On Wednesday 26 October 2005 20:05, trainier@xxxxxxxxxx wrote: > > SMTP is allowed through your squid program itself, not the squid > > server. > > This is not correct. Although it might be possible to pass email > through squid, squid does not natively > allow smtp proxying. It does. But it's not intended. Imagine what happens when you send a bunch of HTTP header request lines to Squid? It will connect to the requested web server on port 80, send a few lines and wait for the reply. What if you request Squid to connect (not CONNECT!) to a mail server on port 25 (web->mail / 80->25)? It will do it. The mail server will be surprised about a "GET ..." line but will ignore it and go on with the other lines which contain SMTP. Yes, it's tricky. But it works. And since spammers look for innovative ways to broadcast their horsecrap this is a way to abuse proxies that are set up badly. > Squid proxies and caches http traffic and nothing more. Unfortunately, > due to variations of how connect() is used, I suppose this is possible. CONNECT does not need to be involved. > I'm curious to know your recommendation on this one. It's not like > there's an acl or config notation that > states: allow_smtp <yes|no> That's why connections should only be allowed on certain ports through ACLs. Even HTTP connections (not CONNECTs) are restricted to certain ports. For a reason. Christoph -- ~ ~ ".signature" [Modified] 1 line --100%-- 1,48 All
