On Wed, Oct 26, 2005 at 02:05:56PM -0400, trainier@xxxxxxxxxx wrote: > > SMTP is allowed through your squid program itself, not the squid server. > This is not correct. Although it might be possible to pass email through > squid, squid does not natively > allow smtp proxying. Squid proxies and caches http traffic and nothing If it allows traffic to port 25 on another host, then it's possible to spam. > > > Disable squid from allowing itself to connect to foreign hosts on port > 25, > > or else you will continually be tracking people down rather than just > > preventing the problem from happening in the first place. > > I'm curious to know your recommendation on this one. It's not like > there's an acl or config notation that > states: allow_smtp <yes|no> > > How would you suggest doing this? We only use SSL on 443 and we only allow Squid to connect to TCP ports 80/443/21, so I have squid setup the following way: acl SSL_ports port 443 acl CONNECT method CONNECT http_access deny CONNECT !SSL_ports acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl Safe_ports port 21 # ftp http_access deny !Safe_ports With this setup, any attempt to connect to a host on a port other than 80/443/21 will be denied. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com
