Re: [tor-relays] relay got suspended
Hello Paul, On 10/25/20 9:15 PM, Paul Geurts wrote: has any of you see this behauvior? I think there is no use in putting a Right, there is no point in doing that. Usually such DDoS last a few hours max. relay behind a ddos filter, or is there? In that case I'll just spin up another one. Not necessary in this case, just ask them when they remove the Null route and try if the relay is reachable again. If it happens frequently then you should revisit this problem. relay in question is this one, almost 7 months with no interuption what so ever, no indication in the (munin) monitoring for high or higher traffic... because the vps is suspended I don't have the latest syslog so I don't know for sure whether anything has shown up there, but I am quite sure that yesterday there were no abnormal logging entries on this server. For the next time you can try to setup SSH as a hidden service, then you can probably still connect to the relay by SSH via Tor, as they usually don't suspend the VPS but just don't route the incoming traffic. Outgoing traffic usually works, so the .onion SSH should work. Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] SSH
Hello again, if you setup Fail2ban or similar, please make sure it does not send out abuse emails, Fail2ban-Spam or similar is alot of work for Tor Exit operators. Regards yl On 9/21/20 11:19 AM, Андрей Гвоздев wrote: > Hello > I'm running a TOR relay, every time I SSH to my server I see a message > that there were thousands of failed login attempts > Do you see this message too? > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] SSH
On 9/21/20 11:19 AM, Андрей Гвоздев wrote: > I'm running a TOR relay, every time I SSH to my server I see a message > that there were thousands of failed login attempts > Do you see this message too? I think this is quite normal, for any server, if you do not run any service that blocks IPs after n failed login attempts. Always make sure to fix any zero days in your SSH service fast and use a safe authentication method (maybe key based). Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit stops after one year, then again after few days
Hello Roger On 5/1/20 12:15 AM, Roger Dingledine wrote: > My first question would be whether the relay has an IPv6 ORPort, because > maybe that address became unreachable. Thanks for this question. This was it it seems. Still I can't see any problem and am not able to find the reason, but this now seems to be out of tors scope. For now it is an IPv4 only Exit, better than nothing. 7 Anyone here who has an idea why Ubuntu with netplan suddenly refuses IPv6 connection, while internally a Ping6 to the servers IPv6 still works, please let me know your idea! Very thankful for any help. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help with torrc for Bridge
Hello Marco On 4/17/20 11:32 AM, li...@for-privacy.net wrote: > On 17.04.2020 11:05, i forget: >> On 17.04.2020 10:03, ylms wrote: >>> ORPort 443 >> + ORPort [YOUR:V6:IP]:443 So I should use ORPort twice, once for IPv4 and once for IPv6? What is the option "OutboundBindAddressOR" for? >> ## If you have multiple network interfaces, specify one for outgoing >> traffic to use. >> OutboundBindAddress IPv4 >> OutboundBindAddress [YOUR:IP:V6] OK, I will add that. What is the option "OutboundBindAddressOR" for? Should I use that too? >> >>> SocksPort 0 >>> BridgeRelay 1 >> ## uncomment if you don't want torproject.org to know your bridge >> #PublishServerDescriptor 0 no, I want the relay to be distributed by the various services that torprojects.org is offering. >> >>> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy >>> ServerTransportListenAddr obfs4 0.0.0.0:80 > ## The ServerTransportListenAddr line is dual stack friendly. > ServerTransportListenAddr obfs4 [::]:80 So I'll add another line for IPv6 here too. > >>> ExtORPort auto >>> >>> >>> CookieAuthentication 1 >>> ExitPolicy reject *:* >>> ExitPolicy reject6 *:* >>> ClientUseIPv6 1 >> Not used. For Clients. you're right, somehow I must have copied that over from somewhere. >>> >>> #%include /etc/tor/torrc_family >> ^^^Not needed for Tor Bridge OK. >>> //End of torrc > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Help with torrc for Bridge
Hello all I just set up a bridge and want to make sure I didn't forget anything. //the torrc I use Nickname FancyNick ContactInfo see https://example.com/torcontact/ ControlPort 9051 ORPort 443 SocksPort 0 BridgeRelay 1 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:80 ExtORPort auto CookieAuthentication 1 ExitPolicy reject *:* ExitPolicy reject6 *:* ClientUseIPv6 1 #%include /etc/tor/torrc_family //End of torrc For the family, is this setting needed for a Bridge? Should it be set? Thanks for any advice yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit stops after one year, then again after few days
Hello Roger On 4/8/20 10:53 AM, Roger Dingledine wrote: > Notice-level logs are a fine default. They should include everything > that's important for you to hear about, but also they try hard not to > include sensitive information. > > See this item from the old faq, which didn't get migrated to the new > support portal: > https://2019.www.torproject.org/docs/faq#LogLevel I did read that, but wasn't sure which level is sufficient, but am now sure that debug is not a good logging level for a running relay, it will create 450 GB logs a day. As you also suggested I did set notice now. Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit stops after one year, then again after few days
Hello Teor On 4/7/20 11:24 PM, teor wrote: > Hi, > >> On 7 Apr 2020, at 21:34, ylms wrote: >> >> As written above, I run an Exit (for many years, with the current setup >> since 04.2019) but on 30. March 2020 it stopped, I was unable to >> determine any reason. > > Have you checked tor's logs? > They are usually in /var/log/tor/log The directory /var/log/tor/ is empty, I think the Debian/Ubuntu package logs to syslog per default, but not sure, I cant find anything besides start/stop/reload in the sys log (journalctl to view it). > > If you have logrotate configured, they might have already been deleted, > because 30 March is more than 1 week ago. Funnily there is a logrotate job for the folder, it is: /var/log/tor/*log { daily rotate 5 compress delaycompress missingok notifempty create 0640 debian-tor adm sharedscripts postrotate if invoke-rc.d tor status > /dev/null; then invoke-rc.d tor reload > /dev/null fi endscript } Which would have removed the file as you point out, but still there should be some logs from 3 days ago when it happened again. But as stated above the folder is empty. > >> So I installed updates and since there were some Kernel updates I also >> rebooted the machine. The Exit was back up and ran again till ~36h ago. >> Same situation again, I have no idea why it stopped. >> >> I now activated "Log notice syslog", I think this was in the standard >> torrc which is installed with the package of Ubuntu 18.04.4 LTS anyway, >> but there is not entries in journalctl. Only Start/Stop/Reload events >> are shown in the journal for unit tor.service since 100 day ago. > > Have you tried reading /var/log/sys log directly? Thanks, that was my mistake, I didn't look in the file, but was just looking for tor.service unit entries, but of course the application itself just logs as "tor" or "Tor" and not as tor.service. So I see some info there, but nothing helpful since I just activated logging yesterday. I will revisit this in a few days when/if the problem occurs again, also I increased the rotation for the log to 14 days and am now logging into /var/log/tor/log. Could you advise which loglevel I should use to troubleshoot this? I set notice for now, because debug generated too much data. > >> Can someone help me to troubleshoot this problem, could the fingerprint >> be blacklisted? In this case would the Exit come back up running for a >> few days as described above? > > Most of the time, blacklisting just makes Tor log a message in its logs. > And the directory authorities stop publishing the relay in the consensus. > > (We haven't made any changes to required protocols recently. If we do, > very old Tor versions may shut down.) > > Here's what we need to know to be more helpful: > * your relay fingerprint > * your Tor version > * tor's logs when it shuts down Thanks again for the help, it is much appreciated. Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit stops after one year, then again after few days
I can add some information I forgot before. In "nyx" it showed my that the Relay had no flags, now after another reboot it show at least "Exit, Fast, Running, V2Dir, Valid" again, I think the other flags were lost due to the relay being kind of offline. Currently nyx shows about 4 MB/sec, not very much. Regards yl On 4/7/20 12:37 PM, ylms wrote: > Hello all > As written above, I run an Exit (for many years, with the current setup > since 04.2019) but on 30. March 2020 it stopped, I was unable to > determine any reason. > So I installed updates and since there were some Kernel updates I also > rebooted the machine. The Exit was back up and ran again till ~36h ago. > Same situation again, I have no idea why it stopped. > > I now activated "Log notice syslog", I think this was in the standard > torrc which is installed with the package of Ubuntu 18.04.4 LTS anyway, > but there is not entries in journalctl. Only Start/Stop/Reload events > are shown in the journal for unit tor.service since 100 day ago. > > Can someone help me to troubleshoot this problem, could the fingerprint > be blacklisted? In this case would the Exit come back up running for a > few days as described above? > > Regards and thank you very much for any support. > yl > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Exit stops after one year, then again after few days
Hello all As written above, I run an Exit (for many years, with the current setup since 04.2019) but on 30. March 2020 it stopped, I was unable to determine any reason. So I installed updates and since there were some Kernel updates I also rebooted the machine. The Exit was back up and ran again till ~36h ago. Same situation again, I have no idea why it stopped. I now activated "Log notice syslog", I think this was in the standard torrc which is installed with the package of Ubuntu 18.04.4 LTS anyway, but there is not entries in journalctl. Only Start/Stop/Reload events are shown in the journal for unit tor.service since 100 day ago. Can someone help me to troubleshoot this problem, could the fingerprint be blacklisted? In this case would the Exit come back up running for a few days as described above? Regards and thank you very much for any support. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge on Raspberry Pi Zero
On 2/12/20 5:28 AM, skarz wrote: > 70 Mbps isn’t fast enough for Tor? I'd say it is not fast enough for Tor, we did some tests with a Raspberry Pi4 lately, these can utilize close to 100 MBit/s. You could just try it, the Debian repository should provide the correct version for the processor architecture used in Raspberry Pi. Maybe the Tor version from the Raspbian repo is outdated. Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] %include in torrc
Thanks for correcting my false assumption, I assumed the application is just still called arm, but now I see the application is really outdated. I wonder why it is not maintained in the Debian sources. But well, the packages are sometime outdated. Thanks for now. yl On 1/8/20 12:42 AM, Damian Johnson wrote: > Hi yl, arm and nyx's author here. "Arm" is the name of the old 1.x > codebase which was last developed in 2012... > > https://nyx.torproject.org/changelog/index.html#version_1.x > > If the application says 'arm' then please upgrade. :) > > On Tue, Jan 7, 2020 at 3:31 PM yl wrote: >> >> Hello Toralf >> >> Depending on the OS it is called arm or nyx. >> I can check the log output of tor itself, I think that is the source of the >> nyx messages in the initial screen. >> >> Regards >> yl >> >> >> Am 7. Januar 2020 19:12:46 MEZ schrieb "Toralf Förster" >> : >>> >>> On 1/7/20 6:36 PM, ylms wrote: >>>> >>>> Is arm supposed to complain about the line with the %include as "The >>> >>> >>> IMO "arm" is deprecated in favour of "Nyx". >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] %include in torrc
Hello Is arm supposed to complain about the line with the %include as "The torrc differs from what tor's using. You can issue a sighup to reload the torrc values". It also complains, that the ExitPolicy, which is now in an %include file, is missing. So that seems to be bogus. Tor 0.4.2.5 in this particular case. Thanks yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Hardware specs for a high-bandwidth Tor exit?
Hello Christian, please also report back with the information you found out. I am also pretty interested, running Tor Exits for various German NGOs this really is a topic I am interested in. Currently the fastests Exit I operate in Germany is "only" doing a little more than 30MiB/s I think. But it only has 1GBit/s connection and I never bothered about this, as I fear the hoster will terminate the contract if I use all bandwidth. I guess I would So however, let us know what you found out. And make sure, if possible, to come to 36c3 meetup. Thanks yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] public open socks port
Hello all, I am wondering if there is any reason why one should not open the socks port of Tor to the public internet? I mean I run a Tor exit or relay, so why should I not open the port and give it to people that can't install Tor on some devices? Thanks for your thoughts. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] these ~790 tor relays will be removed from the network unless they upgrade
Hello nusenu, On 10/4/19 12:43 PM, nusenu wrote: > yes, operators with usable contactInfo get contacted directly by Roger > himself. so manually copied email addresses like this "tor AT ip-eend dot nl" and then emails send, not automatic to only valid addresses? Right? Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Some newbie questions
