Find the answer to your Linux question:
Results 1 to 4 of 4
Hey guys. I just got an email from my bandwidth priovider saying we have an open relay on our proxy that's being used by spammers. I'm a total newb and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2005
    Posts
    7

    Securing Open relays in squid


    Hey guys. I just got an email from my bandwidth priovider saying we have an open relay on our proxy that's being used by spammers. I'm a total newb and don't know how to lock it down. Can someone please help me create the proper acl to close this relay?

    Many thx in advance.

  2. #2
    Just Joined!
    Join Date
    Jul 2005
    Posts
    7
    anyone?

    Pretty please with sugar on top...

  3. #3
    Just Joined!
    Join Date
    Aug 2005
    Posts
    4
    For closing open relay in squid you need to declare your interface and ip range example: i have 2 interfaces (192.168.0.1(mask 255.255.255.0), xxx.xxx.xxx.xxx) where xxx.... is external ip which provider gives me.
    i will add there lines in squid.conf
    ------------------
    http_port 127.0.0.1:3128
    http_port 192.168.0.1:3128

    ....

    acl our_networks src 192.168.0.0/24
    http_access allow our_networks

    --------------------------
    i tink this will solve most of your problems.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru kkubasik's Avatar
    Join Date
    Mar 2004
    Location
    Lat: 39:03:51N Lon: 77:14:37W
    Posts
    2,396
    But if they are spammers, its more likely you have an smtp that is open.

    Download the nmap tool and run

    nmap localhost

    OR

    netstat -tup

    both should turn up the active ports on your computer.

    if 25 is open, you have a smtp relay open. Locking this down while keeping mail services active is not easy, more likely you'll just want to shut the mailserver down until you can be sure of how to fix it.

    I doubt you are using a squid proxy unless you installed it on your own, in which case, you should disable it until you can install some authetication methods, but that doesn't appear to be the case.

    99% chance, you just have a boatload of services running you don't need, try typing

    ps aux

    and look through the running processes, the kill command, combined with /etc/init.d/<servername> stop
    should handle most of your problems.
    Avoid the Gates of Hell. Use Linux
    A Penny for your Thoughts

    Formerly Known as qub333

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •