Re: [squid-users] Spam mail through Squid server

From: Covington, Chris <Chris.Covington@dont-contact.us>
Date: Tue, 25 Oct 2005 17:00:04 -0400

On Tue, Oct 25, 2005 at 09:36:56PM +0100, lokesh.khanna@accelonafrica.com wrote:
> Hi
>
> I am running transparent squid server on Redhat ES 3.0 box. I noticed
> some time some of my users establish http connection with some server on
> internet and send spam mail. Header of that mail always contain squid
> server IP address. Is there any way I can insert customer's PC ip
> address also which is actually sending that mail?

You must have a rule which allows squid to connect to port 25
that you should disable.
I believe this sort of spamming uses the CONNECT method. The
default squid configuration prevents this already with:

acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports

and

acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 21 # ftp
http_access deny !Safe_ports

---
Chris Covington
IT
Plus One Health Management
75 Maiden Lane Suite 801
NY, NY 10038
646-312-6269
http://www.plusoneactive.com
Received on Tue Oct 25 2005 - 15:00:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST