FAQ

What can I do if my Security Appliance is being used to relay SPAM?

FAQ ID:    FAQ102
Version:    2.0
Status:    Published
Published date:    03/02/2009
Updated:    03/04/2009
 

Answer

The first step to preventing SPAM is understanding that mailicious users are sending it by telneting to an open port on the device and are then utilizing the CONNECT method on port 25 to issue the request. Atypical SQUID format access log entry for such behavior is as follows:

1059587211.392 136354 10.2.3.242 TCP_TUNNELED/200 530 CONNECT https://216.52.23.20:25/ - DIRECT/216.52.23.20 -

In SGOS the default behavior of policy is to only allow CONNECT requests on port 443 so the sending of SPAM would only occur if you have an ALLOW statement in your policy causing a match for such a request. Keep in mind that a line containing the word 'ALLOW' allows everything.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question