[cobalt-users] CacheRaQ4 open proxy

[sm <sm@xxxxxxxxxxxx>]

Hi,
At 16:25 08-04-2003 +0000, Dawn D. Pfaltzgraff wrote:
> Over the past couple of days have noticed the traffic for a CacheRaq4 at
> one of our schools is seeing an INSANE amount of traffic.   The
> administrator there keeps receiving a whole bunch of mail returned mail.
> (vulnerable SMTP, seems to be "undeliverable" spam).  Having gotten

If you are receiving a lot of undeliverable mail, there is a high 
probability that someone is using your server to send spam given what you 
described above.

> "complaints" from the outside world.  So anybody got any ideas? It's behind
> a Sonic Wall and the following ports are the only ones that appear to be
> open, netbios (137,138), telnet and squid (SMTP is opened).  Now I have

A Squid proxy can be used as an open proxy to send spam if it is not 
configured properly.  I suggest that you verify whether the 
SonicWall/CacheRaQ4 "link" has been set correctly.

> also noticed that everytime a "Squid child" starts up it exits on  "signal
> 6".  I'm not sure where to start on this one, if anyone has any
> suggestions, please let me know.    As for updates, the box has been
> updated with the Cobalt updates and nothing else.  What also conerns me is

You may have the latest updates but that does not mean that your server is 
safe.:)  I would be more concerned about the configuration of the system as 
that can make the difference between a secured proxy and an open proxy.

Regards,
-sm

P.S. Please include a subject line when you send an email to the list.