Libera servidor HTTPMail no Squid

rudrigolima
(usa Slackware)

Enviado em 05/09/2008 - 11:54h

Bom dia, Senhores

Estou com um pequeno grande problema num cliente, implementei um servidor webproxy com autentica NCSA no Squid 2.5 e configurei os demais acesso no iptables tipo o Outlook Pop3 e Smtp até ai tudo bem com o site e etc... porem nessa empresa a minha cliente usa um e-mail do hotmail no Outlook com serfidor "HTTPMail" essa é a bronca ñ consigo libera esse acesso lembrando que esse usuario tem acesso total e aqui vão as configura e o log de erro:

##### WEBPROXY SQUID 2.5 #####

http_port 8080
cache_mem 128 MB
maximum_object_size_in_memory 128 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
cache_effective_user squid
cache_effective_group squid

##### Log #####

cache_dir ufs /home/proxy/cache 2000 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
pid_filename /usr/local/squid/var/logs/squid.pid

##### ACLs #####

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 10000 #webmin
acl Safe_ports port 1025-65535 # portas altas
acl Safe_ports port 25 #
acl Safe_ports port 110 #
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl redelocal src 192.168.0.0/24

## USANDO NCSA_AUTH ##

auth_param basic program /usr/local/squid/libexec/ncsa_auth /home/proxy/senhas_squid
auth_param basic realm Servidor Proxy de Internet. Entre com seu usuário e Senha.
auth_param basic credentialsttl 2 hour
auth_param basic children 30

## AUTENTICAÇÃO ##

acl autenticados proxy_auth REQUIRED

## BLOQUEAR PALAVRAS ##

acl sites_lib url_regex -i "/home/proxy/sites_liberados"
acl acesso_full proxy_auth "/home/proxy/acetotal"

http_access allow autenticados acesso_full
http_access allow acesso_full
http_access allow localhost
http_access deny redelocal !sites_lib
http_access allow all
---------------------------------------------------------
LOG
1220638644.377 0 192.168.0.101 TCP_DENIED/407 1804 PROPFIND http://services.msn.com/svcs/hotmail/httpmail.asp perfilplast@hotmail.com NONE/- text/html
1220638644.385 0 192.168.0.101 TCP_DENIED/407 1804 PROPFIND http://services.msn.com/svcs/hotmail/httpmail.asp perfilplast@hotmail.com NONE/- text/html
1220638644.386 1 192.168.0.101 TCP_DENIED/407 1804 PROPFIND http://services.msn.com/svcs/hotmail/httpmail.asp perfilplast@hotmail.com NONE/- text/html

Obg pela ajuda

weldatribo
(usa Red Hat)

Enviado em 05/09/2008 - 13:28h

Rudrigo...

Acredito que a melhor solução seja deixar esse cara sem autenticação(somente ele), já que ele tem acesso full.

WeldaTribo
Linux - Abrindo nossas mentes...