The Reduced Exit Policy is an alternative to the default exit policy. It allows as many Internet services as possible while still blocking the majority of TCP ports. Currently, the policy allows approximately 65 ports. This reduces the odds that a bittorrent user will select your node.
Since bittorrent clients can be run on any port, and most of them pick random ports, every port you add to your exit policy increases the probability of a bittorrent client using your exit node to connect to a monitored peer that is listening on that port. This means that enabling ranges of ports is especially bad, unfortunately. Each new port adds 1/65535 (or even more if eg. the port numbers listen below are preferred to use for torrent traffic b/c they are well known now) to your risk of getting DMCA takedowns. The privileged ports (1-1024) have a smaller risk of getting DMCA takedowns.
This policy has been produced by scanning /etc/services, and checking various port lists around the net. This list has been carefully checked to ensure that none of these ports overlap with popular default ports for bittorrent clients. If you add to this list, please check this carefully too.
Also, it would be great if someone could comment each line to list the services that it allows.
Here are two comprehensive port lists to check new additions against P2P, to label unknown ports below, and to search for new ports to add:
You may also want to block services which you need to access from the node and block exit nodes:
Here is the policy: (If you're running an IPv6 exit, this policy applies to both IPv4 and IPv6.)
ExitPolicy accept *:20-21 # FTP
ExitPolicy accept *:22 # SSH
ExitPolicy accept *:23 # Telnet
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79 # finger
ExitPolicy accept *:80-81 # HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:465 # URD for SSM (more often: an alternative SUBMISSION port, see 587)
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here)
ExitPolicy accept *:636 # LDAP over SSL
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:853 # DNS over TLS
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-990 # FTP over SSL
ExitPolicy accept *:991 # Netnews Administration System
ExitPolicy accept *:992 # TELNETS
ExitPolicy accept *:993 # IMAP over SSL
ExitPolicy accept *:994 # IRCS
ExitPolicy accept *:995 # POP3 over SSL
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082 # Infowave Mobility Server
ExitPolicy accept *:2083 # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679 # IRC SSL
ExitPolicy accept *:6697 # IRC SSL
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8232-8233 # Zcash
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418 # git
ExitPolicy accept *:9999 # distinct
ExitPolicy accept *:10000 # Network Data Management Protocol
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:19294 # Google Voice TCP
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
ExitPolicy accept *:64738 # Mumble
ExitPolicy reject *:*Herewith, an alternative Reduced-Reduced ExitPolicy to avoid Tor DNSBL and prevent some common outgoing port scanning / 'attack' ABUSE issues.
Reject Ports (Optional Advisory): 22, 23, 194, 465, 563, 587, 994, 3128, 3389, 6660-6669, 6679, 6697, 8000, 8080 and 9999
It should be noted that to avoid Tor DNSBL an exit nodes ORPort and/or DirPort must not use the 'default' ports 9001 or 9030. If your computer isn't running a webserver, and you haven't set AccountingMax, please consider changing your ORPort to 443 and/or your DirPort to 80.
Tor DNSBL = Every IP which is known to run a tor server and allow their clients to connect to one of the following ports get listed: 25, 194, 465, 587, 994, 6657, 6660-6670, 6697, 7000-7005, 7070, 8000-8004, 9000, 9001, 9998, 9999 . (source) - mxtoolbox.com/problem/blacklist/sectoor
ExitPolicy accept *:20-21 # FTP - File Transfer Protocol (data / control)
#ExitPolicy accept *:22 # SSH - Secure Shell, secure logins, file transfer (potential ABUSE - common port scan attacks map.norsecorp.com)
#ExitPolicy accept *:23 # Telnet - protocol-unencrypted text communications (potential ABUSE - common port scan attacks map.norsecorp.com)
ExitPolicy accept *:43 # WHOIS - who is query and response protocol
ExitPolicy accept *:53 # DNS - Domain Name System
ExitPolicy accept *:79 # finger - Name/Finger user information protocol
ExitPolicy accept *:80-81 # HTTP - Hypertext Transfer Protocol / web browsing
