On Tue, 2006-08-01 at 17:44 +0000, Gregory EID wrote: > We block port 25 so our users can only send mail using our SMTP server. > However we suspect that some users get around this restriction by sending > outgoing SMTP using port 80. I would like to block SMTP traffic by port > using Squid. If this is not possible is there a way I can 'sniff' and > 'intercept' SMTP traffic? Make sure you have blocked any attempts to reach port 25 via the proxy. In particular make sure that the CONNECT method is very restricted in wich ports may be accessed via CONNECT. The default suggested ruleset does both, but many disable these security checks for some reason or another making them vulnerable to proxy abuse. Also note that there is quite many webmail services out there.. gmail, yahoo, msn and about a ton others plus countless non-free or private ones.. so in principle as long as you allow surfing to "unknown" destinations you will allow your users to send email if they insist on it. But at least it won't look like those emails is coming from your company.. Regards Henrik
