Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 23269 invoked from network); 28 Aug 2003 20:00:39 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 28 Aug 2003 20:00:39 -0000 Received: (qmail 86549 invoked by uid 500); 28 Aug 2003 19:59:47 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 86507 invoked by uid 500); 28 Aug 2003 19:59:46 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 86436 invoked from network); 28 Aug 2003 19:59:45 -0000 Received: from unknown (HELO ares.cs.Virginia.EDU) (128.143.137.19) by daedalus.apache.org with SMTP; 28 Aug 2003 19:59:45 -0000 Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16]) by ares.cs.Virginia.EDU (8.12.9/8.12.8/UVACS-2003031900) with ESMTP id h7SJwmN7020815; Thu, 28 Aug 2003 15:58:48 -0400 (EDT) Date: Thu, 28 Aug 2003 15:58:47 -0400 (EDT) From: Cliff Woolley X-X-Sender: jcw5q@cobra.cs.Virginia.EDU To: dev@httpd.apache.org cc: apache-modules@covalent.net Subject: Re: Spam Using SMTP "Over" HTTP-Proxy In-Reply-To: Message-ID: References: <3F4DA577.CCA9CCF1@netmask.it> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On Thu, 28 Aug 2003, Joshua Slive wrote: > I think we've done pretty-much all we can. I wouldn't mind putting a > little note on the httpd.apache.org homepage saying "Have you secured your > proxy?" and point to the correct docs. +1. Additionally, Eli and I have been conversing a bit more off-list, and it does seem that having some additional blocking mechanism (besides IP-based access control or password-based authentication) would be needed in some cases where open HTTP proxy is intended but open SMTP tunneling is not. Perhaps ProxyBlock will suffice. Confirmation would be cool.