Scott Phalen wrote:
> Is it possible to route email through squid? I am seeing some weird
> activity in my access.log that looks like spammers are forwarding mail
> through my cache:
>
> 1104271801.943 5873 205.209.140.20 TCP_MISS/200 446 CONNECT
> 209.152.181.224:25 - DIRECT/209.152.181.224 -
> 1104271802.066 20403 65.75.186.170 TCP_MISS/200 621 CONNECT
> 65.108.138.86:25 - DIRECT/65.108.138.86 -
> 1104271802.067 16376 66.227.66.161 TCP_MISS/200 39 CONNECT
> mail.swimwithmanatees.com:25 - DIRECT/64.176.227.50 -
> 1104271802.366 77603 205.209.168.170 TCP_MISS/200 3918 CONNECT
> 163.187.152.23:25 - DIRECT/163.187.152.23 -
> 1104271802.638 1417 63.209.180.12 TCP_MISS/200 431 CONNECT
> maila.microsoft.com:25 - DIRECT/131.107.3.124 -
> 1104271803.184 1557 205.209.140.20 TCP_MISS/200 39 CONNECT 67.18.60.34:25
> - DIRECT/67.18.60.34 -
>
> Is this the case? I have my ACLs set up to only accept requests from one
> subnet which doesn't match any of these IP addresses.
Sure, it is possible to use any open proxy that supports the CONNECT
method to send email. The problem is that you've removed all
protections against this issue in the default configuration that ships
with Squid. Clearly, your proxy is being used to send spam.
You should fix your ACL and http_access configuration to fix these
problems ASAP. If you don't know how Squid ACLs work and aren't able to
make sense of them after a review of the documentation and FAQ, send us
a copy of the relevant portions of your squid.conf, and someone will be
able to tell you where you've gone wrong in your configuration.
In short, the vast majority of users never need to do anything other
than add a single "localnet" ACL and an "http_access allow localnet"
rule just before the "http_access deny all" rule. That's it.
Received on Tue Dec 28 2004 - 17:07:48 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:03 MST