On Thu, 28 Aug 2003, Eli Marmor wrote: > According to research companies, most of the current spamming is done > using HTTP proxies.
I find that hard to believe. I believe a substantial amount of spam comes this way, but "most" seems unlikely. > 1. Is there any existing code and/or module that implements this? ProxyBlock :25 would probably do it. But I still haven't tested this, since I don't use the proxy myself. But as Cliff said, "ProxyRequests Off" is the real fix. I spent a few hours doing a substantial rewrite of the proxy documentation to try to clarify this issue (not with respect to SMTP, but with respect to open proxies in general). I think we've done pretty-much all we can. I wouldn't mind putting a little note on the httpd.apache.org homepage saying "Have you secured your proxy?" and point to the correct docs. Joshua.
