Re: ISA 2006 and Exchange 2007 Anti-Spam

If you don't configure the ISA policies to allow the connections, the open
relay tests will fail and no harm is done in either case.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"rg" <nobody@xxxxxxxxxx> wrote in message
news:9C13C7CE-A2BD-4D1C-96DA-2C9A4E5A584A@xxxxxxxxxxxxxxxx
Thanks for your help.

This
the other point to consider is that it's impossible for ISA to know
whether
this traffic is coming from Exchange or some malware that got dumped on
your
Exchange server.
is exactly what bothers me about it.

Correct me if I am wrong.
Based on your answer, I am to assume that I should forego the open relay
check if I am to keep my mailserver secure.

Thanks again


"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:ABB36A07-6E0B-441A-A842-AE0D4096A8E4@xxxxxxxxxxxxxxxx
In order for this to work as intended, you'd have to create an access rule
allowing those protocols from the Exch server to "external".
the other point to consider is that it's impossible for ISA to know
whether
this traffic is coming from Exchange or some malware that got dumped on
your
Exchange server.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"rg" <nobody@xxxxxxxxxx> wrote in message
news:CBA1FF54-8810-4875-8123-D9B4F150EDC1@xxxxxxxxxxxxxxxx
One of the tests performed by Exchange 2007 anti-spam's sender reputation
feature, is open relay proxy detection. As part of this feature, it
appears
that outbound ports 1080, 1081, 23, 6588, 3128, and 80 on the mail server
need to be opened. Wouldn't this cause issues with security? Also, is
there good known configurations?

Thanks in advance


.

Relevant Pages

  • Relying
    ... Exchange problem, I now think it is an ISA issue. ... The problem is my out side clients can not relay to out ... The client configurations have not been modified with the ...
    (microsoft.public.isa)
  • Re: ISA and Exchange 2007
    ... "Jim Harrison (ISA SE)" wrote: ... The idea is that ISA deflects these attacks from your application server ... ISA is used to increase the security of your Exchange ...
    (microsoft.public.isa)
  • Re: ISA and Exchange 2007
    ... "Jim Harrison (ISA SE)" wrote: ... The idea is that ISA deflects these attacks from your application server ... ISA is used to increase the security of your Exchange ...
    (microsoft.public.isa)
  • Re: Exchange Netzwerklayout
    ... Was ich jetzt nicht ganz verstehe ist das der Smtprelay nur eine NIC hat ... ISA zum Exchange ... zum ISA in die DMZ stellen und den dort als SMTP Relay inkl. ...
    (microsoft.public.de.exchange)
  • Re: Unzustellbarkeitsberichte und deren Probleme
    ... Derzeit laufen die Mails über eine Hardware-Firewall über ein Relay auf den ... Exchange. ... Der ISa kommt erst zukünftig in's Spiel.... ... Andi ...
    (microsoft.public.de.exchange)
Loading