Re: [Exim] "CacheFlow Server" and exim4

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Suresh Ramasubramanian
Fecha:  
A: Alan J. Flavell
Cc: Exim users list
Asunto: Re: [Exim] "CacheFlow Server" and exim4
On Sat, 2002-12-07 at 19:18, Alan J. Flavell wrote:
>
> There's a class of event which shows up in the logs as e.g
>
> 2002-12-07 00:42:43 H=(nric) [200.160.36.13] (CacheFlow Server)
> F=<wvdvn@???> rejected RCPT...
>
> Am I right in thinking that "CacheFlow Server" here is always
> indicative of an open proxy? What actually _is_ this item of data in


CacheFlow is a rather popular caching proxy device used by ISPs. A lot
of ISPs, however, seem pretty dumb about locking it down.

Yup - any sign of this you see in your Exim logs is likely to be spam
through an open proxy.

> the mainlog, I'm having a hard time finding it documented in chapter
> 44. I'm suspicious that it might be the rfc1413 "ident", but then why
> isn't it prefixed with "U=" as indicated in 44.12?


What you might do is an after the fact thing :) Just grep your logs for
any instances of %CacheFlow% and throw those IPs into your local
blocklist / submit them to one of the better open proxy dnsbls.

You can use Chip Rosenthal's pxytest script to check open proxies.

    srs