Hi again, > I notified my ISP soon as I realized that my bandwith is maxed out and > my private net has nothing to do with it.
This just confirms my previous post. > What is physically evident is that, during my tests, my external > device kept > on blinking like mad. Isuing an 'ifconfig' command shows that RX and > TX > packets of the external device kept on incrementing while the internal > RX/TX isn't moving at all. This shows that unwanted packets are simply > flowing into the box then back out again (perhaps to the spam > target/s), > without touching my private net. Exactly, this also confirms that the webmail system is not affected at all. You have an OPEN RELAY proxy. The abuser just asks for a page (coming traffic in your external interface), the proxy accepts and connects to it (outgoing traffic in the outside interface). The internal interface is not touched at all :) > Then my ISP forwarded me this: > [...] > > > PLEASE shut down this abusive user. > > > > This user has open proxies running on port 80. The proxycheck > > program > > > clearly shows the open proxy port: > > > [EMAIL PROTECTED] pck XXX.XXX.XXX.XXX > > > To check: hosts=1, proto:ports=63, host:proto:ports=63 > > > XXX.XXX.XXX.XXX:hc:80: HTTP request successeful (200) > > > XXX.XXX.XXX.XXX hc:80 open > > > NumOpen=1(1) NRead=119 Time=23 Your ISP has detected the open relay proxy :) > At present I'm scouring the net for info on how to go about with this. > This is really embarassing as I had no idea that having an open proxy > server is a no-no. (http://theproxyconnection.com/openproxy.html) Please, understand a reverse proxy is not the same than an open relay proxy. A reverse proxy is just a proxy that acts as a web server, listenning in port 80. The difference is it only accepts url behind the proxy. An open relay proxy is configured exactly the same BUT accepts any url. > But it is my requirement to allow EVERYBODY to be able to access > my web server in the private net. A reverse proxy will do this. > Perhaps some more squid howto is the answer. But further tips on > tightening a firewall is also very much welcome (TIA). Regards. -- Jaime Nebrera - [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
