Hi list,
I was looking for suggestions/discussion on very conservative policies for an exit relay. I run a relay now that is "reject *:*" and I wanted to open up a few exit ports. I don't want to open up major ports due to potential abuse issues. My server host states that, although they do allow Tor, there is a chance of the relay being terminated at their will [1].
I was considering using a whitelist exit policy and opening up only the following ports to be "safe": 43 - WHOIS protocol 53 - DNS 389 - LDAP 464,543,544,749 - Kerberos 531 - AOL IM 636 - LDAP over SSL 706 - SLIC 873 - rsync 5190 - ICQ and AOL Instant Messenger 5222,5223,5269,5280,5281,5298 - XMPP 5353 - Multicast DNS 5999 - CVSup 8332,8333 - Bitcoin 9091 -Transmission (BitTorrent client) Web Interface 11371 - OpenPGP key server 64738 - Mumble/Murmur
I constructed the list based on a quick skimming of the WP ports list [2]. I suspect allowing IRC would eventually be grounds for my host to terminate my relay.
This would be my first time running an exit relay and I'd be happy to hear advice and suggestions!
Thanks, Steve
[1] https://trac.torproject.org/projects/tor/wiki/doc/ISPCorrespondence#OVH [2] https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers