What can I do if my Security Appliance is being used to relay SPAM?

book

Article ID: 167193

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The first step to preventing SPAM is understanding that mailicious users are sending it by telneting to an open port on the device and are then utilizing the CONNECT method on port 25 to issue the request. Atypical SQUID format access log entry for such behavior is as follows:

1059587211.392 136354 10.2.3.242 TCP_TUNNELED/200 530 CONNECT https://216.52.23.20:25/ - DIRECT/216.52.23.20 -

In SGOS the default behavior of policy is to only allow CONNECT requests on port 443 so the sending of SPAM would only occur if you have an ALLOW statement in your policy causing a match for such a request. Keep in mind that a line containing the word 'ALLOW' allows everything.