RE: [squid-users] Squid trying to connect to smtp

I've put this and now it seems that it's blocking the
others IP addr...
> acl my_networks src your.local.network.address/mask
> http_access allow my_networks
> http_access deny all

One more thing... Can I setup squid to accept smtp and
pop of my internal network ?? How ? Because It's
blocking my network to access external SMTP and POP.

Regards

 --- Henrik Nordstrom <hno@squid-cache.org> escreveu:
> It depends on where you insert the http_access rule.
>
> http_access deny !my_networks
>
> can (should) be inserted at the top before any other
> http_access rules,
> to make sure that whatever you do in later
> http_access rules only
> my_network can be allowed as all others have already
> been denied.
>
>
> http_access allow mynetworks
>
> needs to be carefully inserted, usually last, to not
> override other
> http_access rules further restricting access, and
> any http_access rules
> before where you insert this rule needs to be
> validated to not override
> this giving others access who are outside
> mynetworks.
>
> Regards
> Henrik
>
>
> mån 2003-01-13 klockan 01.52 skrev Jay Turner:
> > >acl my_networks src
> your.local.network.address/mask
> > >http_access deny !my_networks
> >
> > Just out of interest, why wouldn't you use:
> >
> > acl my_networks src
> your.local.network.address/mask
> > http_access allow my_networks
> > http_access deny all
> >
> > Do these both not acheive the same outcome?
> >
> > Jay
> >
> > -----Original Message-----
> > From: hno@marasystems.com
> [mailto:hno@marasystems.com]On Behalf Of
> > Henrik Nordstrom
> > Sent: Sunday, 12 January 2003 3:51 PM
> > To: Intruder
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] Squid trying to connect
> to smtp
> >
> >
> > Someone on the Internet have found that your proxy
> is an open proxy with
> > no anti-spam rules, and are using your proxy to
> relay spam.
> >
> >
> > Add the following lines first in your squid.conf
> to tighten up things
> > considerably:
> >
> > acl my_networks src
> your.local.network.address/mask
> > http_access deny !my_networks
> >
> > And also the following which is in the standard
> Squid configuration, but
> > appears to have been deactivated in yours:
> >
> > acl SSL_ports 443
> > acl CONNECT method CONNECT
> > http_access deny ONNECT !SSL_ports
> >
> >
> > Then review you http_access rules carefully, and
> also consider
> > firewalling your squid servers from the Internet.
> >
> > Regards
> > Henrik
> >
> >
> > Intruder wrote:
> > >
> > > Hello,
> > >
> > > I don`t know why but in the access.log I`m
> having a
> > > lot of requests to smtp servers but no one is
> using
> > > the proxy and the client who is requesting the
> > > connection to the smtp server It's not in my
> network !
> > > I
> > >
> > > It doesn't stop trying to request some smtp
> server,
> > > like yahoo.
> > >
> > > The 209.189.55.0 network It's a known IP Addr.
> And
> > > it's trying to connect to yahoo stmp and others
> smtps
> > > servers.
> > >
> > > Here is a part of the access.log:
> > > 1042343173.132 1323 209.189.55.205 TCP_MISS/200
> 252
> > > CONNECT 64.156.215.5:25 - DIRECT/64.156.215.5 -
> > >
> > > 1042343173.661 471 209.189.55.205 TCP_MISS/200
> 39
> > > CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
> > >
> > > 1042343175.244 1223 209.189.55.205 TCP_MISS/200
> 244
> > > CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
> > >
> > > 1042343175.564 1234 209.189.55.200 TCP_MISS/200
> 252
> > > CONNECT 64.156.215.5:25 - DIRECT/64.156.215.5 -
> > >
> > > 1042343175.901 2970 209.189.55.205 TCP_MISS/200
> 420
> > > CONNECT 65.54.254.140:25 - DIRECT/65.54.254.140
> -
> > >
> > > 1042343177.542 1380 209.189.55.200 TCP_MISS/200
> 252
> > > CONNECT 64.156.215.5:25 - DIRECT/64.156.215.5 -
> > >
> > > 1042343177.759 1269 209.189.55.200 TCP_MISS/200
> 244
> > > CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
> > >
> > > 1042343186.026 1227 209.189.55.205 TCP_MISS/200
> 244
> > > CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
> > >
> > > 1042343186.378 1268 209.189.55.195 TCP_MISS/200
> 244
> > > CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
> > >
> > > 1042343186.450 1961 209.189.55.195 TCP_MISS/200
> 321
> > > CONNECT 65.54.254.151:25 - DIRECT/65.54.254.151
> -
> > >
> > > 1042343186.630 3000 209.189.55.195 TCP_MISS/200
> 419
> > > CONNECT 65.54.254.151:25 - DIRECT/65.54.254.151
> -
> > >
> > > 1042343188.731 1274 209.189.55.205 TCP_MISS/200
> 244
> > > CONNECT 216.136.129.18:25 -
> DIRECT/216.136.129.18 -
> > >
> > > 1042343188.830 2729 209.189.55.205 TCP_MISS/200
> 474
> > > CONNECT 64.12.136.217:25 - DIRECT/64.12.136.217
> -
> > >
> > > 1042343189.240 2007 209.189.55.200 TCP_MISS/200
> 315
> > > CONNECT 65.54.254.140:25 - DIRECT/65.54.254.140
> -
> > >
> > > 1042343189.390 2540 209.189.55.200 TCP_MISS/200
> 474
> > > CONNECT 64.12.137.184:25 - DIRECT/64.12.137.184
> -
> > >
> > > 1042343190.739 1269 209.189.55.195 TCP_MISS/200
> 244
> > > CONNECT 216.136.129.18:25 -
> DIRECT/216.136.129.18 -
> > >
> > > 1042343191.591 1220 209.189.55.205 TCP_MISS/200
> 244
> > > CONNECT 64.157.4.83:25 - DIRECT/64.157.4.83 -
> > >
> > > 1042343193.269 1239 209.189.55.205 TCP_MISS/200
> 252
> > > CONNECT 64.156.215.5:25 - DIRECT/64.156.215.5 -
> > >
> > > 1042343193.837 1215 209.189.55.205 TCP_MISS/200
> 244
> > > CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
> > >
> > > 1042343194.011 1212 209.189.55.205 TCP_MISS/200
> 244
> > > CONNECT 216.136.129.18:25 -
> DIRECT/216.136.129.18 -
> > >
> > > 1042343194.320 4830 209.189.55.201 TCP_MISS/200
> 217
> > > CONNECT 208.45.133.107:25 -
> DIRECT/208.45.133.107 -
> > >
> > > 1042343194.555 4334 209.189.55.205 TCP_MISS/200
> 135
> > > CONNECT 212.77.101.161:25 -
> DIRECT/212.77.101.161 -
> > >
> > > 1042343194.665 2275 209.189.55.205 TCP_MISS/200
> 239
> > > CONNECT 209.228.4.160:25 - DIRECT/209.228.4.160
> -
> > >
> > > 1042343194.780 2961 209.189.55.201 TCP_MISS/200
> 429
> > > CONNECT 65.54.254.140:25 - DIRECT/65.54.254.140
> -
> > >
> > > 1042343194.930 1910 209.189.55.205 TCP_MISS/200
> 250
> > > CONNECT 203.199.70.34:25 - DIRECT/203.199.70.34
> -
> > >
> > > 1042343195.330 3180 209.189.55.195 TCP_MISS/200
> 421
> > > CONNECT 65.54.254.151:25 - DIRECT/65.54.254.151
> -
> > >
> > > HEEEELPPP !!! What is it happening ???
> > >
> > > Thanks
> > >
> > >
>
_______________________________________________________________________
> > > Busca Yahoo!
> > > O melhor lugar para encontrar tudo o que você
> procura na Internet
> > > http://br.busca.yahoo.com/
> >
> >
>
>

_______________________________________________________________________
Busca Yahoo!
O melhor lugar para encontrar tudo o que você procura na Internet
http://br.busca.yahoo.com/
Received on Mon Jan 13 2003 - 05:07:07 MST