View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0011153Talerdeployment and operationspublic2026-02-24 21:472026-02-25 14:18
Reportervecirex Assigned ToChristian Grothoff  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0011153: firefly blocked by DAN TOR blacklist
Descriptionbecause of entry/guard or exit node running on firefly.

Please check if that's really necessary, as deliverability can be negatively impacted by this.
Additional InformationI know from own experience running Tor infra privately, that (at least web) services on post.ch or rtp.pt cannot be reached at all, if you are on the DAN TOR blocklist.
TagsNo tags attached.
Attached Files
firefly-blocked-by-dan-tor.png (87,857 bytes)   
firefly-blocked-by-dan-tor.png (87,857 bytes)   

Relationships

related to 0011102 assignedvecirex e-mail delivery takes an unusually long time 

Activities

vecirex

2026-02-24 21:51

manager   ~0027878

The DAN TOR blocklist is updated every 24hrs, which is the time it takes maximally to get off this list (if the list also gets updated regularly on the receiving sties relying on this service).

Christian Grothoff

2026-02-24 21:56

manager   ~0027881

Another idea: can we bind Tor to only ONE of our two IPv4 addresses, and tell Postfix to ONLY use the other one?

Christian Grothoff

2026-02-24 22:12

manager   ~0027882

https://netidex.com/articles/assigning-user-account-ip-for-outgoing-mail-sending-in-postfix-cwp-centos-ubuntu suggests how to get postfix to use a certain IP for *outgoing* mail. I am configuring Tor to only use the 219 IP, so if you set Postfix to the 218 IP we should be fine, right?

vecirex

2026-02-25 14:17

manager   ~0027893

We're using .218 for postfix already, so fine:

[snip]
root@firefly:~# swaks --to test@example.com --server outlook-com.olc.protection.outlook.com
=== Trying outlook-com.olc.protection.outlook.com:25...
=== Connected to outlook-com.olc.protection.outlook.com.
<- 220 SA2PEPF00001504.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Wed, 25 Feb 2026 13:13:21 +0000 [08DE6BBA2DFDC3AF]
 -> EHLO firefly.gnunet.org
<- 250-SA2PEPF00001504.mail.protection.outlook.com Hello [193.5.87.218]
<- 250-SIZE 49283072
<- 250-PIPELINING
<- 250-DSN
<- 250-ENHANCEDSTATUSCODES
<- 250-STARTTLS
<- 250-8BITMIME
<- 250-BINARYMIME
<- 250-CHUNKING
<- 250 SMTPUTF8
 -> MAIL FROM:<root@firefly.gnunet.org>
<- 250 2.1.0 Sender OK
 -> RCPT TO:<test@example.com>
<** 501 5.1.5 Recipient address reserved by RFC 2606 [SA2PEPF00001504.namprd04.prod.outlook.com 2026-02-25T13:13:22.797Z 08DE6BBA2DFDC3AF]
 -> QUIT
<- 221 2.0.0 Service closing transmission channel
=== Connection closed with remote host.
root@firefly:~#
[/snip]

As for the Dan Tor blacklist, .219 is added, indeed, yes:

https://www.dan.me.uk/tornodes (updated after midnight, today)

Issue History

Date Modified Username Field Change
2026-02-24 21:47 vecirex New Issue
2026-02-24 21:47 vecirex Status new => assigned
2026-02-24 21:47 vecirex Assigned To => Christian Grothoff
2026-02-24 21:47 vecirex File Added: firefly-blocked-by-dan-tor.png
2026-02-24 21:48 vecirex Relationship added related to 0011102
2026-02-24 21:51 vecirex Note Added: 0027878
2026-02-24 21:56 Christian Grothoff Note Added: 0027881
2026-02-24 22:12 Christian Grothoff Note Added: 0027882
2026-02-24 23:58 Christian Grothoff Assigned To Christian Grothoff => vecirex
2026-02-25 14:17 vecirex Note Added: 0027893
2026-02-25 14:18 vecirex Assigned To vecirex => Christian Grothoff
2026-02-25 14:18 vecirex Status assigned => closed
2026-02-25 14:18 vecirex Resolution open => fixed