<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

Thanks for your reply.

<div class=""><br class="">

</div>

<div class="">Here’s the config file:</div>

<div class=""><br class="">

</div>

<div class=""><a href="http://pastebin.com/DNDacy6M" class="">http://pastebin.com/DNDacy6M</a></div>

<div class=""><br class="">

</div>

<div class=""><br class="">

</div>

<div class="">Dovecot used its default ports:</div>

<div class=""><span style="font-family: 'courier new'; font-size: 13.3333px; font-variant-ligatures: normal; orphans: 2; white-space: nowrap; widows: 2; background-color: rgb(249, 249, 249);" class="">110: pop</span><br style="font-size: 8.5pt; font-family: verdana; font-variant-ligatures: normal; orphans: 2; white-space: nowrap; widows: 2;" class="">

<span style="font-family: 'courier new'; font-size: 13.3333px; font-variant-ligatures: normal; orphans: 2; white-space: nowrap; widows: 2; background-color: rgb(249, 249, 249);" class="">143: imap</span><br style="font-size: 8.5pt; font-family: verdana; font-variant-ligatures: normal; orphans: 2; white-space: nowrap; widows: 2;" class="">

<span style="font-family: 'courier new'; font-size: 13.3333px; font-variant-ligatures: normal; orphans: 2; white-space: nowrap; widows: 2; background-color: rgb(249, 249, 249);" class="">995: pop3s</span><br style="font-size: 8.5pt; font-family: verdana; font-variant-ligatures: normal; orphans: 2; white-space: nowrap; widows: 2;" class="">

<span style="font-family: 'courier new'; font-size: 13.3333px; font-variant-ligatures: normal; orphans: 2; white-space: nowrap; widows: 2; background-color: rgb(249, 249, 249);" class="">993: maps</span></div>

<div class="">

<div style="orphans: 2; widows: 2;" class=""><font face="courier new" size="2" class=""><span style="white-space: nowrap; background-color: rgb(249, 249, 249);" class=""><br class="">

</span></font></div>

<div style="orphans: 2; widows: 2;" class=""><span style="orphans: auto; widows: auto;" class="">Postfix SMTP 587</span></div>

<div style="orphans: 2; widows: 2;" class=""><span style="orphans: auto; widows: auto;" class=""><br class="">

</span></div>

<div style="orphans: 2; widows: 2;" class=""><span style="orphans: auto; widows: auto;" class="">Kind regards,</span></div>

<div style="orphans: 2; widows: 2;" class=""><span style="orphans: auto; widows: auto;" class="">Sam</span></div>

<div style="orphans: 2; widows: 2;" class=""><br class="">

</div>

<div class=""><br class="Apple-interchange-newline" style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">

<br class="Apple-interchange-newline" style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">

<span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><span><img height="38" width="45" apple-inline="yes" id="7953329B-2E2E-4D9D-ADFE-62447BDEEFB6" apple-width="yes" apple-height="yes" src="cid:2FD1C3AB-E45C-49F0-84AB-0F8AC658BD11@routerb408e2.com" class=""></span><em style="font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; color: rgb(0, 128, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: rgb(255, 255, 255);" class=""><strong class="">Piensa

 en el medio ambiente antes de imprimir este email.</strong></em> </span></div>

<br class="">

<div>

<blockquote type="cite" class="">

<div class="">On Dec 14, 2016, at 10:25 AM, Antony Stone <<a href="mailto:Antony.Stone@squid.open.source.it" class="">Antony.Stone@squid.open.source.it</a>> wrote:</div>

<br class="Apple-interchange-newline">

<div class="">

<div class="">On Wednesday 14 December 2016 at 16:16:17, Sameh Onaissi wrote:<br class="">

<br class="">

<blockquote type="cite" class="">Looking at access.log, to find the Skype IPs, I noticed a LOT of unknown<br class="">

source IPs. All those IPs seem to be originated from China. In my config<br class="">

file I deny all but local net IPs 10.0.0.0/24.<br class="">

</blockquote>

<br class="">

I suggest you show us your squid.conf (wiithout comments or blank lines) <br class="">

because you do not seem to have achieved restricting source IPs as intended.<br class="">

<br class="">

<blockquote type="cite" class="">Here is a sample of the log:<br class="">

<br class="">

1481728035.855      0 199.233.237.186 TAG_NONE/400 4534 NONE<br class="">

error:invalid-request - HIER_NONE/- text/html 1481728035.952   1556<br class="">

<br class="">

118.89.21.244 TCP_MISS/200 445 POST <a href="http://online.huya.com/" class="">http://online.huya.com/</a> -<br class="">

HIER_DIRECT/183.61.6.181 application/multipart-formdata 1481728036.461   <br class="">

595<br class="">

<br class="">

123.207.123.80 TCP_MISS/200 419 POST <a href="http://online.huya.com/" class="">http://online.huya.com/</a> -<br class="">

HIER_DIRECT/183.61.6.181 application/multipart-formdata 1481728036.993   <br class="">

749<br class="">

<br class="">

123.207.123.80 TCP_MISS/200 819 POST <a href="http://wup.huya.com/" class="">http://wup.huya.com/</a> -<br class="">

HIER_DIRECT/180.208.65.100 application/multipart-formdata 1481728037.538  <br class="">

