Squid is running on same machine as my firewall Shorewall doing NAT so all outgoing emails have the same IP of Shorewall 196.44.102.241 When a client sends outgoing email using port 80 bypassing our SMTP server (using port 25) the IP address that recipients see is our Shorewall and we are concerned that anti-spam databases will blacklist our Shorewall IP, which will block our entire network. What we need is a means to trace an email sent from our network back to the sender and we wish to know if Squid can do that one way or another, a log file, another application that 'plugs' into Squid. Please help! Greg -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: 01 August 2006 18:42 To: greg@xxxxxxxxxxxxxxx Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: Controlling Spam On Tue, 2006-08-01 at 17:44 +0000, Gregory EID wrote: > We block port 25 so our users can only send mail using our SMTP server. > However we suspect that some users get around this restriction by sending > outgoing SMTP using port 80. I would like to block SMTP traffic by port > using Squid. If this is not possible is there a way I can 'sniff' and > 'intercept' SMTP traffic? Make sure you have blocked any attempts to reach port 25 via the proxy. In particular make sure that the CONNECT method is very restricted in wich ports may be accessed via CONNECT. The default suggested ruleset does both, but many disable these security checks for some reason or another making them vulnerable to proxy abuse. Also note that there is quite many webmail services out there.. gmail, yahoo, msn and about a ton others plus countless non-free or private ones.. so in principle as long as you allow surfing to "unknown" destinations you will allow your users to send email if they insist on it. But at least it won't look like those emails is coming from your company.. Regards Henrik
