What can I do if my Security Appliance is being used to relay SPAM?


<< Back to Knowledge Search

Solution

Overview

The first step to preventing SPAM is understanding that mailicious users are sending it by telneting to an open port on the device and are then utilizing the CONNECT method on port 25 to issue the request. Atypical SQUID format access log entry for such behavior is as follows:

1059587211.392 136354 10.2.3.242 TCP_TUNNELED/200 530 CONNECT https://216.52.23.20:25/ - DIRECT/216.52.23.20 -

In SGOS the default behavior of policy is to only allow CONNECT requests on port 443 so the sending of SPAM would only occur if you have an ALLOW statement in your policy causing a match for such a request. Keep in mind that a line containing the word 'ALLOW' allows everything.

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ102
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Topic      Services
Article Number      000014875
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat