From: Halil Helvacioglu (halil@helvacioglu.org)
Date: Fri 11 Jul 2003 - 19:27:15 EEST
Bu olay sahsen benim basima geldi.. Spammerlar sonucta kendi mail server
larini kullaniyolar spam gondermek icin, ama SPAM ler sizin IP adresinizden
gidiyormus gibi gozukuyor. AOL den ve bir kac ISP den telefon geldi SPAM
gonderiyorsunuz falan diye, sendmail loglarina baktim hicbirseye
rastlamadim, sonra squid loglarinla gordum http://xxxxx:25 diye binlerce log
vardi.
Bu sitede bu konu ile ilgili bilgi bulabilirsiniz..
http://news.spamcop.net/cgi-bin/fom?_recurse=1&file=75#file_183
HTTP Proxies (Cisco and Squid)
Spammers have been hijacking HTTP proxy servers to send their spam
out, usually pointing the finger at the server IP, hiding their IP address
from being reported.
Cisco cache engines
Turn off http proxy service with the "no http proxy incoming" command
in global config mode. This will prevent all users from arbitrarily using
the cache engine as their HTTP proxy server.
Squid proxies
More and more often, spammers are transferring spam via Squid proxies.
This allows them to hide their tracks entirely, so only the host of the
proxy will be reveald in the spam headers.
The fix:
squid.conf should read:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
Halil Helvacioglu
----- Original Message -----
From: "Sancar Saran" <saran@sim.com.tr>
To: <linux-guvenlik@liste.linux.org.tr>
Sent: Friday, July 11, 2003 9:18 AM
Subject: [linux-guvenlik] Re: Proxy ve SPAM
> On Friday 11 July 2003 18:55, you wrote:
> > Selamlar...
> >
> > Benim soyledigim, relay mekanizmasi degil. Proxy server (squid)
uzerinden
> > baglanarak yapilan spam..
> >
> > Saygi ve sevgiler..
> >
>
> ???
>
> Nasil olacak simdi o?
>
> Sancar
>
>
>
>