On Tue, 2006-08-01 at 17:44 +0000, Gregory EID wrote:
> We block port 25 so our users can only send mail using our SMTP server.
> However we suspect that some users get around this restriction by sending
> outgoing SMTP using port 80. I would like to block SMTP traffic by port
> using Squid. If this is not possible is there a way I can 'sniff' and
> 'intercept' SMTP traffic?
Make sure you have blocked any attempts to reach port 25 via the proxy.
In particular make sure that the CONNECT method is very restricted in
wich ports may be accessed via CONNECT.
The default suggested ruleset does both, but many disable these security
checks for some reason or another making them vulnerable to proxy abuse.
Also note that there is quite many webmail services out there.. gmail,
yahoo, msn and about a ton others plus countless non-free or private
ones.. so in principle as long as you allow surfing to "unknown"
destinations you will allow your users to send email if they insist on
it. But at least it won't look like those emails is coming from your
company..
Regards
Henrik
Received on Tue Aug 01 2006 - 12:39:30 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:01 MDT