ExitPolicy accept *:88 # kerberos - computer network authentication protocol
ExitPolicy accept *:110 # POP3 - Post Office Protocol v3 (receive email only)
ExitPolicy accept *:143 # IMAP - Internet Message Access Protocol, management of email messages (receive email only)
#ExitPolicy accept *:194 # IRC - Internet Relay Chat (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
ExitPolicy accept *:220 # IMAP3 - Internet Message Access Protocol v3 (receive email only)
ExitPolicy accept *:389 # LDAP - Lightweight Directory Access Protocol
ExitPolicy accept *:443 # HTTPS - Hypertext Transfer Protocol over TLS/SSL / secure web browsing
ExitPolicy accept *:464 # kpasswd - Kerberos Change/Set password
#ExitPolicy accept *:465 # URD for SSM / email SUBMISSION (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
ExitPolicy accept *:531 # IRC/AIM - AOL Instant Messenger
ExitPolicy accept *:543-544 # Kerberos - klogin, Kerberos login / kshell, Kerberos Remote shell
ExitPolicy accept *:554 # RTSP - Real Time Streaming Protocol
#ExitPolicy accept *:563 # NNTP over SSL - Network News Transfer Protocol - (https://www.torproject.org/docs/faq#DefaultExitPorts)
#ExitPolicy accept *:587 # SMTP - email SUBMISSION (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
ExitPolicy accept *:636 # LDAP - Lightweight Directory Access Protocol over TLS/SSL
ExitPolicy accept *:706 # SILC - Secure Internet Live Conferencing
ExitPolicy accept *:749 # kerberos - protocol administration
ExitPolicy accept *:873 # rsync - file synchronization protocol
ExitPolicy accept *:902-904 # VMware - Virtual Infrastructure Client / Console / Server
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-990 # FTP over TLS/SSL - File Transfer Protocol (data / control)
ExitPolicy accept *:991 # Netnews Administration System
ExitPolicy accept *:992 # Telnet protocol over TLS/SSL
ExitPolicy accept *:993 # IMAP over SSL - Internet Message Access Protocol over TLS/SSL (receive email only)
#ExitPolicy accept *:994 # IRCS - Internet Relay Chat SSL (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
ExitPolicy accept *:995 # POP3 over SSL - Post Office Protocol v3 (receive email only)
ExitPolicy accept *:1194 # OpenVPN - Virtual Private Network
ExitPolicy accept *:1220 # QT Server Admin - QuickTime Streaming Server administration
ExitPolicy accept *:1293 # PKT-KRB-IPSec - Internet Protocol Security
ExitPolicy accept *:1500 # VLSI License Manager - Firewall (NT4-based) Remote Management / Server
ExitPolicy accept *:1533 # Sametime - IM—Virtual Places Chat MS SQL Server
ExitPolicy accept *:1677 # GroupWise - clients in client/server access mode
ExitPolicy accept *:1723 # PPTP - Point-to-Point Tunneling Protocol
ExitPolicy accept *:1755 # RTSP - Media Services (MMS, ms-streaming)
ExitPolicy accept *:1863 # MSNP - MS Notification Protocol, MS Messenger service / Instant Messaging clients
ExitPolicy accept *:2082 # Infowave Mobility Server and CPanel default
ExitPolicy accept *:2083 # Secure Radius Service (radsec) and CPanel default SSL
ExitPolicy accept *:2086-2087 # GNUnet, ELI - Web Host Manager default and Web Host Manager default SSL
ExitPolicy accept *:2095-2096 # NBX - CPanel default web mail and CPanel default SSL web mail
ExitPolicy accept *:2102-2104 # Zephyr - Project Athena Notification Service server / connection / host manager
#ExitPolicy accept *:3128 # SQUID - Web caches / client connection software - (potential ABUSE - common port scan attacks map.norsecorp.com)
#ExitPolicy accept *:3389 # MS WBT - Microsoft Terminal Server (RDP) - (potential ABUSE - common port scan attacks map.norsecorp.com)
ExitPolicy accept *:3690 # SVN - Subversion version control system
ExitPolicy accept *:4321 # RWHOIS - Referral Who is Protocol
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC - Yahoo! Messenger
ExitPolicy accept *:5190 # ICQ and AOL Instant Messenger
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL - Extensible Messaging and Presence Protocol client connection
ExitPolicy accept *:5228 # Android Market - Google Play, Android Cloud, Google Cloud Messaging / HP Virtual Room Service
#ExitPolicy accept *:5900 # VNC - Virtual Network Computing (RDP) - (potential ABUSE - common port scan attacks map.norsecorp.com)
#ExitPolicy accept *:6660-6669 # IRC - Internet Relay Chat - (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
#ExitPolicy accept *:6679 # IRC SSL - (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
