> > SMTP is allowed through your squid program itself, not the squid server.
On 26.10 14:05, trainier@kalsec.com wrote:
> This is not correct. Although it might be possible to pass email through
> squid, squid does not natively allow smtp proxying. Squid proxies and
> caches http traffic and nothing more. Unfortunately, due to variations of
> how connect() is used, I suppose this is possible.
it is possible. But the default SQUID config does NOT allow connect to SMTP
port:
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
> > Disable squid from allowing itself to connect to foreign hosts on port 25,
> > or else you will continually be tracking people down rather than just
> > preventing the problem from happening in the first place.
>
> I'm curious to know your recommendation on this one. It's not like
> there's an acl or config notation that
> states: allow_smtp <yes|no>
>
> How would you suggest doing this?
Probably someone fucked up squid config which resulted into allowing CONNECT
to SMTP ports. (this was commented in previous mails). He should revert to
the default configuration.
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.Received on Thu Oct 27 2005 - 01:29:06 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST