Delivery-Date: Fri, 02 Jan 2015 16:15:41 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 57B681E0AE5
	for <archiver@seul.org>; Fri,  2 Jan 2015 16:15:40 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4C0A53257C;
	Fri,  2 Jan 2015 21:15:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9DC3232512
 for <tor-talk@lists.torproject.org>; Fri,  2 Jan 2015 21:15:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id IPjuhBWFedgl for <tor-talk@lists.torproject.org>;
 Fri,  2 Jan 2015 21:15:32 +0000 (UTC)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
 [66.111.4.25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 8329A32500
 for <tor-talk@lists.torproject.org>; Fri,  2 Jan 2015 21:15:29 +0000 (UTC)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id 4C930207F6
 for <tor-talk@lists.torproject.org>; Fri,  2 Jan 2015 16:15:26 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute2.internal (MEProxy); Fri, 02 Jan 2015 16:15:26 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=x-sasl-enc:message-id:date:from
 :mime-version:to:subject:references:in-reply-to:content-type
 :content-transfer-encoding; s=smtpout; bh=6k1p74gMGp/pdH5TyAdQP+
 YV1Sg=; b=q/AcVavWO/4k9Wj1IrGkP0A+lxHC8qaclIz5ttsjQHhVZscdkD3Xc5
 IlNqwCfGcxKquKOrSFXA6ZXIi6ouvfx98ktNKi/uBMtfltyeOMAsAPEnBDZ7shZT
 niOheYjetk8oYfsoggv2QlM9yqWiAJ/VBMlRG6DflnSUQQOm/SeA8=
X-Sasl-enc: BHIHr+5ANVVKM8oXUWip4R9V3KjICT96a9WfeVLfssqD 1420233325
Received: from [50.84.162.181] (unknown [50.84.162.181])
 by mail.messagingengine.com (Postfix) with ESMTPA id E02E06800B9
 for <tor-talk@lists.torproject.org>; Fri,  2 Jan 2015 16:15:25 -0500 (EST)
Message-ID: <54A70A6C.6010102@dasyatidae.net>
Date: Fri, 02 Jan 2015 15:15:24 -0600
From: Drake Wilson <drake@dasyatidae.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Icedove/31.3.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54A6F179.1090608@riseup.net>
In-Reply-To: <54A6F179.1090608@riseup.net>
Subject: Re: [tor-talk] Unexpected SMTP
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Cyrus wrote:
> My server is behind a Tor transparent proxy on a separate machine.
> Customers have just started reporting getting email from their sites,
> and the headers show this to be coming from exit nodes. I can't see any
> update news that the policy on SMTP has changed.
> 
> It might just be bad exit nodes, but according to one of these customers
> emails have been coming constantly since Dec 31. For a lot of idiots
> this means their sites are now leaking information. This can include
> information on password resets, account activities, and even private
> messages.

Sorry, I can't quite tell what configuration this is you're talking about.
Did you mean: "I run a Web hosting service accessible primarily or only
via Tor; outgoing traffic is routed via Tor as well, and I expected this
to implicitly block all outgoing email, but many users run dynamic websites
with backend code that sends email anyway, which is now being insecurely
routed"?  (If so, it would have been nice if you'd mentioned that
explicitly.)

If you actually need to _block_ email, you need to actually block it, not
rely on "no exit would ever accept this connection" (which you have already
found out).

If your users want to be able to run all the Cool New Web Applications that
rely on the open Internet in all the popular ways, but then also run them
behind Tor and not get weirdly hosed at random, that's... less than practical
without an awful lot of mediating work (as you also probably know).  The sets
of prevailing assumptions are too incompatible.

As far as I know, the Tor network and Tor project set no global hard policy
on where exit nodes are allowed to exit; the Tor project provides defaults
and some sets of suggested rules, but each node can override this however
they want.  (For instance, allowing exit to the SMTP relay port at a specific
set of servers known to handle this well could be entirely reasonable.  The
distinction between SMTP relay and SMTP submission ports may also be relevant,
depending on what your users are seeing.)

   ---> Drake Wilson

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

