> Port 22 is ssh, so turning it off would mean your relay won't be the exit > point for helping people reach their ssh servers while protecting their > communications metadata. Exiting to port 22 is a helpful thing to do
Yes. > Port 465 is for secure mail delivery, > which probably doesn't work so well over Tor these days anyway. There are some onion services and nodes that directly deliver outbound via exits to clearnet destinations. They tend to be unreliable for obvious reasons of today's spam preventions. Other implementations of Tor mail services rent a frontend domain and clearnet shell, tunnel the Tor mail to that point on clearnet via onion or exit, and deliver it on to clearnet destinations from there. That model does not need 465. Unfortunately there is some legacy mashup for sending mail, regarding server and users use of "smtp" 25 and "smtps" 465, and variously plaintext or tls or starttls on top of those ports. Fortunately these days 25 and 465 hardly enable or document for user use anymore. > wonder what they meant by 576, and if it's a transcription error and > they meant some other port (like 587). Same here for 576. 587 is submission protocol, dedicated to authenticated users sending mail smtp over starttls. As with fetching pop3s 995 and imaps 993, sending submission 587 is critical for use with users mail clients. pop3s 995 and imaps 993 are not any nuisance at all. submission 587 could be spammy but gets account nuked quickly. ssh 22 is just internet scanning noise with occaisional crack. You could negotiate away 567 for free. See about discussing proportion of 22 noise coming from exit versus clearnet, and the huge legit use it has. And keep the three mail client ports as equally legit. You could also analyse all the exits in consensus to see which ports are at risk of not having enough exit support and thus might be more needed. And publish your analysis project results. Since you operate exits, you might want to join tor-rel...@lists.torproject.org where all these things and more help are in the archives. ttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays And there are wiki.torproject.org pages to list results of searches for ISP's. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
