Hi,
On Thu, 24 Apr 2003 09:27:58 +0500
"Ahmad Masood Shah" <masood@ipsec.fibre.net.pk> wrote:
> it's very strange for me Squid and Open realy if you are running a machine
> just for squid then no need to run any service for SMTP. but if you want to
> use your machine for both Squid and SMTP then you will have to patch your
> mail deamon like Sendmail, Postfix or Qmail :)
Squid can be used as an open relay for email if anyone can connect to the SSL
port (443). If that's open, it's very easy to do something like
# telnet squid-box 443
Trying w.x.y.z...
Connected to squid-box.
Escape character is '^]'.
CONNECT somehost.somewhere:25 HTTP/1.0
And then you start pumping SMTP commands down the line.
So, what you need to do is:
1) don't allow outsiders to connect to your squid
-> you'll need to do this
2) don't allow CONNECT to ports you don't think should be allowed
-> should be so by default, you should have a line like the following:
http_access deny CONNECT!Safe_ports
Colin
-- Colin Campbell Unix Support/Postmaster/Hostmaster CITEC +61 7 3227 6334Received on Wed Apr 23 2003 - 22:54:43 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:18 MST