From owner-freebsd-isp@FreeBSD.ORG Mon May 19 11:54:25 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A539237B401 for ; Mon, 19 May 2003 11:54:25 -0700 (PDT) Received: from traven9.uol.com.br (traven9.uol.com.br [200.221.29.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id B90A143F75 for ; Mon, 19 May 2003 11:54:22 -0700 (PDT) (envelope-from antonio.torres@newspace.net.br) Received: from thinkpad.newspace.net.br ([200.161.130.58]) by traven9.uol.com.br (8.9.1/8.9.1) with SMTP id PAA05898 for ; Mon, 19 May 2003 15:54:18 -0300 (BRT) Date: Mon, 19 May 2003 15:54:19 -0300 From: Antonio Torres To: freebsd-isp@freebsd.org Message-Id: <20030519155419.4a37c6de.antonio.torres@newspace.net.br> In-Reply-To: <501EEBD0-8A27-11D7-8061-000393D5E5DA@hub3.net> References: <523443F2-8A26-11D7-A0BC-003065BA9B36@titania.net> <501EEBD0-8A27-11D7-8061-000393D5E5DA@hub3.net> Organization: Newspace Telecom. X-Mailer: Sylpheed version 0.9.0 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Illegal use of my server?? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2003 18:54:25 -0000 *Any* http proxy misconfigured can be used for mail relay ... Squid, Apache+mod_proxy, delegate ... a simple "CONNECT xxx.yyy.zzz.ttt:25 HTTP/1.0" can put your proxy (or your IP) in trouble (or in RBL).... For *any* kind o proxy : Read the manual ! Search google for tips&tricks be paranoic: use ipfw (or other 'firewall') to add an extra level of security/filtering be more paranoic : read the logs !! []s On Mon, 19 May 2003 11:25:48 -0700 Bryan Vyhmeister wrote: > I don't quite understand what happened. How was Squid used to relay > mail? I'm glad this thread came up because I am just about to deploy a > Squid cache. > > Bryan > > On Monday, May 19, 2003, at 11:18 AM, Joseph T. Klein wrote: > > > The Squid package and port should have a *big* warning sign on them > > about this. > > I know of at least one network that was blacklisted due to the lack of > > tight > > ACLs on Squid. > > > > On Monday, May 19, 2003, at 01:09 PM, Tony Saign wrote: > > > >> Any legal gurus out there?? > >> > >> Long story, but I'll summarize; > >> > >> On Friday 05/16 my T1 went down. > >> In troubleshooting attempts it was discovered that a machine, on my > >> network was being used maliciously. > >> Not hacked, but Squid was being used to relay mail (i.e. SPAM). > >> The machine was immediately brought down, and Squid was disabled. > >> > >> I received a call from my ISP, and they are NOT happy. > >> Looking @ the logs, it appears that several thousand SPAM emails may > >> have been sent. > >> > >> What should I do? Can I pursue each ISP in attempts to track down the > >> guilty parties? > >> Can I take any legal action against them? > >> This is the last straw! I'm so frickin' sick of SPAM, and now people > >> potentially got some w/ my IP address! > >> Grrr!!! > >> > >> Any suggestions, advice would be greatly appreciated. > >> > >> -- Antonio Torres antonio.torres@newspace.net.br