Re: [squid-users] Spam mail through Squid server

From: Christoph Haas <email@dont-contact.us>
Date: Wed, 26 Oct 2005 20:24:17 +0200

On Wednesday 26 October 2005 20:05, trainier@kalsec.com wrote:
> > SMTP is allowed through your squid program itself, not the squid
> > server.
>
> This is not correct. Although it might be possible to pass email
> through squid, squid does not natively
> allow smtp proxying.

It does. But it's not intended. Imagine what happens when you send a bunch
of HTTP header request lines to Squid? It will connect to the requested web
server on port 80, send a few lines and wait for the reply. What if you
request Squid to connect (not CONNECT!) to a mail server on port 25
(web->mail / 80->25)? It will do it. The mail server will be surprised
about a "GET ..." line but will ignore it and go on with the other lines
which contain SMTP. Yes, it's tricky. But it works. And since spammers look
for innovative ways to broadcast their horsecrap this is a way to abuse
proxies that are set up badly.

> Squid proxies and caches http traffic and nothing more. Unfortunately,
> due to variations of how connect() is used, I suppose this is possible.

CONNECT does not need to be involved.

> I'm curious to know your recommendation on this one. It's not like
> there's an acl or config notation that
> states: allow_smtp <yes|no>

That's why connections should only be allowed on certain ports through
ACLs.
Even HTTP connections (not CONNECTs) are restricted to certain ports. For a
reason.

 Christoph

-- 
~
~
".signature" [Modified] 1 line --100%--                1,48         All
Received on Wed Oct 26 2005 - 12:23:59 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST