Cyrus wrote: > My server is behind a Tor transparent proxy on a separate machine. > Customers have just started reporting getting email from their sites, > and the headers show this to be coming from exit nodes. I can't see any > update news that the policy on SMTP has changed. > > It might just be bad exit nodes, but according to one of these customers > emails have been coming constantly since Dec 31. For a lot of idiots > this means their sites are now leaking information. This can include > information on password resets, account activities, and even private > messages.
Sorry, I can't quite tell what configuration this is you're talking about. Did you mean: "I run a Web hosting service accessible primarily or only via Tor; outgoing traffic is routed via Tor as well, and I expected this to implicitly block all outgoing email, but many users run dynamic websites with backend code that sends email anyway, which is now being insecurely routed"? (If so, it would have been nice if you'd mentioned that explicitly.) If you actually need to _block_ email, you need to actually block it, not rely on "no exit would ever accept this connection" (which you have already found out). If your users want to be able to run all the Cool New Web Applications that rely on the open Internet in all the popular ways, but then also run them behind Tor and not get weirdly hosed at random, that's... less than practical without an awful lot of mediating work (as you also probably know). The sets of prevailing assumptions are too incompatible. As far as I know, the Tor network and Tor project set no global hard policy on where exit nodes are allowed to exit; the Tor project provides defaults and some sets of suggested rules, but each node can override this however they want. (For instance, allowing exit to the SMTP relay port at a specific set of servers known to handle this well could be entirely reasonable. The distinction between SMTP relay and SMTP submission ports may also be relevant, depending on what your users are seeing.) ---> Drake Wilson -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