#ExitPolicy accept *:6697 # IRC SSL - (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
#ExitPolicy accept *:8000 # iRDMI - often used instead of port 8080 - (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
ExitPolicy accept *:8008 # HTTP alternate / Server administration default
ExitPolicy accept *:8074 # Gadu-Gadu - instant messaging client
#ExitPolicy accept *:8080 # HTTP Proxies - Web proxy and caching server - (potential ABUSE - common port scan attacks map.norsecorp.com)
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP - Control Panel
ExitPolicy accept *:8232-8233 # Zcash
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8443 # PCsync HTTPS - Plesk Control Panel, Apache Tomcat SSL
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE - HyperVM, Freenet, MAMP Server
ExitPolicy accept *:9418 # git - Git pack transfer service
#ExitPolicy accept *:9999 # distinct - Telnet control - (REJECT to AVOID Tor DNSBL - www.sectoor.de/tor.php#en-listpolicy)
ExitPolicy accept *:10000 # Network Data Management Protocol - Webmin, Web-based Unix/Linux system administration tool
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:19294 # Google Voice TCP - Voice and Video connections
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
ExitPolicy accept *:64738 # Mumble - voice over IP
ExitPolicy reject *:*In a test of the above Reduced-Reduced ExitPolicy, a new Tor Exit node running with the main (original) ReducedExitPolicy was listed in a Tor DNSBL within 24 hours of achieving an Exit Relay flag status.
However, a similar Tor Exit node running with the above Reduced-Reduced ExitPolicy seemingly remains unlisted from the same Tor DNSBL.
A lightweight Exit policy EXAMPLE with a focus towards officially registered ports from: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Avoids common 'abuse' ports and limits port numbers above 1024
Enables useful ports for the majority of Tor users without Exit traffic related to; Remote Administration, Streaming services (high-bandwidth) and/or 'commercial' applications.
ExitPolicy accept *:20-21 # FTP
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:80 # HTTP
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:989-990 # FTPS
ExitPolicy accept *:991 # NAS Usenet
ExitPolicy accept *:992 # TELNETS
ExitPolicy accept *:993 # IMAPS
ExitPolicy accept *:995 # POP3S
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1293 # IPSec
ExitPolicy accept *:3690 # SVN Subversion
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:5222-5223 # XMPP, XMPP SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:9418 # git
ExitPolicy accept *:11371 # OpenPGP hkp
ExitPolicy accept *:64738 # Mumble
ExitPolicy reject *:*A basic Exit policy Example for Web Browsing (only) - help Tor Browser Bundle users !
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:80 # HTTP
ExitPolicy accept *:443 # HTTPS
ExitPolicy reject *:*Alpha test - IoT (Internet of Things) Port Recommendations / Additions
ExitPolicy accept *:81 # HTTP Alt
ExitPolicy accept *:83 # MIT ML Device
ExitPolicy accept *:85 # MIT ML Device
ExitPolicy accept *:86 # BroadCam Video Streaming Server
ExitPolicy accept *:90 # dnsix Securit Attribute Token Map / Pointcast
ExitPolicy accept *:1043 # BOINC Client Control
ExitPolicy accept *:1103 # Adobe Server 2
ExitPolicy accept *:1113 # Licklider Transmission Protocol (IANA official) [RFC 5326]
ExitPolicy accept *:1883 # Message Queuing Telemetry (IANA official)
ExitPolicy accept *:4070 # Trivial IP Encryption (TrIPE)
ExitPolicy accept *:5004 # RTP media data [RFC 3551, RFC 4571]
ExitPolicy accept *:5287 # IP Camera viewer apps
ExitPolicy accept *:5675 # V5UA application port (IANA official) [RFC 3807]
ExitPolicy accept *:6880 # Dwyco Video Conferencing
ExitPolicy accept *:8502 # FTN Message Transfer Protocol (IANA official)
ExitPolicy accept *:8601 # Wavestore CCTV protocol
ExitPolicy accept *:8602 # XBConnect, Wavestore Notification protocolAn EXAMPLE IoT Reduced-Exit Policy - Note : High-Bandwidth use with heavy-streaming / big-data services.
ExitPolicy accept *:20-21 # FTP
#ExitPolicy accept *:22 # SSH (potential ABUSE - common port scan attacks map.norsecorp.com)
#ExitPolicy accept *:23 # Telnet (potential ABUSE - common port scan attacks map.norsecorp.com)
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79 # finger
ExitPolicy accept *:80-81 # HTTP, HTTP alt.
ExitPolicy accept *:83 # MIT ML Device
ExitPolicy accept *:85 # MIT ML Device
ExitPolicy accept *:86 # BroadCam Video Streaming Server
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:90 # dnsix Securit Attribute Token Map / Pointcast
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:143 # IMAP
#ExitPolicy accept *:194 # IRC (REJECT to AVOID Tor DNSBL)
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
#ExitPolicy accept *:465 # URD for SSM (REJECT to AVOID Tor DNSBL)
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
#ExitPolicy accept *:563 # NNTP over SSL (AVOID - https://www.torproject.org/docs/faq#DefaultExitPorts)
#ExitPolicy accept *:587 # SMTP (REJECT to AVOID Tor DNSBL)
ExitPolicy accept *:636 # LDAP
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-990 # FTP over TLS/SSL
ExitPolicy accept *:991 # Netnews Administration System
ExitPolicy accept *:992 # Telnet protocol over TLS/SSL
ExitPolicy accept *:993 # IMAP over SSL (N.B. potential abuse - brute-force attacks - tornull.org)
#ExitPolicy accept *:994 # IRCS (REJECT to AVOID Tor DNSBL)
ExitPolicy accept *:995 # POP3 over SSL
ExitPolicy accept *:1043 # BOINC Client Control
ExitPolicy accept *:1103 # Adobe Server 2
ExitPolicy accept *:1113 # Licklider Transmission Protocol (IANA official) [RFC 5326]
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:1883 # Message Queuing Telemetry (IANA official)
ExitPolicy accept *:2082 # Infowave Mobility Server and CPanel default
ExitPolicy accept *:2083 # Secure Radius Service (radsec) and CPanel default SSL
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
#ExitPolicy accept *:3128 # SQUID (potential ABUSE - common port scan attacks map.norsecorp.com)
#ExitPolicy accept *:3389 # MS WBT (potential ABUSE - common port scan attacks map.norsecorp.com)
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:4070 # Trivial IP Encryption (TrIPE)
ExitPolicy accept *:5004 # RTP media data [RFC 3551, RFC 4571]
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ and AOL Instant Messenger
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5287 # IP Camera viewer apps
ExitPolicy accept *:5675 # V5UA application port (IANA official) [RFC 3807]
#ExitPolicy accept *:5900 # VNC (potential ABUSE - common port scan attacks map.norsecorp.com)
#ExitPolicy accept *:6660-6669 # IRC (REJECT to AVOID Tor DNSBL)
#ExitPolicy accept *:6679 # IRC SSL (REJECT to AVOID Tor DNSBL)
#ExitPolicy accept *:6697 # IRC SSL (REJECT to AVOID Tor DNSBL)
ExitPolicy accept *:6880 # Dwyco Video Conferencing
#ExitPolicy accept *:8000 # iRDMI (REJECT to AVOID Tor DNSBL)
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
#ExitPolicy accept *:8080 # HTTP Proxies (potential ABUSE - common port scan attacks map.norsecorp.com)
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP - Control Panel
ExitPolicy accept *:8232-8233 # Zcash
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8443 # PCsync HTTPS - Plesk Control Panel, Apache Tomcat SSL
ExitPolicy accept *:8502 # FTN Message Transfer Protocol (IANA official)
ExitPolicy accept *:8601 # Wavestore CCTV protocol
ExitPolicy accept *:8602 # XBConnect, Wavestore Notification protocol
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE, HUSH coin
ExitPolicy accept *:9418 # git - Git pack transfer service
#ExitPolicy accept *:9999 # distinct (REJECT to AVOID Tor DNSBL)
##ExitPolicy accept *:10000 # Network Data Management Protocol (N.B. potential abuse - RDP - tornull.org)
ExitPolicy accept *:11371 # OpenPGP hkp
ExitPolicy accept *:19294 # Google Voice
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
ExitPolicy accept *:64738 # Mumble - voice over IP
ExitPolicy reject *:*Malicious botnet (ransomware, crimeware and malware) traffic over Tor is unfortunately becoming more common, particularly on ports 80 and 443.
Some random person on the Internet made an ExitPolicy he thinks is good and updates it at https://tornull.org. This person is not affiliated with the Tor Project. While his suggested ExitPolicy lines may be helpful and not harmful, his suggested client (not exit relay) torrc edits are most likely actively harmful to user anonymity and should not be used.
Also see: Tor Abuse Templates - https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates