croilan cruz wrote: > all the servers behind the firewall/nat dmz server have private ip so if > port 25 will block users can not send mail. squid acl only the ip on our > network are in acl. does squid something to do with this thats why ip > was beeing block?
Since you say that squid is not configured as an open proxy, that can't be the reason why you're listed on CBL. But then if I understand what you're saying correctly, your internal hosts with private IP's can connect to port 25 of any machine on the Internet. If any of your internal hosts are infected by spam-sending malware then they have free reign, and that's why you're getting listed in the CBL. Modify your firewall rules so that you only allow port 25 access to your network's outbound mail relay, and deny access to port 25 on any other host. This will stop most of the malware on your network from sending mail (they usually do this by connecting directly to mail servers on the Internet, and don't usually try to send mail by using the configured outbound mail relay). That should allow you to get delisted. -- What this country needs is more unemployed politicians. http://stormwyrm.blogspot.com/ _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
