Re: SMTP lockdown, MessageLabs
- From: JosephV <JosephV@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 Jan 2007 10:41:01 -0800
Sorry I wasn't clear. MessageLabs is a third-party vendor on the Internet
that handles spam and antivirus filtering then passes the email to us. The
problem is some spammers avoid sending email through them and send email
directly to our ISA Server using its external IP address. The ISA Server
receives email from MessageLabs and from everywhere else. I would like to
configure our ISA Server to accept SMTP email only from the MessageLabs IPs
and reject other email requests and also maintain RPC over HTTP for Outlook
too.
"Phillip Windell" wrote:
So the MessageLabs thing is a "box"?.
If yes,...you have two options
Option #1
The MessageLabs box needs to be multihomed and it needs to be positioned
side-by-side with the ISA so that the two operate independently of each
other.
Then the MessageLabs box will be configured to directly use the internet and
*not* be an ISA client of any type.
The Exchange machine needs to be configured (in Exchange itself) to use the
MessageLabs software as a "SMTP smart host" and all outbound mail will have
to be sent to the "smart host". Then the "smart host" (MessageLabs) will
have to be properly configured to process the messages and send them out to
their destinations. If this is not done properly, the Exchange box will
send directly to the Internet and the path will end up being the ISA server
and hence your source IP# for outbound mail won't match the DNS MX record
which is the MessageLabs box.
Option #2
The MessageLabs box will have only one nic and will sit behind the ISA. The
ISA will have its smtp mail publishing rule set to the MessageLabs box,
*not* the Exchange box. Your DNS MX records needs to point the *primary*
external IP# on the ISA Server. The Exchange Server can then, while
operating as an ISA SecureNAT Client, send mail direct to the Internet
without involving the MessageLabs box for the outbound mail. But if you
want outbound mail filtered as well, then the MessageLabs box will have to
be setup as a "smart host" like I mentioned in #1 and the Exchange will have
to be reconfigured to use it, also as in #1
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
"JosephV" <JosephV@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EEB7F32A-5A5E-4C91-AC4B-D34BF7705CD4@xxxxxxxxxxxxxxxx
Systems: ISA Server 2004 & Exchange 2003. All email is supposed to pass
through MessageLabs before getting to our ISA Server and to the Exchange
Server. However, according to some headers from spam messages some spam
goes directly to our ISA Server. What do I have to configure specifically
so
that mail is ONLY received and sent only from MessageLabs? They already
provided me with the IP ranges so I just need to know how to set ISA
Server
for this.
- Follow-Ups:
- Re: SMTP lockdown, MessageLabs
- From: Shijaz Abdulla [MVP]
- Re: SMTP lockdown, MessageLabs
- Prev by Date: Re: ISA 2006 SMTP forwarding
- Next by Date: ISA 2006 Web Browser Configuration of Direct Access
- Previous by thread: Re: ISA 2006 SMTP forwarding
- Next by thread: Re: SMTP lockdown, MessageLabs
- Index(es):
Relevant Pages
|
Loading
