Re: [squid-users] Mass Mailers & Spiders

Thanks so much, that was a wonderful response, you got me going, there is
some hope ;), let me answer some of the questions u posed

>Does someone know how Mass Mailers and Spiders can be blocked via
>squid from functioning?

>>Mass mailers generally use SMTP over port 25, which Squid has nothing
>>to do with. Spiders, on the other hand, do use HTTP, and Squid can
>>be part of the solution there.

On this case I have blocked port 25 on my NAT, that should take care of that

>I actually tried using HTB to restrict its bandwidth but it seemed
not to
>have any effect

>>However, more information would improve the quality of your answer.
>>Who is using the spider? What is it being used to do? Do you know
>>what program it is?

clients that come to use the systems in the cafe do so, its used to do mass
telemarketing in form of scam mails, ave got samples of the programs, its
hard to monitor them, cause the've devised ways of placing the files in
their mail boxes and downloading it, ever since i removed floppy drives and
blocked download of exe files, and any other extention they try to use,
actually for some months now, i have been working with SpamAssassin
developers with some help from Henrik on how to achieve webmail filtering,
so that outgoing Spam Mails can be flagged by SA, it involves interfacing
Squid with SpamAssassin thru ICAP, I still got some bugs, but am on it best
I can, since it will be an effective solution to eliminate scam mails from
the outgoing gateway server, so at both ends its filtered.

right now though, am trying to find a temp solution, while i try to fix the
bugs

>>The advanced routing queues can only restricy by IP Address and port
>>(and by packet flags), and are too blunt a tool to use in this case.
>>You need something (like Squid) that can read the traffic at the
>>application level.

>>Your best bet would be to find some unique characteristic of the
>>spider (such as the User Agent string) and setup a delay pool to
>>slow it way down. You indicated you tried this before and it didn't
>>work - what was your setup like?

what would be the syntax in other to do so by the useragent string, using
delay pools?, this is what i havent tried and sounds like the perfect
solution, what i had simply tried before was to use delay pools to restrict
each computer to 5kb/s browsing speed, but usually the programs seem to be
able to eat up more than their share, I just couldnt figure out how it was
being done, thats when i tried HTB, but no luck either

>>Outright blocking it will draw you into a cat and mouse game with
>>the spider's user - he/she will try to work around your blocking,
>>and you'll have to keep working to continue to block the user. Simply
>>slowing it way down may make the user think it's a connection problem
>>or a problem with the spider.

this is very true, and a more subtle approach, i agree completely

>>Hopefully you have a good acceptable use policy and can use it to
>>boot the user off your network - that will be the only sure solution.

Here lies the problem, its hard to enforce the Policy, but thought this
method will completely discourage it, moreover once the SQiSA code
(Squid-iCAP-SpamAssassin, pronounced squizsa ) is finished I would just
relax and deal em my own back.

Thanks Adam,

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
Received on Sat Jul 19 2003 - 14:54:04 MDT