Tony Sidaway wrote:
The FAQ URL that someone cited seems to demonstrate a technique that can be used by a spammer to use an open http proxy to get trusted access to an email server on the same system, bypassing the relay rules and compromising the mail server. This is pretty serious stuff. Web proxies *should not* be open.
Right, the CONNECT method. Here's a session showing me connecting to mail.wikipedia.org via Walter von Kalken's proxy:
[1553][tstarling@zwinger:~]$ telnet 203.144.143.6 80 Trying 203.144.143.6... Connected to 203.144.143.6. Escape character is '^]'. CONNECT mail.wikipedia.org:25 HTTP/1.0
HTTP/1.1 200 Connection established Proxy-agent: BlueCoat-Security-Appliance
220 mail.wikimedia.org ESMTP Postfix
(end quote)
At this point I could have sent a couple of thousand spam messages and vanished into the night. This is the reason SORBS, who work on preventing email spam, and Blitzed, who work on preventing IRC spam, both list HTTP proxies. Note that we're not blocking other kinds of spam relay, SORBS gives a means to distinguish between the various types.
Although at the moment, we're not effectively blocking anything at all, see my foundation-l post on this subject.
-- Tim Starling