That's pretty much what I have but is it not possible to use one of these
ports as a pass through for spam or would the receiving email servers block
it?
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1863 # MSN messenger
acl ncsa_users proxy_auth REQUIRED
acl maxuser max_user_ip -s 2
acl CONNECT method CONNECT
http_access deny manager
http_access allow ncsa_users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
--------------------------------------------------
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
Sent: Monday, December 27, 2010 9:36 PM
To: <squid-users@xxxxxxxxxxxxxxx>
Subject: Re: prevent squid being used as spam passthrough
On 27/12/10 09:23, J Webster wrote:
Is it possible for a proxy running on port 80 or 8080 to be used as a
pass through or zone origination for spam email?
Maybe. If it has been configured as an open proxy.
http://wiki.squid-cache.org/SquidFaq/SecurityPitfalls
We have had some users sign up with email addresses such as spambot and
other stuff recently. I suspect these are just bots signing up around
the web but got me thinking whether a proxy could be used in a chain or
tunneled somehow and whether that could be blocked?
The default squid.conf http_access controls are designed to prevent this
type of thing.
It requires Safe_ports to list only the ports <1024 which are nown to be
safe for proxy connections-to. As well as SSL_ports for CONNECT tunnels to
only connect to known HTTPS ports.
You can see the quid default settings at
http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#Squid_configuration
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
