RE: [squid-users] Controlling Spam

From: Gregory EID <greg@dont-contact.us>
Date: Tue, 1 Aug 2006 21:44:30 -0000

Squid is running on same machine as my firewall Shorewall doing NAT so all
outgoing emails have the same IP of Shorewall 196.44.102.241

When a client sends outgoing email using port 80 bypassing our SMTP server
(using port 25) the IP address that recipients see is our Shorewall and we
are concerned that anti-spam databases will blacklist our Shorewall IP,
which will block our entire network.

What we need is a means to trace an email sent from our network back to the
sender and we wish to know if Squid can do that one way or another, a log
file, another application that 'plugs' into Squid.

Please help!

Greg

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: 01 August 2006 18:42
To: greg@teledata-gh.com
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Controlling Spam

On Tue, 2006-08-01 at 17:44 +0000, Gregory EID wrote:
> We block port 25 so our users can only send mail using our SMTP server.
> However we suspect that some users get around this restriction by sending
> outgoing SMTP using port 80. I would like to block SMTP traffic by port
> using Squid. If this is not possible is there a way I can 'sniff' and
> 'intercept' SMTP traffic?

Make sure you have blocked any attempts to reach port 25 via the proxy.
In particular make sure that the CONNECT method is very restricted in
wich ports may be accessed via CONNECT.

The default suggested ruleset does both, but many disable these security
checks for some reason or another making them vulnerable to proxy abuse.

Also note that there is quite many webmail services out there.. gmail,
yahoo, msn and about a ton others plus countless non-free or private
ones.. so in principle as long as you allow surfing to "unknown"
destinations you will allow your users to send email if they insist on
it. But at least it won't look like those emails is coming from your
company..

Regards
Henrik
Received on Tue Aug 01 2006 - 15:46:56 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:01 MDT