[tor-relays] German company Webtropia: Terminated contract without notice because of abuse
Hi all, I've been running two exit relays, [1] and [2], at the German company Webtropia [3] for the past two weeks. Things went quite nice and smoothly, the speed of the server was decent and the network great, pushing quite some terabyte. Before renting the server, I told them what I wanted to do, if the would forward abuse etc. They said there were fine with this and forwarding would be no problem, given that I would deal with such mails in a timely manner. So I decided to rent the server, maybe naive? Yesterday (29th) they stopped routing/switching traffic to the server, so it wasn't accessible anymore. They sent me a mail, the subject read termination without notice, claiming they did this because I didn't pay the invoice. I replied that I doubt this and sent them the transaction details. Their reply claimed that my contract wasn't quited because of this, but instead of abuse: They wrote that they got 52 mails the day before (28th) dealing with phishing mails, bittorent downloads, ddos, etc. I told them once again that this server is housing tor exit nodes, and I'm not responsible for the traffic. However, I asked if we could find an agreement and meet in the middle: Closing some ports (25 for example) and forward the mails to me, so I would take care of these and they could lie back and think not our department (actually as spoken about beforehand). Sadly there wasn't any negotiation possible, the denied me (up until now at least) even a refund of the money I already paid (is this legal?). Just to inform you about this. Stay away of them - they don't keep their words. Cheers, uf [1] https://globe.torproject.org/#/relay/94CB5C820BF97391BFDCAF8DD1B3176A452E8FB2 [2] https://globe.torproject.org/#/relay/55A463CAB24AFB91073C6D6D7CC6CA741A1430E2 [3] https://www.webtropia.com/en/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] German company Webtropia: Terminated contract without notice because of abuse
You somewhat made a mistake here - you've got to have an exit policy that (minimally) rejects ports 25 and 465, or else your relay becomes a giant abuse tool for spammers, scammers, and phishers instead of what you intended it to be (which was a standard-functioning Tor relay). You might try telling your ISP that you made a mistake in your configuration which allowed spam email to go out, and you're willing to correct that error and move forward. ExitPolicy reject *:25 ExitPolicy reject *:465 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay not on Atlas or Globe?
Its there... https://atlas.torproject.org/#details/527ACFA6E729CF1CF3203444BA7E5E6CA6CE7F89 On 07/29/2014 07:58 PM, Michael Patton wrote: Hello all, I have started a new exit relay recently (NetFreedomTest3 - 527ACFA6E729CF1CF3203444BA7E5E6CA6CE7F89) and it has been up over 5 days now. It has started seeing some decent traffic lately too. However I can't find the relay in Atlas or Globe? Any ideas? M. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay not on Atlas or Globe?
Yes is there now. Very strange. I restarted it today because of a Tor update and a few hours later it was fine. M. On 30/07/2014 9:48 pm, Neuman1812 neuman1...@gmail.com wrote: Its there... https://atlas.torproject.org/#details/527ACFA6E729CF1CF3203444BA7E5E6CA6CE7F89 On 07/29/2014 07:58 PM, Michael Patton wrote: Hello all, I have started a new exit relay recently (NetFreedomTest3 - 527ACFA6E729CF1CF3203444BA7E5E6CA6CE7F89) and it has been up over 5 days now. It has started seeing some decent traffic lately too. However I can't find the relay in Atlas or Globe? Any ideas? M. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] German company Webtropia: Terminated contract without notice because of abuse
On 14-07-30 05:11 AM, t...@t-3.net wrote: You somewhat made a mistake here - you've got to have an exit policy that (minimally) rejects ports 25 and 465, or else your relay becomes a giant abuse tool for spammers, scammers, and phishers instead of what you intended it to be (which was a standard-functioning Tor relay). You might try telling your ISP that you made a mistake in your configuration which allowed spam email to go out, and you're willing to correct that error and move forward. ExitPolicy reject *:25 ExitPolicy reject *:465 Most SMTP servers i have seen listening on port 465 and 587 require authentication, so it shouldnt be necessary to block those ports. Can anyone name some that dont need authentication to send email? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] German company Webtropia: Terminated contract without notice because of abuse
t...@t-3.net: You somewhat made a mistake here - you've got to have an exit policy that (minimally) rejects ports 25 and 465, or else your relay becomes a giant abuse tool for spammers, scammers, and phishers instead of what you intended it to be (which was a standard-functioning Tor relay). Please don't blame the victim. If this ISP acted differently than what they initially promised, then they are the problem. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] German company Webtropia: Terminated contract without notice because of abuse
IMO, even relaying SMTP-like for the email which typically requires auth first isn't a great idea if there is any concern about an upstream getting abuse complaints about a relay (such as a leased box). A frequent way that spammers get their garbage out these days is to compromise a user account, I say this as a mail server admin who has to deal with the mess regularly. Oftentimes they guess the PW via dictionary attacks, but sometimes they keylog the user's box to get the email login. If the spammer has compromised an account and is forced to use webmail to dump the spam instead of an SMTP-like means, your relay doesn't show up in the email headers in the same way and may even be obfuscated. The differences are good things if you want to minimize abuse complaints of this sort. Also the SMTP-like sending seems to get more spam out the door faster than something which must use webmail instead. On 07/30/2014 03:08 PM, krishna e bera wrote: On 14-07-30 05:11 AM, t...@t-3.net wrote: You somewhat made a mistake here - you've got to have an exit policy that (minimally) rejects ports 25 and 465, or else your relay becomes a giant abuse tool for spammers, scammers, and phishers instead of what you intended it to be (which was a standard-functioning Tor relay). You might try telling your ISP that you made a mistake in your configuration which allowed spam email to go out, and you're willing to correct that error and move forward. ExitPolicy reject *:25 ExitPolicy reject *:465 Most SMTP servers i have seen listening on port 465 and 587 require authentication, so it shouldnt be necessary to block those ports. Can anyone name some that dont need authentication to send email? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] German company Webtropia: Terminated contract without notice because of abuse
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/30/2014 10:34 AM, u...@riseup.net wrote: Hi all, I've been running two exit relays, [1] and [2], at the German company Webtropia [3] for the past two weeks. Things went quite nice and smoothly, the speed of the server was decent and the network great, pushing quite some terabyte. Before renting the server, I told them what I wanted to do, if the would forward abuse etc. They said there were fine with this and forwarding would be no problem, given that I would deal with such mails in a timely manner. So I decided to rent the server, maybe naive? Yesterday (29th) they stopped routing/switching traffic to the server, so it wasn't accessible anymore. They sent me a mail, the subject read termination without notice, claiming they did this because I didn't pay the invoice. I replied that I doubt this and sent them the transaction details. Their reply claimed that my contract wasn't quited because of this, but instead of abuse: They wrote that they got 52 mails the day before (28th) dealing with phishing mails, bittorent downloads, ddos, etc. I told them once again that this server is housing tor exit nodes, and I'm not responsible for the traffic. However, I asked if we could find an agreement and meet in the middle: Closing some ports (25 for example) and forward the mails to me, so I would take care of these and they could lie back and think not our department (actually as spoken about beforehand). Sadly there wasn't any negotiation possible, the denied me (up until now at least) even a refund of the money I already paid (is this legal?). Just to inform you about this. Stay away of them - they don't keep their words. Cheers, uf [1] https://globe.torproject.org/#/relay/94CB5C820BF97391BFDCAF8DD1B3176A452E8FB2 [2] https://globe.torproject.org/#/relay/55A463CAB24AFB91073C6D6D7CC6CA741A1430E2 [3] https://www.webtropia.com/en/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays uf I had the same problem with other ISP. Required me to register my own /24 subnet (256 ip addresses) RIPE allocated if i wanted to continue running exits in their network. Currently working on this.Choose a different provider if you wish to continue running exits. need recommendations? - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJT2PhIAAoJEIN/pSyBJlsRGC8IAM6YObPduacoNR3ZwLsjLowr HDvEZQvNcf/46ikEoxq7F+x7b1Ur55iY4jTTMjIDiXnhZyifVpk5fJiiKZdSB6Zi m8YwE7JjHBj8T8eVCkZ5dK6o9v/w1DUFxGBo5YhR4iKM0nymoDkZ1ley9Lqd/2O1 fgVNOaZdfMRySMoGvP6vF32ntlmZbgI/quJVXeP9ZQZ4Lx97JcAH9x7a2ceC/lDH x6yFux5mW601HiM5B92iHAjzkCDKAKl8iQ/cG1omxPyB5/znnDiGkFsyt0BUgzsH xShKhFdv49e/uP4N6Y7yztQhRIzK9tU0kxCVFi+EhDjP5CUbyfbt+RG7lCZDSWQ= =6u8T -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] German company Webtropia: Terminated contract without notice because of abuse
Let's not confuse two things, here. The customer wanting to host a Tor exit relay is a different service request than wanting to run a wide-open SMTP relay. No reputable ISP would agree to host an open SMTP relay and I'm sure this one did not knowingly do so. It would be unfortunate for ISPs to come under the incorrect impression that hosting Tor is equal to hosting open SMTP. ISPs which might have been Tor-friendly at the outset would do a 180 and unnecessarily adopt a No-Tor service policy. On 07/30/2014 03:39 PM, Lunar wrote: t...@t-3.net: You somewhat made a mistake here - you've got to have an exit policy that (minimally) rejects ports 25 and 465, or else your relay becomes a giant abuse tool for spammers, scammers, and phishers instead of what you intended it to be (which was a standard-functioning Tor relay). Please don't blame the victim. If this ISP acted differently than what they initially promised, then they are the problem. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] 0.2.4.23 availability on trusty armhf?