2307<br class="">

<br class="">

122.227.189.214 TCP_MISS/200 764 POST<br class="">

<a href="http://webim.ganji.com/message/ImSendMsg?" class="">http://webim.ganji.com/message/ImSendMsg?</a> - HIER_DIRECT/124.251.6.233<br class="">

text/html 1481728038.572   9372<br class="">

<br class="">

74.222.20.124 TCP_MISS/502 3922 GET <a href="http://116.31.99.233:9636/" class="">

http://116.31.99.233:9636/</a> -<br class="">

HIER_DIRECT/116.31.99.233 text/html 1481728038.573      0<br class="">

<br class="">

74.222.20.124 TAG_NONE/400 4532 NONE error:invalid-request - HIER_NONE/-<br class="">

text/html 1481728038.773   2528<br class="">

<br class="">

118.89.21.244 TCP_MISS/200 419 POST <a href="http://online.huya.com/" class="">http://online.huya.com/</a> -<br class="">

HIER_DIRECT/183.61.6.181 application/multipart-formdata 1481728039.162  <br class="">

1575<br class="">

<br class="">

139.199.60.36 TCP_MISS/200 419 POST <a href="http://online.huya.com/" class="">http://online.huya.com/</a> -<br class="">

HIER_DIRECT/183.61.6.181 application/multipart-formdata 1481728039.203   <br class="">

612<br class="">

<br class="">

122.227.189.214 TCP_MISS/200 1182 POST <a href="http://mobapi.ganji.com/datashare/" class="">

http://mobapi.ganji.com/datashare/</a> -<br class="">

HIER_DIRECT/115.159.231.182 text/html 1481728039.615  51681<br class="">

<br class="">

172.82.184.19 TCP_MISS/502 3806 GET <a href="http://115.231.17.12:9636/" class="">

http://115.231.17.12:9636/</a> -<br class="">

HIER_DIRECT/115.231.17.12 text/html 1481728039.615      0<br class="">

<br class="">

172.82.184.19 TAG_NONE/400 4532 NONE<br class="">

error:invalid-request - HIER_NONE/- text/html 1481728040.311  36606<br class="">

<br class="">

74.222.20.124 TCP_MISS/502 3806 GET <a href="http://116.31.99.233:9636/" class="">

http://116.31.99.233:9636/</a> -<br class="">

HIER_DIRECT/116.31.99.233 text/html 1481728040.312      0<br class="">

<br class="">

74.222.20.124 TAG_NONE/400 4532 NONE error:invalid-request - HIER_NONE/-<br class="">

text/html 1481728041.477  67001<br class="">

<br class="">

74.222.19.19 TCP_MISS/502 3802 GET <a href="http://61.155.5.197:9636/" class="">http://61.155.5.197:9636/</a> -<br class="">

HIER_DIRECT/61.155.5.197 text/html 1481728041.478      0<br class="">

<br class="">

74.222.19.19 TAG_NONE/400 4531 NONE error:invalid-request - HIER_NONE/-<br class="">

text/html 1481728041.856  13613<br class="">

<br class="">

172.82.190.245 TCP_MISS/502 3926 GET <a href="http://122.226.191.17:9636/" class="">

http://122.226.191.17:9636/</a> -<br class="">

HIER_DIRECT/122.226.191.17 text/html 1481728041.857      0<br class="">

<br class="">

172.82.190.245 TAG_NONE/400 4533 NONE error:invalid-request - HIER_NONE/-<br class="">

text/html<br class="">

<br class="">

I am worried about spam…<br class="">

</blockquote>

<br class="">

I would not call this spam - I would call it "people trying to abuse your <br class="">

proxy".<br class="">

<br class="">

<blockquote type="cite" class="">is this normal?<br class="">

</blockquote>

<br class="">

It is normal that they try.  It is not normal that your access control rules <br class="">

allow them to get this far.<br class="">

<br class="">

<blockquote type="cite" class="">if not, how can I know what is accessing squid and stop it.<br class="">

</blockquote>

<br class="">

You don't care what is accessing it - you only care that it's coming from the <br class="">

outside, and that should not be allowed.  Either or both of your Squid ACLs <br class="">

and your firewall rules need to be reviewed.<br class="">

<br class="">

<blockquote type="cite" class="">NOTE: this server has a small iRedMail server installed on it.<br class="">

</blockquote>

<br class="">

What port/s does that listen on?  It is intended to be externally accessible?<br class="">

<br class="">

<br class="">

Regards,<br class="">

<br class="">

<br class="">

Antony.<br class="">

<br class="">

-- <br class="">

Wanted: telepath.   You know where to apply.<br class="">

<br class="">

                                                  Please reply to the list;<br class="">

                                                        please *don't* CC me.<br class="">

_______________________________________________<br class="">

squid-users mailing list<br class="">

<a href="mailto:squid-users@lists.squid-cache.org" class="">squid-users@lists.squid-cache.org</a><br class="">

http://lists.squid-cache.org/listinfo/squid-users<br class="">

</div>

</div>

</blockquote>

</div>

<br class="">

</div>

</body>

</html>