Is there someone can help on what ports I should open on my firewall to enable outgoing to mail clients on my home net? Although I better would like to enable it using squid proxy if it is probable.
Thanks, Cs. Peter
Császár Péter wrote:
Is there someone can help on what ports I should open on my firewall to enable outgoing to mail clients on my home net?
Yes, there is someone who can help with that.
Although I better would like to enable it using squid proxy if it is probable.
Writing messages with useful subjects and which indicate that you have actually done any research on your own will make it more probable that you will get help from those people who can.
Mike
Sorry for message without subject before. I am new on mail-list (and generally new), and I haven't used to such an evident thing than writing subject...:(
I have a simple home-net with a Windows and with a Fedora machine. I am using squid to share the web and ftp. I also like to do so with the outgoind pop3 and smtp accesses. The ports 25, and 110 are enabled in squid.conf's acl, but there is no connection when I try to setup the client (Outlook) on Windows with the port of squid (3128).
Have somebody an idea?
Thank you Peter
Am Mo, den 02.01.2006 schrieb Császár Péter um 22:09:
I have a simple home-net with a Windows and with a Fedora machine. I am using squid to share the web and ftp. I also like to do so with the outgoind pop3 and smtp accesses. The ports 25, and 110 are enabled in squid.conf's acl, but there is no connection when I try to setup the client (Outlook) on Windows with the port of squid (3128).
Peter
I suspect you come from the M$ world, correct?
http://www.squid-cache.org/ is a web proxy (includes FTP protocol too), but does not cache or proxy POP3, nor IMAP, nor SMTP.
What is your intention to with what you describe? There is very certainly a solution for your problem, though not with using squid.
Alexander
On Mon, 02 Jan 2006 23:20:01 +0100, Alexander Dalloz ad+lists@uni-x.org wrote:
Am Mo, den 02.01.2006 schrieb Császár Péter um 22:09:
I have a simple home-net with a Windows and with a Fedora machine. I am using squid to share the web and ftp. I also like to do so with the outgoind pop3 and smtp accesses. The ports 25, and 110 are enabled in squid.conf's acl, but there is no connection when I try to setup the client (Outlook) on Windows with the port of squid (3128).
Peter
I suspect you come from the M$ world, correct?
Yes it is correct. It is only 9 mounts ago I have lived Windows. Such primitive my question is?
http://www.squid-cache.org/ is a web proxy (includes FTP protocol too), but does not cache or proxy POP3, nor IMAP, nor SMTP.
Yes, really I have read it. But then why are these port enabled by default in squid.conf?
What is your intention to with what you describe? There is very certainly a solution for your problem, though not with using squid.
There is a need to use mail client program on the client (MS) machine. If there is an simple enough way, I wouldn't like to enable to a client on my home-net to connect directly to the internet.
Am Di, den 03.01.2006 schrieb Császár Péter um 0:36:
I suspect you come from the M$ world, correct?
Yes it is correct. It is only 9 mounts ago I have lived Windows. Such primitive my question is?
No, not of that kind. It wasn't my intention to say so. But the M$ proxy, and I guess you know that application, is such a multi protocol internet connection sharing proxy.
http://www.squid-cache.org/ is a web proxy (includes FTP protocol too), but does not cache or proxy POP3, nor IMAP, nor SMTP.
Yes, really I have read it. But then why are these port enabled by default in squid.conf?
Hm, that would really surprise me. Where exactly do you see this?
What is your intention to with what you describe? There is very certainly a solution for your problem, though not with using squid.
There is a need to use mail client program on the client (MS) machine. If there is an simple enough way, I wouldn't like to enable to a client on my home-net to connect directly to the internet.
Well, in this regard Linux can be setup differently than Windows. There is no proxy needed.
http://fedoranews.org/ghenry/gateway/
This is a short instruction set on how to let Linux play the gateway to the public internet gateway for a private address space LAN. It allows the clients inside the LAN to directly communicate with the outer space. Of course you can restrict what the clients can see and do by adjusting the iptables firewalling rules. That is certainly what you need to setup for your router/gateway and the LAN clients.
Császár Péter
On the other hand, if you really need a caching IMAP/POP3 proxy there is up-imapproxy within Fedora Extras. A different powerful IMAP/POP3 proxy is perdition.
Alexander
On Tue, 03 Jan 2006 01:13:09 +0100, Alexander Dalloz ad+lists@uni-x.org wrote:
Am Di, den 03.01.2006 schrieb Császár Péter um 0:36:
I suspect you come from the M$ world, correct?
Yes it is correct. It is only 9 mounts ago I have lived Windows. Such primitive my question is?
No, not of that kind. It wasn't my intention to say so. But the M$ proxy, and I guess you know that application, is such a multi protocol internet connection sharing proxy.
Actually I haven't used MS proxy, and didn't mean your word as offense.
http://www.squid-cache.org/ is a web proxy (includes FTP protocol too) but does not cache or proxy POP3, nor IMAP, nor SMTP.
Yes, really I have read it. But then why are these port enabled by default in squid.conf?
Hm, that would really surprise me. Where exactly do you see this?
It is and so was originally in /etc/squid/squid.conf.default :
# ACCESS CONTROLS # -----------------------------------------------------------------------------
# TAG: acl . . . #Examples: #acl macaddress arp 09:00:2b:23:45:67 #acl myexample dst_as 1241 #acl password proxy_auth REQUIRED #acl fileupload req_mime_type -i ^multipart/form-data$ #acl javascript rep_mime_type -i ^application/x-javascript$ # #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT
On Tue, 2006-01-03 at 10:43 +0100, Császár Péter wrote:
acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http
As expected, there's no POP3 (110), IMAP (143), nor SMTP (25) ports in that list. There are even warnings about blocking SMTP port 25 from the server to prevent problems:
"25.2 Mail relaying "SMTP and HTTP are rather similar in design. This, unfortunately, may allow someone to relay an email message through your HTTP proxy. To prevent this, you must make sure that your proxy denies HTTP requests to port 25, the SMTP port.
"Squid is configured this way by default. The default squid.conf file lists a small number of trusted ports. See the Safe_ports ACL in squid.conf. Your configuration file should always deny unsafe ports early in the http_access lists:
"http_access deny !Safe_ports (additional http_access lines ...)
"Do NOT add port 25 to Safe_ports (unless your goal is to end up in the RBL). You may want to make a cron job that regularly verifies that your proxy blocks access to port 25.
"$Id: FAQ.sgml,v 1.156 2002/12/21 21:14:06 hno Exp $"
Local documentation, if you installed it with Squid: file:///usr/share/doc/squid-2.5.STABLE11/FAQ-25.html#ss25.2
-
Alexander Dalloz -
Császár Péter -
Mike McCarty -
Tim