hi,
This is about the log/httpd/access_log i am getting this almost on every hour or so..what does it mean ...
[Sun Sep 23 13:15:59 2007] [error] [client some_publicIp_address] client denied by server configuration: proxy:some_mailserver_ip:25
pls advice.

thanks

Try ncat-ting to your port 80, and telling . Server will reject access and add similar log entry? Then all the remaining similar lines say about evil crackers trying to use you server as a free proxy for spam sending - and, fortunately, failing. What matters? You are not ignored by crackers, maybe there are more qualified amongst them, so keep an eye on your server.

Thanks raskin..
yeah ..i was thinking somthing like this too ..but wanted to confirm ..well di i need execute this command ..connect mailserver :25 ..is it about the mail server who is trying to connect ..me ?..you want me check it exist or not..if it like that ..
i have got there IP , mail.server name ..and i tried the telnet mailserver 25 and 110 too..got responses ..it belongs to somwhere thailand..do i need to report span..for this ..??.

One more thing what are the security measures i need for this ?.

Thank you very much again

The mail server that is the target of CONNECT query is more like a victim. It has probably no will to send spam, and adheres to pre-spam best practices - which make it a target for relaying. The IP address from which you get connections is probably an infected box, participating - against the will of its owner - in trying to send spam. If the ISP is not just spam harbor, I think that finding out the ISP providing client IP and asking them to encourage "the users with the following IPs (filtered log follows)" to wipe malware from computer can clear world of nearly a half of infected machines listed in your log (by temporarily turning them into clean). Malware use HTTP CONNECT partly because providers find it suspicious when you try to send e-mail by port 25 too often.