I am running a pretty active relay, using Ubuntu Trusty on armhf. I see 0.2.4.23 for Intel architecture in the repositories, but not on Trusty/armhf. Didn't know if this was an oversight, or if it's still coming down the pipe. Thanks, Trash80 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 0.2.4.23 availability on trusty armhf?
On Wed, 30 Jul 2014, trash eighty wrote: I am running a pretty active relay, using Ubuntu Trusty on armhf. I see 0.2.4.23 for Intel architecture in the repositories, but not on Trusty/armhf. Didn't know if this was an oversight, or if it's still coming down the pipe. Still building... https://xkcd.com/303/ -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `-http://www.debian.org/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Finding relay Sybils / Groups [re: relay_early/blackhat]
As a project then to production development, someone should go back through the entire history of descriptors and look for groups coming online... dates, IP's, contacts, tor/OS versions, nicknames, ISP's, geoip, numbers coming online over sliding timeframes, correlation to 'news events', etc. There may be more questionable relays to be found. We were talking about such influxes around july 4 09, ironically, or not. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] German company Webtropia: Terminated contract without notice because of abuse
At this point the isp is clearly the victim! This guy doesn't have his own ips and ipv4 is rare, so risking a complete ip range to get on blacklists will be unacceptable for any company. I can fully understand them, because dealing with spamhaus mafia is a nightmare. Lets hope they wont getting tor unfriendly because of this, i run there exits for 2 years on some vps's without a problem and i hope they don't start killing them now Am 30.07.2014 14:39 schrieb Lunar lu...@torproject.org: t...@t-3.net: You somewhat made a mistake here - you've got to have an exit policy that (minimally) rejects ports 25 and 465, or else your relay becomes a giant abuse tool for spammers, scammers, and phishers instead of what you intended it to be (which was a standard-functioning Tor relay). Please don't blame the victim. If this ISP acted differently than what they initially promised, then they are the problem. -- Lunar lu...@torproject.org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-talk] Finding relay Sybils / Groups [re: relay_early/blackhat]
Hi grarpamp. Actually we do have a rudimentary Sybil checker and it *did* pick up on those relays back in January... https://lists.torproject.org/pipermail/tor-consensus-health/2014-January/003954.html We had some internal discussions about them but the thread lost momentum before they were flagged. This is a large part of the motivation for why Philipp and I are taking over responsibility for this... https://blog.torproject.org/blog/how-report-bad-relays https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays Previously it wasn't truly maintained by anyone so bad relay reports got dropped on the floor. Cheers! -Damian On Wed, Jul 30, 2014 at 11:10 AM, grarpamp grarp...@gmail.com wrote: As a project then to production development, someone should go back through the entire history of descriptors and look for groups coming online... dates, IP's, contacts, tor/OS versions, nicknames, ISP's, geoip, numbers coming online over sliding timeframes, correlation to 'news events', etc. There may be more questionable relays to be found. We were talking about such influxes around july 4 09, ironically, or not. -- tor-talk mailing list - tor-t...@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] how sensitive is relay 'state' file?
Can anyone comment on how sensitive the information in the relay 'state' is? In particular, if entry guards are recorded in the file should one be concerned about protecting the file via a) encrypting the file system where it resides b) making a point of not backing up the file I suppose it comes down to how likely it is that an adversary can use entry guard information for correlation attacks against past and present tor-client traffic originating from a targeted client-relay. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays