RE: [squid-users] Squid trying to connect to smtp

From: Jay Turner <jturner@dont-contact.us>
Date: Mon, 13 Jan 2003 08:52:15 +0800

>acl my_networks src your.local.network.address/mask
>http_access deny !my_networks

Just out of interest, why wouldn't you use:

acl my_networks src your.local.network.address/mask
http_access allow my_networks
http_access deny all

Do these both not acheive the same outcome?

Jay

-----Original Message-----
From: hno@marasystems.com [mailto:hno@marasystems.com]On Behalf Of
Henrik Nordstrom
Sent: Sunday, 12 January 2003 3:51 PM
To: Intruder
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid trying to connect to smtp

Someone on the Internet have found that your proxy is an open proxy with
no anti-spam rules, and are using your proxy to relay spam.

Add the following lines first in your squid.conf to tighten up things
considerably:

acl my_networks src your.local.network.address/mask
http_access deny !my_networks

And also the following which is in the standard Squid configuration, but
appears to have been deactivated in yours:

acl SSL_ports 443
acl CONNECT method CONNECT
http_access deny ONNECT !SSL_ports

Then review you http_access rules carefully, and also consider
firewalling your squid servers from the Internet.

Regards
Henrik

Intruder wrote:
>
> Hello,
>
> I don`t know why but in the access.log I`m having a
> lot of requests to smtp servers but no one is using
> the proxy and the client who is requesting the
> connection to the smtp server It's not in my network !
> I
>
> It doesn't stop trying to request some smtp server,
> like yahoo.
>
> The 209.189.55.0 network It's a known IP Addr. And
> it's trying to connect to yahoo stmp and others smtps
> servers.
>
> Here is a part of the access.log:
> 1042343173.132 1323 209.189.55.205 TCP_MISS/200 252
> CONNECT 64.156.215.5:25 - DIRECT/64.156.215.5 -
>
> 1042343173.661 471 209.189.55.205 TCP_MISS/200 39
> CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
>
> 1042343175.244 1223 209.189.55.205 TCP_MISS/200 244
> CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
>
> 1042343175.564 1234 209.189.55.200 TCP_MISS/200 252
> CONNECT 64.156.215.5:25 - DIRECT/64.156.215.5 -
>
> 1042343175.901 2970 209.189.55.205 TCP_MISS/200 420
> CONNECT 65.54.254.140:25 - DIRECT/65.54.254.140 -
>
> 1042343177.542 1380 209.189.55.200 TCP_MISS/200 252
> CONNECT 64.156.215.5:25 - DIRECT/64.156.215.5 -
>
> 1042343177.759 1269 209.189.55.200 TCP_MISS/200 244
> CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
>
> 1042343186.026 1227 209.189.55.205 TCP_MISS/200 244
> CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
>
> 1042343186.378 1268 209.189.55.195 TCP_MISS/200 244
> CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
>
> 1042343186.450 1961 209.189.55.195 TCP_MISS/200 321
> CONNECT 65.54.254.151:25 - DIRECT/65.54.254.151 -
>
> 1042343186.630 3000 209.189.55.195 TCP_MISS/200 419
> CONNECT 65.54.254.151:25 - DIRECT/65.54.254.151 -
>
> 1042343188.731 1274 209.189.55.205 TCP_MISS/200 244
> CONNECT 216.136.129.18:25 - DIRECT/216.136.129.18 -
>
> 1042343188.830 2729 209.189.55.205 TCP_MISS/200 474
> CONNECT 64.12.136.217:25 - DIRECT/64.12.136.217 -
>
> 1042343189.240 2007 209.189.55.200 TCP_MISS/200 315
> CONNECT 65.54.254.140:25 - DIRECT/65.54.254.140 -
>
> 1042343189.390 2540 209.189.55.200 TCP_MISS/200 474
> CONNECT 64.12.137.184:25 - DIRECT/64.12.137.184 -
>
> 1042343190.739 1269 209.189.55.195 TCP_MISS/200 244
> CONNECT 216.136.129.18:25 - DIRECT/216.136.129.18 -
>
> 1042343191.591 1220 209.189.55.205 TCP_MISS/200 244
> CONNECT 64.157.4.83:25 - DIRECT/64.157.4.83 -
>
> 1042343193.269 1239 209.189.55.205 TCP_MISS/200 252
> CONNECT 64.156.215.5:25 - DIRECT/64.156.215.5 -
>
> 1042343193.837 1215 209.189.55.205 TCP_MISS/200 244
> CONNECT 64.157.4.82:25 - DIRECT/64.157.4.82 -
>
> 1042343194.011 1212 209.189.55.205 TCP_MISS/200 244
> CONNECT 216.136.129.18:25 - DIRECT/216.136.129.18 -
>
> 1042343194.320 4830 209.189.55.201 TCP_MISS/200 217
> CONNECT 208.45.133.107:25 - DIRECT/208.45.133.107 -
>
> 1042343194.555 4334 209.189.55.205 TCP_MISS/200 135
> CONNECT 212.77.101.161:25 - DIRECT/212.77.101.161 -
>
> 1042343194.665 2275 209.189.55.205 TCP_MISS/200 239
> CONNECT 209.228.4.160:25 - DIRECT/209.228.4.160 -
>
> 1042343194.780 2961 209.189.55.201 TCP_MISS/200 429
> CONNECT 65.54.254.140:25 - DIRECT/65.54.254.140 -
>
> 1042343194.930 1910 209.189.55.205 TCP_MISS/200 250
> CONNECT 203.199.70.34:25 - DIRECT/203.199.70.34 -
>
> 1042343195.330 3180 209.189.55.195 TCP_MISS/200 421
> CONNECT 65.54.254.151:25 - DIRECT/65.54.254.151 -
>
> HEEEELPPP !!! What is it happening ???
>
> Thanks
>
> _______________________________________________________________________
> Busca Yahoo!
> O melhor lugar para encontrar tudo o que você procura na Internet
> http://br.busca.yahoo.com/
Received on Sun Jan 12 2003 - 17:47:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:38 MST