Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
pogue 2 days ago

I was thinking this too. I'm assuming it doesn't look like an SMTP server from the outside? Because if it does, that would absolutely land your IP up on many, many DNSbls very quickly if it started getting probed.

Interesting idea though, spoofing other protocols than HTTP/HTTPS are probably a good idea for censorship evasion in countries with incredibly strict national firewalls.

zamadatix 2 days ago | parent [-]

TECHNICAL.md lays it out a bit more, but it claims to be RFC 5321 compliant with a realistic initiation sequence so it should somewhat look like a real SMTP server for the first bit.

Ending up on any DNSBLs shouldn't be a problem unless you have a static home IP you plan on running an actual SMTP server from after this though.

pogue 2 days ago | parent [-]

>SMTP traffic on port 587 (submission) is expected and normal

Any residential dynamic or static IP with this port opened is definitely going to get flagged. Most ISPs already prevent these ports from being open, either by policy or by residential routers.

It would probably very quickly end up on something like SpamHaus's PBL, which looks for this kind of thing.[1]

I would imagine you would also find yourself on Shodan pretty quickly getting hit with constant nmap & login attempts from malicious actors. Spam bots are always looking for insecure servers to send emails from.

I feel like ssh, SFTP, or even a secure DNS server would probably make more sense as something to hide traffic from DPI than an SMTP server.

[1] https://www.spamhaus.org/blocklists/policy-blocklist/

zamadatix 2 days ago | parent | next [-]

Again, unless you're actually planning on sending "real" SMTP traffic to other "real" SMTP servers from your own "real" SMTP server operating on the same address, then getting put on SpamHaus (or other DNSBLs) for having the port open w/o rDNS or etc configured is irrelevant. Like you say, there is a decent chance your ISP just blocks the port anyways and makes such a setup unfeasible though, but that's why the readme says to host this on a VPS which allows the port.

Any time you have any externally open TCP port (home or VPS) you should expect to get scanned to shit by Shodan and millions of other bots. It doesn't matter if it's the default port for SFTP, DNS, SMTP, HTTP, Minecraft, or whatever - all of them are great targets for malicious actors and as soon as the bots detect one open port they'll scan everything on that IP harder. I once forgot to disable certain default enabled login types and failed connection/authentication logging when exposing SSH/SFTP externally and ended up with GBs of logs in just one week.

GoblinSlayer 2 days ago | parent | prev | next [-]

Spamhaus blocks port 25, not 587. If they blocked port 587, they would blanket ban all email clients.

pogue 2 days ago | parent [-]

SpamHaus lists IPs to blocks, not ports.

bauruine 2 days ago | parent [-]

Sure but from your link

>The PBL detects end-user IP address ranges which should not be attempting to directly deliver unauthenticated SMTP email to any Internet mail server. All the email originated by an IP listed in PBL is expected to be submitted - using authentication - to a SMTP server which delivers it to destination

Means in practice port 25 (unauthenticated) and port 587 (authenticated)

megous a day ago | parent | prev [-]

> Any residential dynamic or static IP with this port opened is definitely going to get flagged.

That's not what the referenced website says and it does not make sense at all.