Filtering email on ISA

• Previous message: Tony Su: "Java applets not initiated"
• Next in thread: Tony Su: "Filtering email on ISA"
• Reply: Tony Su: "Filtering email on ISA"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 24 Jun 2004 01:24:39 -0700

I performed the following steps. However, keywords that I
added to the SMTP application filter still go through.

Enabling SMTP Filter on ISA using Message Screener:

Our ISA server is called NHL. On this server the following
is installed:

  a.. ISA + Message screener
  b.. IIS + SMTP

Our application server is called APPS. On this server the
following is installed:

  a.. Message screener only
  b.. IIS + SMTP
  c.. Exchange server

Details of Configuration:

  1.. NHL (ISA server):
    1.. Install IIS
    2.. Install ISA in full which includes Message Screener

----------------------------------------------------------
Problem encountered and solved:
(If SMTP service fails to start: IIS MetaEdit 2.2 Utility
| LM and SmtpSvc | Right-click SmtpSvc,click New, and then
click DWORD. In the Id list, click DisableSocketPooling.
The field to the right should now read 1029. If
DisableSocketPooling is not in the list, click (Other),
and then type 1029 in the box. In the Data
field, type 1. Click to select the Inherit attribute.
Restart the Simple Mail Transport Protocol (SMTP) service).
End of Problem
-----------------------------------------------------------

    3.. Enable SMTP application filter in ISA | Extensions
| Application filters (added a keyword: "bom")
    4.. Start | Run: dcomcnfg.exe (because SMTP message
screener and ISA communicate through DCOM: Applications
tab | VendorData class properties | Security tab |Use
custom launch permissions | Edit | Add | Everyone | Type of
Access: allow launch | Use custom access permissions |
Edit | Add | Everyone | Type of Access: allow access |
Use custom configuration permissions | Edit | Add
| Everyone | Type of Access: Full Control

  1.. APPS (Application server):
    1.. TCP/IP properties | Default Gateway = ISA IP
address
    2.. Install IIS in full which includes SMTP
    3.. Install Exchange Server: CDROM\setup\i386
\setup.exe /forestprep, CDROM\setup\i386
\setup.exe /domainprep, CDROM\setup\i386\setup.exe

    4.. IIS:
- Configure SMTP to use the internal IP address only,
- Create remote domain to accept mail from
*.internal_domain
- Configure remote domain to relay to Exchange server
- select forward all mail to smart host: [IP_of_APPS
(ExchangeServer)]
- select allow incoming mail to be relayed to this
domain

- Configure Exchange server to accept mail from message
screener SMTP server
(System Manager | Servers | Protocols | SMTP | Default
SMTP Virtual server Properties | General tab | Advanced |
verify only internal IP address is used)

    1.. Install message screener from ISA CD-ROM
    2.. Run ISACD-ROM\isa\i386\SMTPCred.exe (to set
authentication credentials to ISA server: I used the
domain administrator account)
    3.. Start | Run | dcomcnfg.exe: (because SMTP message
screener and ISA communicate through DCOM)
                                                           
    1.. Exchange System Manager | Server | Protocols |
right-click Default SMTP Virtual Server properties |
Access tab | Relay | I gave access to my own computer to
test

  1.. NHL (ISA server):
    1.. Create a server publishing rule using the wizard
and select SMTP
    2.. Create a protocol rule to allow DNS queries for
name resolution
    3.. Create a new Protocol filter and enable it to
allow: TCP port 135 as
this port is used by outlook clients to access exchange
server

  1.. APPS (Application Server)
----------------------------------------------------------
Problem encountered and solved:
If you attempt to start Exchange services that run in the
Inetinfo.exe tool, you may receive the following error
message:

Error 1083: The executable program that this service is
configured to run in
does not implement the service.

This issue occurs when you start the following services
from within Exchange
server:

       Simple Mail Transport Protocol (SMTP)

       Network News Transport Protocol (NNTP)

       Post Office Protocol version 3 (POP3)

       Internet Message Access Protocol version 4 (IMAP4)

       Microsoft Exchange Routing Engine

CAUSE
This issue can occur because these services have not been
configured to run
in the Inetinfo.exe tool. They have been either configured
to run in the
Dllhost.exe tool, or not configured to run in any tool.

RESOLUTION
1. Start Registry Editor
(Regedt32.exe).

2. Locate and click the following
registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetIn
fo\Parameters\Dis
patchEntries

3. Click the value for the service
that you attempted
to start.

4. On the Edit menu, click Multi
String, and then add
the following values:

Ldapsvc
Smtpsvc
Nntpsvc
Imap4svc
Pop3svc
Resvc

5. Click OK.

6. Quit Registry Editor.

7. Start Administrative Tools,
click Services, and
then restart the Internet Information Service (IIS)
Administrator service.

STATUS
Microsoft has confirmed that this is a problem in
Microsoft Exchange 2000
Server.
End of Problem
-----------------------------------------------------------

Hebba Hussain Rostom
Facility Manager
New Horizons (Jeddah, S.A.)
E-mail: hebba@newhorizons.com.sa

• Previous message: Tony Su: "Java applets not initiated"
• Next in thread: Tony Su: "Filtering email on ISA"
• Reply: Tony Su: "Filtering email on ISA"
• Messages sorted by: [ date ] [ thread ]