On Tue, Oct 29, 2002 at 04:15:59PM -0600, Jeff Wadsworth wrote:
> Test it and see. Telnet to port 25 of your squid box and try to send
spam
> email.
>
> Example:
>
> telnet blah.com 25
> helo dirtbag.com
> mail from:blah@blah.com
> rcpt to: blah2@cooter.com
Correction: Unless it is *also* a mail server (not common), the way to
check that your Squid box can be abused to relay spam is as follows:
telnet squid-box 3128 (or whatever port your Squid listens to)
CONNECT mx1.mail.yahoo.com:25 HTTP/1.1
(hit Enter two times)
If you get the SMTP banner from the mail server, like:
220 YSmtp mta505.mail.yahoo.com ESMTP service ready
Then your Squid can be abused. No need to do any further simulating of
a SMTP transaction. Of course you can use any SMTP server,
Yahoo is just used as an example here (don't try this at home, kids
:-)
I have learned that the following can be used too to abuse
a web proxy:
telnet squid-box 3128
POST http://mx1.mail.yahoo.com:25 HTTP/1.1
Host: mx1.mail.yahoo.com
Content-length: 100 (or whatever)
(Enter two times)
(blind type SMTP transaction)
I have tested this sucessfully against a Cacheflow box I manage, I don't
know if it can be used against Squid too.
Greets,
_Alain_
Received on Tue Oct 29 2002 - 20:02:33 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:56 MST