[SpamCop-Geeks] Re: How do open proxies work ?

Fri Jun 27 16:56:27 EDT 2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Larry Kilgallen (Kilgallen at SpamCop.net) wrote to spamcop.geeks on Friday 27
June 2003 15:24 in message <SBpyHf9b+O2h at eisner.encompasserve.org>:

> That is, does one just deliver email to their Port 25 and it comes
> out the other end sanitized ?
> 
> Or is there some other constant port number involved ?
> 
> Or is there some other protocol involved ?

No (that would be an open relay, and your IP address would be in the
Received: headers), yes and yes.

Commonly used ports for access to the proxy are 80, 81, 8080, 3128 and a few
others I can't think of right now.

There are indeed another protocols involved whereby the client (spammer)
directs the raped proxy to connect to another host's port 25. HTTP is one,
there's also socks4 and socks5.

If you have access to the logs of an Apache webserver, for example, you'll
undoubtedly find that it's full of entries like this:

64.229.149.254 - - [22/Mar/2003:07:54:23 +0100]
                   "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 371

That was some bozo on Bell Canada's network trying to get me to proxy his
crap through to port 25 of a Micro$oft machine.

Had that worked, and had the spammer subsequently done a spam run through
me, it would have looked like I was the originator of the spam. Not
something I'd really like...

- -- 
G. Stewart -- Remove .YOUR_KNICKERS to reply.
Spamcop user, not an official - Registered Linux user #284683
DO NOT WRITE HERE: maps at bonivet.net, piegeaspam at bonivet.net
- ---------------------------------------------------------------
FAILURE IS NOT AN OPTION. It comes bundled with Microsoft software.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+/E0LK5oiGLo9AcYRAoCkAJ9P9zFaW36YN73VGaueek/UgCu6NgCgyZt6
1HD01yQzr/fwdpHLerX6psY=
=/NZj
-----END PGP SIGNATURE-----