On Fri, 29 Apr 2005, Louis wrote:
I have server running fedora and squid. It is running in a bridge mode. It has two nics and ebtables running, ebtables redirects to squid process. All seems to work fine except the server appears to be sending spam, when I do a netstat -p | grep smtp it shows the squid process trying to send out to many different servers. Here is the main part of the config that I am having problems with
visible_hostname cache.mydomain.com`
acl net1 src 10.0.0.0/255.0.0.0 acl net2 src 0.0.0.0/0.0.0.0
Are you sure about that net2 thing? It matches the whole world...
# # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #
Did you by any chance delete the rules above this line? There is several anti-abuse rules above this line which by example blocks SMTP abuse via the HTTP proxy (the Safe_Ports, CONNECT etc things).
I know take out the 0.0.0.0 subnet but when I do that people on the outside world cannot access the internal web servers. But the smtp traffic Stops. I have tried varies access rules but haven't hit the right combination yet.
1. Don't delete the default anti-abuse rules.
2. Don't delete the default anti-abuse rules.
3. When configuring an accelerator limit what destinations may be reached in a similar manner to how you limit who may use the proxy in a normal forward-proxy.
acl net1 src 10.0.0.0/8 http_access allow net1
acl webservers dstdomain accelerated.site.1 accelerated.site.2 acl http protocol http acl port80 port 80 http_access allow webservers http port80
Regards Henrik
