Thanks. Funny that my long time restricted IPv4 port 80 exit was noticed just now giving the bad exit tag. I suspect the hour one of my server was quarantined by my ISP may have precipitated the system to look hard.
As for my single /8 for port 80, for reason not clear to me, having many ports open including 443 open to all, IPV6 open on port 80 to all, while restricting IPV4 to a single /8 stops all abuse complaints. I have been free of abuse complaints and copyright claims for two years now. I tried to offer more IPv4 /8 ranges but abuses notices soon popped up, as if traffic is being en-route by some agencies. The free-text nature of port 80 meant contents read too easily, and IPV6 still not used enough... yet.
Gerry
-----Original Message----- From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of Georg Koppen Sent: 27 March 2020 12:40 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] BadExit
teor:
Hi,
On 27 Mar 2020, at 02:00, niftybunny abuse-contact@to-surf-and-protect.net wrote:
My bad. Never seen this before. I there a good reason for the accept 133.0.0.0/8:80 ?
On 26. Mar 2020, at 15:06, gerard@bulger.co.uk wrote:
"btw, you need to have at least port 80 and 443 … port 80 is missing …"
It there. But to a /8 area IPV4, all IPv6
I have not changed my exit policy for years. Port 80 is there, just limited to a /8 network and all IPv6 addresses port 80 allowed. 443 all there IPv4 and IPv6
Testing seems to be exiting OK, but badexit tag still there.
The Exit flag only request one IPv4 /8 : https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2628
But if the network health team is testing a different IPv4 /8, then your relay might appear down.
Yep, I think that's what happened. I'll get the badexit flag removed from both of your relays and think about ways for improving our tests. Sorry for the inconvenience.
(FWIW: I sent an email to the address you put into your ContactInfo. I heard that mails for Tor Project addresses repeatedly land in spam folders. Maybe that happened this time, too.)
(If the DNS for the site they are testing has both IPv4 and IPv6, then the outcome will depend on their tor version and config. 0.4.3 and later will prefer IPv6 by default.)
Not sure what Arthur is running but I am just using what Debian ships on the box I run the tests, which is currently 0.3.5.8. I guess it might be worth thinking about switching away from that. Maybe tracking and using the version Tor Browser ships is smarter?
Georg