RE: [squid-users] ACL Order Question

From: Jeff Wadsworth <jeff@dont-contact.us>
Date: Tue, 29 Oct 2002 16:15:59 -0600

Test it and see. Telnet to port 25 of your squid box and try to send spam
email.

Example:

telnet blah.com 25
helo dirtbag.com
mail from:blah@blah.com
rcpt to: blah2@cooter.com

If it allows you this far then chances are it is a relay.

Jeff

-----Original Message-----
From: AJ Lemke [mailto:aj.lemke@securitylabs.com]
Sent: Tuesday, October 29, 2002 3:58 PM
To: squid-users@squid-cache.org
Subject: [squid-users] ACL Order Question

After some help from the people on the list I have come to the
conclusion that I have a bad ACL. People where using me a spam relay.
I need some help in shutting them down. I have since shutdown my squid
server and have been working on a new ACL. I would appreciate any help
you could give me in making my squid server secure.

Here is my current ACL, I am running in the acceleration mode.

# Access control List
acl localhost src 127.0.0.1
acl purge method PURGE
acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl accelerated_servers dst **** List of Allowed Accelerated Servers
****
acl SSL_Ports port 443 563
acl SMTP_Ports port 25
acl CONNECT method CONNECT
acl Safe_ports port 80

# Access Area
http_access deny CONNECT SSL_Ports
http_access deny CONNECT SMTP_Ports
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow all
http_access allow accelerated_servers
http_access deny !Safe_ports

I am wondering if this ACL will work to keeping these spammers off of my
server. I am also wondering if the order I have this in is one of my
problems. Again any help you could render would be greatly
appericiated.

AJ
Received on Tue Oct 29 2002 - 15:11:40 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:56 MST