Hi all, I'm not sure if this has already been answered somewhere as I haven't been able to access my lists for a while.
I've seen a report from one of our clients that their Qube 3 is running as an Open Relay Proxy and can therefore be used for email spamming through the Squid port on the ppp connection when dialed up. After some looking around, Squid's default http_access action is to disallow any connection and the administrator must specifically allow networks, and ports to use it as a proxy. Unfortunately the Cobalt Qube 3 rules which are automatically added to the config when caching is enabled allow anyone anywhere access to the proxy, which then allows it to be used for email relaying through the HTTP proxy. "http_access allow all" Can I just change the squid.conf and insert more restrictive access control rules above the Cobalt auto generated lines to control proxy access? Or will they then be overwritten by the Qube 3 software if it updates the squid.conf? Is it possible to modify the Qube 3 scripts to only allow proxy connections from itself and the local network instead of globally allowing connections from anywhere? Is this a problem specific to the Qube 3 or is it also present in the Raq's as well? Best Regards Richard Nellist _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
