Re: ISA 2004 SMTP Filtering

---

• From: "ProcessEndNow()" <shainefisher@xxxxxxxxxxxxxx>
• Date: Tue, 4 Dec 2007 12:14:39 -0800 (PST)

---

Mmmm, ok. But I was under the impression that the SMTP filter allowed
you to do buffer overflow prevention and connection control, you don't
get that if you're processing the mail directly on the server.
We recently had an issue where a reverse NDR attack did us some
serious damage (blocklist wise) now this all happened in the space of
like 2 hours on a Sat night, I would like ISA 2006 to be able to
detect and prevent that sort of thing. And maybe do the attachment
filtering (but that isnt all that important really).

And I kinda like the fact that the SMTP service would store and
forward in the event of a failure, but even more than that it allows
us to relay mail to a spam/virus gate before delivering it to iMail.
Trying to make the loads on each server smaller, just for redundancy
and capacity planning, being able to deliver mail to the ISA would
help me lots.

Any advice based on these requirements.
Cheers for the advice.


On Dec 4, 3:40 pm, "Phillip Windell" <philwind...@xxxxxxxxxxx> wrote:

I'd get rid of the Message Screener and forget it. MS even dropped it in
ISA2006, it is no longer there.

Just use a normal simple Server Publishing Rules for SMTP and POP3. Use
your IMail to control everything else related to relaying, spam, ect.

Then when the user connects,..they actualy connect to the IMail Server and
things work like they should.

ISA should do nothing but get the traffic to the IMail Server,...what
happens after that should be up to the IMail Server. If the Relay happens
(or doesn't happen) it will happen on IMail and not ISA.

--
Phillip Windellwww.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processinghttp://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-...

Microsoft Internet Security & Acceleration Server: Partnershttp://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutionshttp://www.microsoft.com/forefront/edgesecurity/partners/hardwarepart...
-----------------------------------------------------

"ProcessEndNow()" <shainefis...@xxxxxxxxxxxxxx> wrote in message

news:6fde20ad-31c5-48cd-adcd-8698d9800748@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I might be looking at this in the wrong way, but I'm asking for advice
anyway.

I have an isa 2004 box, on that box I have the MS SMTP service
installed.
The ISA has a publishing rule that points to the internal interface
where SMTP is listening.
In SMTP I have added all of the domains I am authoritive for and told
it to relay mail to those to our mail server.
Set up the message screener to filter out the most common abuses and
various attachments that I dont want to get to our mail server.
The mail server is iMail 2006.2

This all works wonderfully well, mail from utside is filtered nicely
and delivered to our mail server only if it is supposed to get there,
nice work Microsoft.

Now the issue, we have 100 or so users that connect from outside of
our network, and use outlook express or windows mail and use smtp/
pop3. You kinda know whats coming don't you?

If one of these users tries to send an email to google.com, from their
pop3 account (domain1.com, which is on the SMTP server) they are not
allowed to relay to that domain, but they can send to domain2.com,
which is also on the SMTP server.
How do I make it so that we don't accept incoming mail for domains
that we are not, but still allow external SMTP users to send email
through the ISA relay.

Yes I am aware that the rule is for port 25, so all smtp will be
affected, I cannot change the port the clients connect on, not really
an option, and I don't want to make the ISA realy an open relay
because I can see the problems now.

Please, any advice really welcome.
Shaine- Hide quoted text -

- Show quoted text -

.

---

• Follow-Ups:
  • Re: ISA 2004 SMTP Filtering
    • From: Phillip Windell

• References:
  • ISA 2004 SMTP Filtering
    • From: ProcessEndNow()
  • Re: ISA 2004 SMTP Filtering
    • From: Phillip Windell

• Prev by Date: Re: allow specific IP full access, bypassing the ISA server
• Next by Date: Re: ISA 2004 SMTP Filtering
• Previous by thread: Re: ISA 2004 SMTP Filtering
• Next by thread: Re: ISA 2004 SMTP Filtering
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Intermittent inbound delivery to Exchange ... > This also sounds like it could be a problem with what addresses SMTP ... >> to forward mail to the internal Exchange 2003 server on Windows ... the queue fills on the ISA Server. ... >> use an internal DNS on the DC, ... (microsoft.public.exchange.admin) Re: Intermittent inbound delivery to Exchange ... If ISA ... My thought is the SMTP filer is corrupt. ... > forward mail to the internal Exchange 2003 server on Windows 2003. ... > All servers use an internal DNS on the DC, ... (microsoft.public.exchange.admin) RE: Relaying ... Disabled SMTP filter and things seem to be working. ... Is this the correct configuration with ISA and Exchange ... information is not sent to the Exchange server. ... (microsoft.public.isa) Re: External messages "spoofed" as coming from our internal domain are accepted ... SMTP server should accept mail from any from address as long as the TO is ... > external IP of an ISA firewall. ... > for "mydomain.com" to our Exchange Server. ... (microsoft.public.exchange2000.transport) RE: Sercond ISA on SBS Member Server ... ISA on a SBS member server. ... Without a good backup, it's difficult to have the server ... - This is often used for ISA server configuration recovery. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)