> > SMTP is allowed through your squid program itself, not the squid server. On 26.10 14:05, trainier@xxxxxxxxxx wrote: > This is not correct. Although it might be possible to pass email through > squid, squid does not natively allow smtp proxying. Squid proxies and > caches http traffic and nothing more. Unfortunately, due to variations of > how connect() is used, I suppose this is possible. it is possible. But the default SQUID config does NOT allow connect to SMTP port: acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports > > Disable squid from allowing itself to connect to foreign hosts on port 25, > > or else you will continually be tracking people down rather than just > > preventing the problem from happening in the first place. > > I'm curious to know your recommendation on this one. It's not like > there's an acl or config notation that > states: allow_smtp <yes|no> > > How would you suggest doing this? Probably someone fucked up squid config which resulted into allowing CONNECT to SMTP ports. (this was commented in previous mails). He should revert to the default configuration. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.
