Search squid archive

Re: Spam mail through Squid server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 26, 2005 at 02:05:56PM -0400, trainier@xxxxxxxxxx wrote:
> > SMTP is allowed through your squid program itself, not the squid server.
> This is not correct.  Although it might be possible to pass email through 
> squid, squid does not natively
> allow smtp proxying.  Squid proxies and caches http traffic and nothing 

If it allows traffic to port 25 on another host, then it's possible to
spam.

> 
> > Disable squid from allowing itself to connect to foreign hosts on port 
> 25, 
> > or else you will continually be tracking people down rather than just 
> > preventing the problem from happening in the first place.
> 
> I'm curious to know your recommendation on this one.  It's not like 
> there's an acl or config notation that
> states: allow_smtp <yes|no>
> 
> How would you suggest doing this?

We only use SSL on 443 and we only allow Squid to connect to TCP ports 
80/443/21, so I have squid setup the following way:

acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports

acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl Safe_ports port 21          # ftp
http_access deny !Safe_ports

With this setup, any attempt to connect to a host on a port other than
80/443/21 will be denied.

---
Chris Covington
IT
Plus One Health Management
75 Maiden Lane Suite 801
NY, NY 10038
646-312-6269
http://www.plusoneactive.com


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux