How to block Open Proxy within WSA

Unanswered Question
Sep 27th, 2007

I test WSA with tools (from: and found that WSA is open proxy which mean it's vurnerable to be used by spammer to send junk mail.


>>> (smtp dialog with probe email)
<<< 220 ESMTP\r\n
*** ALERT - open proxy detected
Mail message has been sent to <yahya>
Test complete - identified open proxy

How to block this Open Proxy?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jdohrman Thu, 09/27/2007 - 14:14

Sounds like you allow HTTP connect to port 25 correct? That means somebody can use telnet to throw a
CONNECT at the proxy and then talk SMTP through the so created HTTP Tunnel.

You can specify what ports are supposed to be 'open' in that sense in the Web Access Policies. There you have the field 'Allow CONNECT on Ports:'

It is important here that a blank field used to result in a 'allow all' in Versions pre 5.2.0. As this was confusing we changed the behavior and as of AsyncOS 5.2 you'll have to enter 1-65536 to allow all ports while leaving the field blank blocks all ports.

Please let me know if I misunderstood your question - some more info would be handy then. Thanks a lot.


Vinesh_ironport Sun, 01/13/2008 - 08:04


I've just installed an S650 for an ISP for testing and it seems that it's acting as an open proxy.

Currently, it's in explicit proxy for testing purposes on port 8080.
Apart from allowing the specific ports to connect, can we specify a specific range of IP(which is internal for the ISP) , which can use the proxy?

We are running version 5.1.2 for Web build 001


jowolfer Mon, 01/14/2008 - 15:25


You would need to create a policy group that applies to the subnets you want to be able to proxy. This is your allowed access group.

Change the default policy so that it denies everything (Under 'Applications', just check the boxes to deny HTTP, HTTPS, FTP).


This Discussion