> > I wrote:
> > [snip]
> >
> > > If you want private IP addresses to be able to communicate with
> > > the outside world you have to do nat. Proxying is one exception,
> > > but I seriously doubt that anyone in their right mind would ever
> > > proxy POP or SMTP traffic.
> >
> > [snip]
This is a heresy of my own saying. Please excuse me. Several of you have
rightly noted that proxying of POP and SMTP traffic is a general practice.
What I meant was that it should not be done via Squid, with some kind of
forwarding of ports 25 and 110 allowed in squid.conf. This can lead to
vulnerabilities to spammers etc. who could hijack the Squid box to send
UCE. Since the mail server will see Squid connecting, it may well become
an open relay if Squid is not correctly configured to only proxy the
correct IP addresses, and even then Squid is nothing but an HTTP proxy.
Please excuse this slip by applying
s/traffic/traffic with Squid/g
Thanks.
-- [Simon White. vim/mutt. simon@mtds.com. GIMPS:73.10% see www.mersenne.org] In a time of universal lies, telling the truth is a revolutionary act. -- George Orwell [Linux user #170823 http://counter.li.org. Home cooked signature rotator.]Received on Mon Apr 15 2002 - 06:13:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:34 MST