I haven't seen this with squid per se but I have seen
spam relays happen through Novell Bordermanager
utilizing SMTP traffic. The administrator this was
affecting contacted me and I used packet filtering to
eliminate this possiblity. I would advise a similar
method in this scenario. Unless of course your are
running an unrestricted public proxy.
Ryan Kather
--- Joe Cooper <[EMAIL PROTECTED]> wrote:
> If using a default Squid configuration file from a
> recent version, I
> suspect you would be seeing DENIED rather than MISS
> here.
>
> CONNECT should only be permitted on certain ports
> (by default this is
> 443 and 563, I believe).
>
> So, yes, it does appear someone could be hopping
> through your proxy to
> mail relays.
>
> Mark Constable wrote:
>
> > My apologies for an off-topic message but I'm not
> connected to any other
> > Squid users forum and these log entries concern
> me. Is anyone aware of any
> > possiblity of using Squid on port 3128 to send UCB
> (spam email) to port 25 ?
> >
> > 1015065329.553 75856 65.173.24.27 TCP_MISS/000 0
> CONNECT \
> > relay1.exodus.net:25 - NONE/- -
> > 1015065329.553 34295 207.30.52.90 TCP_MISS/200
> 419 CONNECT \
> > rly-yb02.mx.aol.com:25 - DIRECT/205.188.156.98 -
> > 1015065329.553 50101 66.74.64.133 TCP_MISS/000 0
> CONNECT \
> > notessmtp2.ascap.com:25 - NONE/- -
> >
> > I guess this could be on-topic as far as filtering
> goes !
> >
> > --markc
>
> --
> Joe Cooper <[EMAIL PROTECTED]>
> http://www.swelltech.com
> Web Caching Appliances and Support
>
__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
