> 1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT > 205.188.156.185:25 - DIRECT/205.188.156.185 - Next to the solutions offered, make an ACL that allows CONNECT attempts only to 'trusted ports', i.e. https(443) and possibly snews (563): acl CONNECT method CONNECT acl Safe_CONNECT_Ports 443 563 http_access deny CONNECT !Safe_CONNECT_Ports Joost