticated in fact submission is specified as such so you can't
generally dump direct mail into either unless you are a legitimate user
of a valid email account carried by that server.

Thus when considering the two together:
1. The level of abuse of port 25 is incredibly large spam is pretty much
the single most common abuse issue on the Internet.
2. Alternative options exist that are more secure.

For me that makes the port 25 block reasonable.



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays