We plan to operate a small AS in Japan. It will have minimal prefixes — IPv4 /24 and IPv6 /48. We will host an email server in this range. The matter is, that we hope to run an exit node (since we own an AS!) somewhere in this new network. Does it have any unhappy consequences to email reachability to run a Tor exit relay in a dedicated IP address(es) near an email server? Also, I would like to know the best practice for managing a network hosting Tor relays.
The followings are what I am thinking about:
- Set reverse DNS records for the email server and the tor relay.
- Divide the network into the three zones:
- Users network
- Servers network (hosting an email server, etc.)
- Guest network (hosting guest SSIDs, Tor relays, etc.)
Of course, there are multiple geological locations, so things get more complex.
I never did this, but a few things to keep in mind:
-
Use a separate IP for email server and Tor exit relay
-
There is a scammy blacklist called UCEProtect: https://uceprotect.wtf/. Sometimes exits get on there if they hit a UCEProtect trap. Aside from blocking Port 25/465/587, use your exit policy to block UCEProtect’s IP ranges:
ExitPolicy reject 208.77.218.112/29:*
ExitPolicy reject 193.138.29.159/32:*
ExitPolicy reject 217.23.49.178/32:*
ExitPolicy reject 217.23.49.204/32:*
ExitPolicy reject 217.23.49.208/32:*
ExitPolicy reject 217.23.49.196/30:*
ExitPolicy reject 217.23.49.200/29:*
ExitPolicy reject 217.23.49.208/31:*
ExitPolicy reject 217.23.49.210/32:*
ExitPolicy reject 208.66.2.19/32:*
ExitPolicy reject 77.37.17.36/32:*
ExitPolicy reject 46.41.0.109/32:*
ExitPolicy reject 217.23.48.81/32:*
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.