Is it possible to route email through squid? I am seeing some weird activity in my access.log that looks like spammers are forwarding mail through my cache:
1104271801.943 5873 205.209.140.20 TCP_MISS/200 446 CONNECT 209.152.181.224:25 - DIRECT/209.152.181.224 - 1104271802.066 20403 65.75.186.170 TCP_MISS/200 621 CONNECT 65.108.138.86:25 - DIRECT/65.108.138.86 - 1104271802.067 16376 66.227.66.161 TCP_MISS/200 39 CONNECT mail.swimwithmanatees.com:25 - DIRECT/64.176.227.50 - 1104271802.366 77603 205.209.168.170 TCP_MISS/200 3918 CONNECT 163.187.152.23:25 - DIRECT/163.187.152.23 - 1104271802.638 1417 63.209.180.12 TCP_MISS/200 431 CONNECT maila.microsoft.com:25 - DIRECT/131.107.3.124 - 1104271803.184 1557 205.209.140.20 TCP_MISS/200 39 CONNECT 67.18.60.34:25 - DIRECT/67.18.60.34 -
Is this the case? I have my ACLs set up to only accept requests from one
subnet which doesn't match any of these IP addresses.
Sure, it is possible to use any open proxy that supports the CONNECT method to send email. The problem is that you've removed all protections against this issue in the default configuration that ships with Squid. Clearly, your proxy is being used to send spam.
You should fix your ACL and http_access configuration to fix these problems ASAP. If you don't know how Squid ACLs work and aren't able to make sense of them after a review of the documentation and FAQ, send us a copy of the relevant portions of your squid.conf, and someone will be able to tell you where you've gone wrong in your configuration.
In short, the vast majority of users never need to do anything other than add a single "localnet" ACL and an "http_access allow localnet" rule just before the "http_access deny all" rule. That's it.
