Securing Open relays in squid

[Lt.Stink]

Hey guys. I just got an email from my bandwidth priovider saying we have an open relay on our proxy that's being used by spammers. I'm a total newb and don't know how to lock it down. Can someone please help me create the proper acl to close this relay?

Many thx in advance.

[Lt.Stink]

anyone?

Pretty please with sugar on top...

[Mandeep]

For closing open relay in squid you need to declare your interface and ip range example: i have 2 interfaces (192.168.0.1(mask 255.255.255.0), xxx.xxx.xxx.xxx) where xxx.... is external ip which provider gives me.
i will add there lines in squid.conf
------------------
http_port 127.0.0.1:3128
http_port 192.168.0.1:3128

....

acl our_networks src 192.168.0.0/24
http_access allow our_networks

--------------------------
i tink this will solve most of your problems.

[kkubasik]

But if they are spammers, its more likely you have an smtp that is open.

Download the nmap tool and run

nmap localhost

OR

netstat -tup

both should turn up the active ports on your computer.

if 25 is open, you have a smtp relay open. Locking this down while keeping mail services active is not easy, more likely you'll just want to shut the mailserver down until you can be sure of how to fix it.

I doubt you are using a squid proxy unless you installed it on your own, in which case, you should disable it until you can install some authetication methods, but that doesn't appear to be the case.

99% chance, you just have a boatload of services running you don't need, try typing

ps aux

and look through the running processes, the kill command, combined with /etc/init.d/<servername> stop
should handle most of your problems.