Tor logo

Tor Relay status

My Tor Relay is up and running and is published to the Tor Relay Search (Atlas) under the fingerprint 324B624A0AFBD2F81414CB80466282E299AA89E1

As my relay is still quite new, it’s not yet being used at full capacity, as explained in this Tor Blog post.

You can see my torrc configuration file as it is today at the bottom of this post, I might change it in the future depending on my experiences with running the relay.

I based my Exit Policy on the Reduced Exit Policy available in the Tor documentation, which is aimed at allowing most of the common network traffic but block ports to be used for abuse or activities which may harm the relay operators (think of DMCA take downs).
Too further protect myself in the case of DMCA take downs or other legal actions taken against me for activities performed by Tor users, I have set up an information page at https://tor.stijncrevits.be (which redirects to This is a Tor Exit Router), the link to which is also referred to in the Contact Info of my relay. The PTR record of my relay’s IP also refers to this domain so that people tracing back my IP can easily identify it as a Tor Relay.

So far I haven’t experienced any negative effects of hosting this relay, but I suppose this is because it’s still not used to its full capacity. I’ll be keeping track of any changes in my experience (e.g. connecting to my server, network latency, bandwidth usage) and potential abuse (receiving DMCA letters), after which I may fine tune my Exit Policy.
However, I hope I can keep my relay configuration as is, as I don’t want to censor people who have a legitimate need of using the Tor network to be able to enjoy an open internet.

I’m currently looking to prepare myself for DMCA or other abuse emails and want to have a mechanism to automatically reply to these emails using the Tor Abuse Templates. If you have an idea on how to set this up, you can always reply to my Tweet.

## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
## for more options you can use in this file.
##
## Tor will look for this file in various places based on your platform:
## https://www.torproject.org/docs/faq#torrc

SOCKSPort 0
SOCKSPolicy reject *

Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor

################ This section is just for relays #####################
## See https://www.torproject.org/docs/tor-doc-relay for details.

ORPort 8080
ORPort [2001:41d0:401:3100::a810]:8080
Address tor.stijncrevits.be
OutboundBindAddress 54.37.68.143
Nickname StijnsTorSpot
RelayBandwidthRate 125 KBytes   # Throttle traffic to 125KB/s (1Mbps)
RelayBandwidthBurst 150 KBytes  # But allow bursts up to 150KB/s
AccountingMax 100 GBytes        # Allow 100GB of traffic per month
AccountingStart month 1 00:00
ContactInfo https://tor.stijncrevits.be
DirPort 9030
DirPortFrontPage /etc/tor/tor-exit-notice.html
MyFamily $324B624A0AFBD2F81414CB80466282E299AA89E1

IPv6Exit 1

ExitPolicy reject 0.0.0.0/8
Exitpolicy reject6 [::0]/128
ExitPolicy reject 127.0.0.0/8
Exitpolicy reject6 [::1]/128
ExitPolicy reject 169.254.0.0/16
ExitPolicy reject 192.168.0.0/16
ExitPolicy reject 10.0.0.0/8
ExitPolicy reject 172.16.0.0/12
# Actively rejecting ports isn't necessary since I'm ending with a reject-all
# However, these lines acts as a reminder that I shouldn't be opening them in the future
ExitPolicy reject *:25
ExitPolicy reject *:119
ExitPolicy reject *:135-139
ExitPolicy reject *:445
ExitPolicy reject *:563
ExitPolicy reject *:1214
ExitPolicy reject *:4661-4666
ExitPolicy reject *:6346-6429
ExitPolicy reject *:6699
ExitPolicy reject *:6881-6999
ExitPolicy accept *:9030      # Tor
ExitPolicy accept *:20-23     # FTP, SSH, Telnet
ExitPolicy accept *:43        # WHOIS
ExitPolicy accept *:53        # DNS
ExitPolicy accept *:79-81     # finger, HTTP
ExitPolicy accept *:88        # kerberos
ExitPolicy accept *:110       # POP3
ExitPolicy accept *:119       # nntp
ExitPolicy accept *:143       # IMAP
ExitPolicy accept *:194       # IRC
ExitPolicy accept *:220       # IMAP3
ExitPolicy accept *:389       # LDAP
ExitPolicy accept *:443       # HTTPS
ExitPolicy accept *:464       # kpasswd
ExitPolicy accept *:465       # URD for SSM (more often: an alternative SUBMISSION port, see 587)
ExitPolicy accept *:531       # IRC/AIM
ExitPolicy accept *:543-544   # Kerberos
ExitPolicy accept *:554       # RTSP
ExitPolicy accept *:563       # NNTP over SSL
ExitPolicy accept *:587       # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here)
ExitPolicy accept *:636       # LDAP over SSL
ExitPolicy accept *:706       # SILC
ExitPolicy accept *:749       # kerberos
ExitPolicy accept *:853       # DNS over TLS
ExitPolicy accept *:873       # rsync
ExitPolicy accept *:902-904   # VMware
ExitPolicy accept *:981       # Remote HTTPS management for firewall
ExitPolicy accept *:989-995   # FTP over SSL, Netnews Administration System, TELNETS, IMAP over SSL, IRCS, POP3 over SSL
ExitPolicy accept *:1194      # OpenVPN
ExitPolicy accept *:1220      # QT Server Admin
ExitPolicy accept *:1293      # PKT-KRB-IPSec
ExitPolicy accept *:1500      # VLSI License Manager
ExitPolicy accept *:1533      # Sametime
ExitPolicy accept *:1677      # GroupWise
ExitPolicy accept *:1723      # PPTP
ExitPolicy accept *:1755      # RTSP
ExitPolicy accept *:1863      # MSNP
ExitPolicy accept *:2082      # Infowave Mobility Server
ExitPolicy accept *:2083      # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128      # SQUID
ExitPolicy accept *:3389      # MS WBT
ExitPolicy accept *:3690      # SVN
ExitPolicy accept *:4321      # RWHOIS
ExitPolicy accept *:4643      # Virtuozzo
ExitPolicy accept *:5050      # MMCC
ExitPolicy accept *:5190      # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228      # Android Market
ExitPolicy accept *:5900      # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679      # IRC SSL
ExitPolicy accept *:6697      # IRC SSL
ExitPolicy accept *:8000      # iRDMI
ExitPolicy accept *:8008      # HTTP alternate
ExitPolicy accept *:8074      # Gadu-Gadu
ExitPolicy accept *:8080      # HTTP Proxies
ExitPolicy accept *:8082      # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8232-8233 # Zcash
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8443      # PCsync HTTPS
ExitPolicy accept *:8888      # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418      # git
ExitPolicy accept *:9999      # distinct
ExitPolicy accept *:10000     # Network Data Management Protocol
ExitPolicy accept *:11371     # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:19294     # Google Voice TCP
ExitPolicy accept *:19638     # Ensim control panel
ExitPolicy accept *:50002     # Electrum Bitcoin SSL
ExitPolicy accept *:64738     # Mumble
ExitPolicy reject *:*

GeoIPFile /usr/share/tor/geoip
GeoIPv6File /usr/share/tor/geoip6