What can I do if my Security Appliance is being used to relay SPAM?


Article ID: 167193


Updated On:


ProxySG Software - SGOS


The first step to preventing SPAM is understanding that mailicious users are sending it by telneting to an open port on the device and are then utilizing the CONNECT method on port 25 to issue the request. Atypical SQUID format access log entry for such behavior is as follows:

1059587211.392 136354 TCP_TUNNELED/200 530 CONNECT - DIRECT/ -

In SGOS the default behavior of policy is to only allow CONNECT requests on port 443 so the sending of SPAM would only occur if you have an ALLOW statement in your policy causing a match for such a request. Keep in mind that a line containing the word 'ALLOW' allows everything.