Exit Relay Configuration

This setup process includes installing the Anon client using the APT repository, configuring the client as an Exit, adding an Exit Notice, setting up firewall rules and guidelines on how to achieve Double-reverse DNS.

Install using the apt repository

. /etc/os-release
sudo wget -qO- https://deb.en.anyone.tech/anon.asc | sudo tee /etc/apt/trusted.gpg.d/anon.asc
sudo echo "deb [signed-by=/etc/apt/trusted.gpg.d/anon.asc] https://deb.en.anyone.tech anon-live-$VERSION_CODENAME main" | sudo tee /etc/apt/sources.list.d/anon.list

Fully upgrade the system

sudo apt-get update
sudo apt-get upgrade

Install anon

sudo apt-get install anon

Configure anonrc

Edit the anon configuration:

sudo nano /etc/anon/anonrc

Use the template below and replace with a non-personal mail address for ContactInfo and change Nickname to your liking.

Nickname ExitRelayName
ContactInfo [email protected]
Log notice file /var/log/anon/notices.log
ORPort 9001
SocksPort 0
ExitRelay 1
IPv6Exit 0
DirPort 80
DirPortFrontPage /etc/anon/anyone-exit-notice.html
ReevaluateExitPolicy 1
ExitPolicy reject *:25
ExitPolicy reject *:587
ExitPolicy reject *:465
ExitPolicy reject *:2525
ExitPolicy reject *:3389
ExitPolicy reject *:23
ExitPolicy reject *:465
ExitPolicy reject *:3128
ExitPolicy reject *:5900
ExitPolicy reject *:9999

Download the Anyone Exit Notice

Add a non-personal mail address to the Exit Notice

Edit line 101 in the file anyone-exit-notice.html and change the value EMAIL_ADDRESS to a non-personal mail address to be able to respond to Abuse complaints.

Restart anon service to apply anon configuration

If additional changes are made to the anyone-exit-notice.html file, reloading the anon service to apply the changes is necessary. Reloading is executed with the command:

Apply firewall rules

This example assumes default ports are used for ORPort (9001), SSH (22) and HTTP (80). Change these values from the example if needed.

Double-reverse DNS

It is highly recommended that you set up a valid Double-reverse DNS, also known as a "double reverse lookup", which refers to the process of performing a reverse DNS lookup on the result of a forward DNS lookup. This is typically done for purposes of adding legitimacy to the identity of a remote system. To achieve this the two DNS records, PTR and A, need to be configured for an IP-address.

For example, if you have a domain name like example.com with an IP address of 192.0.2.1, a double-reverse DNS lookup would involve:

Pointer Record (PTR)

Address Record (A)

How do I achieve Double-reverse DNS?

As mentioned above the two DNS records that need to be configured are A and PTR. For the exact steps on how to configure the two DNS records then it is important to refer to the providers documentation on how to achieve this.

Mind that multiple Exit IP-addresses must not have identical DNS records, so adding an index number per Exit, like anyone-exit-1.example.com is a suggestion.

Pointer Record (PTR)

In the example where an Exit Relay is hosted at a cloud provider, then the control panel of the VPS will provide the possibility to configure a PTR record for your Exit IP. This setting can also be referred to as Reverse DNS, rDNS, Reverse mapping and more.

Address Record (A)

Here's a simplified breakdown:

1. Acquire a domain name: Choose a domain registrar (e.g., GoDaddy, Namecheap). Search for a domain name and purchase it.

2. Manage DNS Settings: Log in to your domain registrar's account. Go to the DNS management section.

3. Create an A Record: Add a new A record for your domain. Set the Hostname (e.g., anyone-exit-1.example.com). Enter the Public IP address of your Exit relay and save the record.