Tor is a connection-based low-latency anonymous communication system which addresses many flaws in the original onion routing design. Tor can be used to "bounce" tcp connections trough some nodes around the world, leaving the tor network via some exit server. These exit servers are the "peer" you can see in your logs if someone uses Tor to connect to your server. Since nobody can control which ports are allowed on the exit servers (the tor project itself denies smtp by default, but this can be changed) it's a potential risk that someone abuses the tor network to hide his ip while he's spamming around.
Currently we list every tor node which allows clients to connect to the following ports: 25, 194, 465, 587, 994, 6657, 6660-6670, 6697, 7000-7005, 7070, 8000-8004, 9000, 9001, 9998, 9999.
Every node gets listed twice:
- The IP running the tor server itself
- Class C Networks which include the tor server
You may ask why we list complete networks? Well, it's because a tor server can do outgoing connections on other ips (multiple ips per host) than the server runs on. Since normally a server operates in the same class-c network we chose the listing of the entire class-c as second list type. But we use different records for the two listing types. This makes it possible to choose what you want to block.
We are unable to remove you from any blacklist. You need to visit the blacklist directly for removal.
If any information concerning this DNSBL is incorrect, missing, or out of date, please contact us.