RE: [squid-users] pop3 servers-nobody is exactly interested in caching

From: Henrik Nordstrom <[email protected]>
Date: 09 Dec 2002 19:40:27 +0100

m�n 2002-12-09 klockan 18.44 skrev Raymond Jacob:

> >>When I asked about this Henrik as I recall was concerned about
> >>security. He believed that the squid server could be used as an
> >>open relay which I thought was curious argument since the
> >>pop/imap clients that I have seen allow you to specify a different
> >>outgoing mail server.

Just to clarify what I was talking about there:

The reason why the CONNECT method is limited in the default Squid
configuration to only accept known SSL ports is security, to avoid abuse
of the HTTP proxy for proxying other services such as POP-3, SMTP etc in
ways not at all intended by the proxy administrator.

Note that allowing these ports to be used in CONNECT does not help
normal users as any sane client program is NOT using this HTTP method
for proxying such protocols, and due to the nature of the CONNECT http
method specific support is needed in the application for using this.

Enabling support for "odd" protocols not related to HTTP or browsing
using HTTP clients in the CONNECT method mostly helps hackers who want
to bypass firewall policies etc, not normal users.

If you need generic proxying of "odd" protocols I strongly advice to
look into SOCKS. Can be used fine in parallel to Squid.

Regards
Henrik
Received on Mon Dec 09 2002 - 11:40:32 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:55 MST