Hello skarz, On 10/3/19 3:17 AM, skarz wrote: > What is the proper way to stop/start/restart a relay? I’ve ‘corrupted’ a few > relays during this process, for example a relay had a new fingerprint after > restarting the machine. Actually my biggest problems thus far are all based > around Tor behaving weird after a restart. I assume you're running some Linux, may I ask which one? Debian based? Does your system come with systemd? Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] these ~790 tor relays will be removed from the network unless they upgrade
Hello did anyone contact the relay operators by the given email addresses? I someone would do this it would be nice, otherwise I will do this later this weekend. I would just forward this email here to let them know about that information and ask them to subscribe to the list as well. If someone wants to help me, please prepare a list of comma separated email addresses, I will then send the email asap. Question: When the update is done later than next week, say in 14 days, will the relays get part of the tor network again? Thanks yl On 10/4/19 12:24 PM, nusenu wrote: > As previously written on 2019-09-03 > https://lists.torproject.org/pipermail/tor-relays/2019-September/017711.html > > the Tor directory authorities are about to remove > relays from the network if they run end-of-life versions of tor. > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
On 4/5/19 10:58 AM, ylms wrote: > "[WARN] Error binding network socket: Address already in use [991 > duplicates hidden]" > > I did use a search engine, but am not sure what too look for further. > Also let me know if I should not worry at all. > > 991 warnings are probably since tor is running, which is about 24 days. I just realized that the fault did not occur since I asked about the problem here, I did not change anything till today, so maybe there was another condition present at some time before. Also I did do some other checks, see my emails in the this thread, and did not find any problems. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
On 4/5/19 6:16 PM, li...@for-privacy.net wrote: > Hint for ylms: Socks 0 + reject in the torrc config. > > SocksPort 0 > SocksPolicy reject * I think the latter is not needed because I did set "SocksPort 0" now, then reloaded the config and got this: 09:06:52 [NOTICE] Closing no-longer-configured Socks listener on /run/tor/socks:0 │ 09:06:52 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9050 So I guess the second is not needed. But thanks you anyway. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
On 4/5/19 5:31 PM, li...@for-privacy.net wrote: > Am 05.04.2019 10:58, schrieb ylms: > >> can someone point me at some information about this warning? >> >> "[WARN] Error binding network socket: Address already in use [991 >> duplicates hidden]" > > Log message is clear: > You have assigned a port number twice. > Either two Tor-instances run on the same (TCP) port numbers or you have > given Tor a port number, which already has another system process. > > 'netstat -lptu' or successor 'ss -lptu' gives you an overview. > I ran "ss -lptun" and it does not show any ports used twice. thanks yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
On 4/5/19 12:36 PM, torg...@linux-hus.dk wrote: > hi, the adress is in use check what is running on your system and check > also the ports sudo lsof -i -P -n | grep LISTEN does not show any ports used twice for the same address. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
Hello again, can someone point me at some information about this warning? "[WARN] Error binding network socket: Address already in use [991 duplicates hidden]" I did use a search engine, but am not sure what too look for further. Also let me know if I should not worry at all. 991 warnings are probably since tor is running, which is about 24 days. Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Another Slow Relay
Hello Ben, On 4/4/19 12:59 PM, Ben Riley wrote: > So based on a connection of about 97Mb, which means I can usually peak out > my download speeds at 11Mb/sec. Are those speeds above ok? I don't want to > drown my connection, but happy to give it a couple of meg :) just a short note from me, teor alread mentioned it, be careful with Megabit (Mb) vs. MegaByte (MB). Here is the part with the important information: With this option, and in other options that take arguments in bytes, KBytes, and so on, other formats are also supported. Notably, "KBytes" can also be written as "kilobytes" or "kb"; "MBytes" can be written as "megabytes" or "MB"; "kbits" can be written as "kilobits"; and so forth. Tor also accepts "byte" and "bit" in the singular. The prefixes "tera" and "T" are also recognized. If no units are given, we default to bytes. To avoid confusion, we recommend writing "bytes" or "bits" explicitly, since it’s easy to forget that "B" means bytes, not bits. Copied from here: https://2019.www.torproject.org/docs/tor-manual.html.en For you connection it seems to be 97MBit/s, and it gives you a data rate of 11MByte/s, also the important question still is if you have synchronous up- and download bandwidth, please do a speed test if you are not sure -> search engine "speedtest". For the replay bandwidth you have to use the smaller value of both, up- and download capability. Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Spamcop question
Hello all, I bundle the reply to all three helpful replies in this email. Basically the replies confirm my assumptions, I was wondering if there is single malconfiguration on my end or if the problem is a little more complex. I will watch the abuse complaints and if there will be more about spam I will see what I can do. This abuse ticket was part of a bundle of complaints (many abuse complaints), most of them SSH bruteforce and WordPress "hacking" attempts. So I relied with my standard reply as I always do, it is generic and explains that the server is a Tor exit and I offer to block their ip in the email. Not sure what my provider does with that reply, but I never hear back from any people. Thanks again for the help. Regards yl Replies, just for reference: 1. On 4/2/19 11:24 PM, Ralph Seichter wrote:> * ylms: > >> smtp:>>smtp.efg.es,587,t...@efg.es,123456>> >> [...] >> ExitPolicy accept *:587 > > You allow TCP port 587 (submission). That should not be a problem unless > the targeted server fails to enforce authentication for all email > submitted via this port. If that is the case, it is a configuration > error on the destination server. > > -Ralph 2. On 4/2/19 11:19 PM, nusenu wrote:> >> My question, what did I miss in in the exit policy, I have used the >> following in the torrc. Maybe I did not miss anything at all. Thanks for >> helping me to understand how the spammer could use the the exit for >> spamming. > > Emails and spam can be send via for example: > - webmail (frequently port 80/443) > - 465/587 > > (not just port 25) > > 3. On 4/2/19 11:08 PM, Nathaniel Suchy wrote:> Someone likely abused a webmail provider. Respond to them that SMTP isn’t available from your exit and they’ll have to contact the email service provider directly. > > Cordially, > Nathaniel Suchy On 4/2/19 11:04 PM, ylms wrote: > Hello fellow Tor-Exit operators, > > today I got the following Abuse message: > > //Start > > [ SpamCop V5.0.0 ] > This message is brief for your comfort. Please use links below for details. > > Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 + > https://www.spamcop.net/w3m?i=.(removed) > 5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html > > [ Offending message ] > Return-Path: > X-Original-To: bingobong...@cd.ru > Delivered-To: bingobong...@cd.ru > Received: from 31.184.255.247 (unknown [5.199.130.188]) > by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj > for ; Tue, 19 Mar 2019 12:20:30 + > Message-ID: > From: > To: > Subject: smtp:>>smtp.efg.es,587,t...@efg.es,123456>> > Date: Tue, 19 Mar 2019 13:20:18 +0100 > MIME-Version: 1.0 > Content-Type: text/plain; > charset="windows-1251"; > Content-Transfer-Encoding: 7bit > > smtp:>>smtp.efg.es,587,t...@efg.es,123456>> > > veblcshgtpwfdonxkebdghrwf > pboqjycmmdslmliomafclayaheiuft > uybveafdbnsuydqvbgyukf > zsszifpadkpaufibjosuk > > //End > > I wasn't sure what to remove from the abuse message so I removed all the > domains to protect the owners of these hosts/addresses, I hope I didn't > miss any. > > My question, what did I miss in in the exit policy, I have used the > following in the torrc. Maybe I did not miss anything at all. Thanks for > helping me to understand how the spammer could use the the exit for > spamming. > > I assume with the reduced exit policy spammers should not be enabled to > use the exit. > > // torrc > # Reduced Exit policy according to: > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy > ExitPolicy accept *:20-21 # FTP > ExitPolicy accept *:22# SSH > ExitPolicy accept *:23# Telnet > ExitPolicy accept *:43# WHOIS > ExitPolicy accept *:53# DNS > ExitPolicy accept *:79# finger > ExitPolicy accept *:80-81 # HTTP > ExitPolicy accept *:88# kerberos > ExitPolicy accept *:110 # POP3 > ExitPolicy accept *:143 # IMAP > ExitPolicy accept *:194 # IRC > ExitPolicy accept *:220 # IMAP3 > ExitPolicy accept *:389 # LDAP > ExitPolicy accept *:443 # HTTPS > ExitPolicy accept *:464 # kpasswd > ExitPolicy accept *:465 # URD for SSM (more often: an alternative > SUBMISSION port, see 587) > ExitPolicy accept *:531 # IRC/AIM > ExitPolicy accept *:543-544 # Kerberos > ExitPolicy accept *:554 # RTSP > ExitPolicy accept *:563 # NNTP over SSL > ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's > like Thunderbird] send mail over STARTTLS SMTP here) > ExitPolicy accept *:636 # LDAP over SSL > E
[tor-relays] Spamcop question
Hello fellow Tor-Exit operators, today I got the following Abuse message: //Start [ SpamCop V5.0.0 ] This message is brief for your comfort. Please use links below for details. Email from 5.199.130.188 / Tue, 19 Mar 2019 12:20:30 + https://www.spamcop.net/w3m?i=.(removed) 5.199.130.188 is open proxy, see: https://www.spamcop.net/mky-proxies.html [ Offending message ] Return-Path: X-Original-To: bingobong...@cd.ru Delivered-To: bingobong...@cd.ru Received: from 31.184.255.247 (unknown [5.199.130.188]) by relay (Postfix) with ESMTPSA id 7cqntswbr6frkskj for ; Tue, 19 Mar 2019 12:20:30 + Message-ID: From: To: Subject: smtp:>>smtp.efg.es,587,t...@efg.es,123456>> Date: Tue, 19 Mar 2019 13:20:18 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251"; Content-Transfer-Encoding: 7bit smtp:>>smtp.efg.es,587,t...@efg.es,123456>> veblcshgtpwfdonxkebdghrwf pboqjycmmdslmliomafclayaheiuft uybveafdbnsuydqvbgyukf zsszifpadkpaufibjosuk //End I wasn't sure what to remove from the abuse message so I removed all the domains to protect the owners of these hosts/addresses, I hope I didn't miss any. My question, what did I miss in in the exit policy, I have used the following in the torrc. Maybe I did not miss anything at all. Thanks for helping me to understand how the spammer could use the the exit for spamming. I assume with the reduced exit policy spammers should not be enabled to use the exit. // torrc # Reduced Exit policy according to: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ExitPolicy accept *:20-21 # FTP ExitPolicy accept *:22# SSH ExitPolicy accept *:23# Telnet ExitPolicy accept *:43# WHOIS ExitPolicy accept *:53# DNS ExitPolicy accept *:79# finger ExitPolicy accept *:80-81 # HTTP ExitPolicy accept *:88# kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 # LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 # kpasswd ExitPolicy accept *:465 # URD for SSM (more often: an alternative SUBMISSION port, see 587) ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here) ExitPolicy accept *:636 # LDAP over SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 # kerberos ExitPolicy accept *:853 # DNS over TLS ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-990 # FTP over SSL ExitPolicy accept *:991 # Netnews Administration System ExitPolicy accept *:992 # TELNETS ExitPolicy accept *:993 # IMAP over SSL ExitPolicy accept *:994 # IRCS ExitPolicy accept *:995 # POP3 over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:* Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
On 3/11/19 11:54 PM, teor wrote: > We would like to make tor more helpful, and make it guess IPv6. > But we're not there yet. > > Until then, people have to learn the details of tor's config For relays on dynamic ADSL lines it would be helpful to provide the static host part of an /56 or /64 network that is delegated from the ISP. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please help, my relay is unresponsive
Hello digitalist, On 3/11/19 9:40 PM, digitalist00 wrote: > I had a lot of errors due to a lack of diskspace. Obvisly the logs had filled > it up, so I commented the lines in the torrc that deal with logs. you may need to check in /var/log how much space the files there take up, also install (and maybe set up) logrotate. I am not sure how much space the relay cache will take up, but lately I buy Raspberry Pi's with 64 GB of Micro SD cards to avoid such problems (lazy solution). Sorry you have this problems. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please help, my relay is unresponsive
Hello digistalist, On 3/9/19 8:14 PM, digitalist00 wrote: > Dear helpers! > Nyx says that my relay is unresponsive and that it was resumed. As I > write this mail I have already 334 duplicates hidden. > What's my problem and how can I solve this? > The relay runs on a Raspberry Pi and is connected via LAN. > Yours > Digitalist > One more email from my side, I moved one relay to a Raspberry Pi 3B (maybe a 3B +, don't remember) last Friday, it is running well with this config: # my config ExitPolicy reject *:* BandwidthRate 25Mbits BandwidthBurst 40Mbits Nickname your_nickname DirPort 9030 NumCPUs 4 ControlPort 9051 ORPort 443 ClientUseIPv6 1 I throttle the bandwidth because I only have 40MBit/s upload, it is a ADSL line. :-/ yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please help, my relay is unresponsive
On 3/11/19 12:22 AM, teor wrote: > Have you tried reading tor's logs directly? > (It looks like you are reading them through nyx.) > > Tor's logs should be at /var/log/tor/log , or a similar path. In Raspian logs are sent to system journal, so "sudo journalctl -f -u tor.service" will show the logs, you can change the log level to "warn" or "err" by setting "Log err syslog" (syslog is set in the standard torrc delivered with the package I run on Raspian, which comes from the official repository I think). Remark: I added sources "deb http://deb.torproject.org/torproject.org stretch main". Regards yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please help, my relay is unresponsive
On 3/9/19 11:49 PM, digitalist00 wrote: > OK: chown hat's gebracht. Try to add the user you use to start nyx to the group tor runs with. If you run a Debian based system it is "sudo usermod -a -G debian-tor your_user_name" to add "your_user_name" to the group "debian-tor". That should help for most problems like this. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
Hello teor, On 3/9/19 5:07 AM, teor wrote: > ORPort [IPv6]:Port > > For example: > > ORPort [2001:db8::1]:9001 > > Tor doesn't guess IPv6 addresses yet. That was very helpful to find my stupid mistake. thanks. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
Hello Roger, thanks for you reply. On 3/9/19 4:08 AM, Roger Dingledine wrote: > On Fri, Mar 08, 2019 at 03:52:48PM +0100, ylms wrote: >> Hello, >> I just setup a new exit, I know it takes time to "train", but I would be >> interested in tips on how to tweak it. >> I just replaces a old exit that used the same IP, but unfortunately we >> lost that config/key. >> >> So any tips are welcome in general. > > It looks good so far! Thanks for running it. It is good to see some > good news from your part of Germany, not just bad proposed policies. :) Yeah, as said it is not a new relay, just lost the old one. But I would like to add a new one, just finding a useful Germany hoster is not easy to find. > >> I also have some questions. >> >> Atlas does not show any IPv6 address, is this normal? > > I see that you have an ipv6 exit policy set, but I don't see any > ipv6 address in your relay descriptor. > > (You can see your relay descriptor with > "wget 5.199.130.188/tor/server/authority" ) > > If you were advertising an ipv6 address, you would have an "or-address" > line in your descriptor. Compare to Fission1's descriptor: > "wget 158.69.30.132/tor/server/authority" I fixed it. I did not think about the OR-Port but did set: OutboundBindAddress 5.199.130.188 # Use this IP for all outgoing connections OutboundBindAddress [2001:4ba0:fff9:160:dead:beef:ca1f:1337] # Use this IP for all outgoing connections OutboundBindAddressOR 5.199.130.188 # OR Port IP OutboundBindAddressOR [2001:4ba0:fff9:160:dead:beef:ca1f:1337] # OR Port IP OutboundBindAddressExit 5.199.130.188 # Exit IP OutboundBindAddressExit [2001:4ba0:fff9:160:dead:beef:ca1f:1337] # Exit IP And for some reason I thought "Address" was the setting to do so, so I had: Address 5.199.130.188 and Address [2001:4ba0:fff9:160:dead:beef:ca1f:1337] But I removed that because it was bogus, so now it is: Address tor.piratenpartei-nrw.de now, which is what I meant to set. > >> WHat loglevel can I set to see if there is any problems, to find >> possible improvements? I know the logging should not be changed, but I >> want tot make sure tor works fine, so I would like to see some more >> information for now. > > We recommend notice-level logs. That's what most of the Tor packages > do by default: > https://www.torproject.org/docs/faq#LogLevel So "err" or "warn" would be the choice for troubleshooting, I assume this can be changed and a "systemctl reload tor.service" would be enough? Thanks for the help again. yl > > Thanks! > --Roger > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
Hello, I just setup a new exit, I know it takes time to "train", but I would be interested in tips on how to tweak it. I just replaces a old exit that used the same IP, but unfortunately we lost that config/key. So any tips are welcome in general. I also have some questions. Atlas does not show any IPv6 address, is this normal? WHat loglevel can I set to see if there is any problems, to find possible improvements? I know the logging should not be changed, but I want tot make sure tor works fine, so I would like to see some more information for now. Thanks for your help. yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays