Bugtraq mailing list archives
[Fwd: RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall]]
From: "Corey J. Steele" <csteele () good-sam com>
Date: 25 Feb 2002 15:39:02 -0600
this was off-list discussion, but I suspect it may be useful for others on the list. -C -- Information Security Analyst Good Samaritan Society e-mail: csteele () good-sam com voice: (605) 362-3899 PGP Key fingerprint = 564F 2A97 2ADA F492 F34C 8E4A 12AF 9DC3 400E 2DD6
--- Begin Message --- From: "Corey J. Steele" <csteele () good-sam com>
Date: 25 Feb 2002 15:26:16 -0600
Well... [csteele@ws47619 csteele]$ telnet viruswall 8080 Trying XXX.XXX.XXX.XXX... Connected to viruswall. Escape character is '^]'. CONNECT mailserver:25 / HTTP/1.0 HTTP/1.0 403 Forbidden Server: Squid/2.3.STABLE4 Mime-Version: 1.0 Date: Mon, 25 Feb 2002 21:55:38 GMT Content-Type: text/html Content-Length: 729 Expires: Mon, 25 Feb 2002 21:55:38 GMT X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from viruswall Proxy-Connection: close <HTML><HEAD> <TITLE>ERROR: The requested URL could not be retrieved</TITLE> </HEAD><BODY> <H1>ERROR</H1> <H2>The requested URL could not be retrieved</H2> <HR> <P> While trying to retrieve the URL: <A HREF="mailserver:25">mailserver:25</A> <P> The following error was encountered: <UL> <LI> <STRONG> Access Denied. </STRONG> <P> Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. </UL> <P>Your cache administrator is <A HREF="mailto:webmaster">webmaster</A>. <br clear="all"> <hr noshade size=1> Generated Mon, 25 Feb 2002 21:55:38 GMT by viruswall (Squid/2.3.STABLE4) </BODY></HTML> Connection closed by foreign host. We have VirusWall listening on port 8080, and then sending non-viruslaced requests to a SmartFilter-enabled SQUID proxy. All systems are Linux based -- most are Red Hat 6.2, with latest applicable patches. We built squid ourselves to include SmartFilter. Hopefully this helps... Best Regarads -C On Mon, 2002-02-25 at 14:49, Peter Bieringer wrote:Hi --On Friday, February 22, 2002 07:57:33 AM -0600 "Corey J. Steele" <csteele () good-sam com> wrote:Trend's Interscan 3.6 running on Linux is not vulnerable to this (we are using Interscan in conjunction with squid.)Are you sure? I've tested 3.6 Build 1182 and I found it's proceeding CONNECT without any problems, also to a remote mailserver: # telnet viruswall 80 Trying 1.2.3.4... Connected to viwa. Escape character is '^]'. CONNECT mail.server.com:25 / HTTP/1.0 HTTP/1.0 200 Connection established Proxy-agent: InterScan 2.0 220 mail.server.com ESMTP mail from: <user () domain com> 250 ok rcpt to: <user () domain com> 250 ok data 354 go ahead test . 250 ok 1014669994 qp 21827 quit 221 mail.server.com Connection closed by foreign host. The only thing is that you have to type the CONNECT line quickly so use "nc" or copy and paste for that. You can solve this if you using squid as dispatcher and bypass Interscan for CONNECT (which we do on a customer installation). Peter-- Information Security Analyst Good Samaritan Society e-mail: csteele () good-sam com voice: (605) 362-3899 PGP Key fingerprint = 564F 2A97 2ADA F492 F34C 8E4A 12AF 9DC3 400E 2DD6Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- [Fwd: RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall]] Corey J. Steele (Feb 26)