RE: Firewall Configuration for SMTP
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Wed, 21 Dec 2005 08:45:16 GMT
Hi Wayne,
Thanks for your reply.
As I know, the filter for network X will not affect the filter for network
Y.
Thanks for your time and I look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Firewall Configuration for SMTP
| thread-index: AcYFe4FtfVvg+lwYRQiXE3OcwuvM9g==
| X-WBNR-Posting-Host: 208.200.82.13
| From: "=?Utf-8?B?V2F5bmU=?=" <Wayne@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <BCD27378-4CF5-41B5-963D-26E29C0B204E@xxxxxxxxxxxxx>
<7F3555BB-1B42-44E7-B324-02D8F1DF5BA9@xxxxxxxxxxxxx>
<EnoY3HiAGHA.1504@xxxxxxxxxxxxxxxxxxxxx>
<B30DB315-2142-47C4-889D-B77AE2ED065C@xxxxxxxxxxxxx>
<4v2plDVBGHA.1236@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Firewall Configuration for SMTP
| Date: Tue, 20 Dec 2005 07:39:03 -0800
| Lines: 274
| Message-ID: <3D39A07C-BCCC-494A-8749-932310A2800C@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:231419
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
| Thank you for the reply. I would rather block this traffic at the
firewall
| and keep the bad stuff out of the exchange server all together.
Concerning
| item 1 creating the IP filters. I can only list one subnet and mask per
| filter in this version is ISA. So, if I create one filter allowing SMTP
| traffic from subnet X, then create another SMTP filter allowing SMTP
traffic
| from subnet Y, I should be all set? Will the email coming into the
server
| from subnet X hit the subnet Y filter and bounce? Or will ISA deny on the
one
| filter then allow on the other without bouncing back emails? This is my
only
| concern with having two smtp filters. Thanks - Wayne
|
| ""Crina Li"" wrote:
|
| > Hi Wayne,
| >
| > Thanks for your reply.
| >
| > I am sorry for the delayed response due to weekend. Please understand
that
| > the newsgroups are staffed weekdays by Microsoft Support professionals
to
| > answer your systems and applications questions. Your understanding is
| > greatly appreciated!
| >
| > Since the SBS SMTP service is listening to both the external and
internal
| > NIC, we can do the restriction in one of the following ways:
| >
| > 1. Use IP Packet filters. We can new IP Packet Filters and specify the
| > remote server's IP address in 'Remote computers' page and follow the
wizard
| > to finish it. Then you can double click the filter you have created and
| > then click "Remote Computer" tab and then you can select This range of
| > computers and type the Subnet and Mask. If multiple IP addresses are
| > needed, we can create multiple filters.
| >
| > 2. You can also define the address restriction in SMTP virtual server
| > properties. You can use the Connection Control on the SMTP virtual
server
| > to specify the IP addresses that you would like to allow to access your
| > SMTP virtual server.
| >
| > For your convenience, I included the steps below:
| >
| > 1) Click Start, point to Programs, point to Microsoft Exchange, and
then
| > click System Manager.
| > 2) Expand Servers, expand ServerName, and then expand Protocols.
| > 3) Expand SMTP, right-click Default SMTP Virtual Server, and then click
| > Properties.
| > 4) Click the Access tab, and then click Connection.
| > 5) In the Connection dialog box, click Only the list below.
| >
| > NOTE: This indicates that only the IP addresses and the domains that
are
| > in the list are permitted to connect to the SMTP virtual server.
| >
| > 6) Click Add, and then do one of the following to add a single
computer, a
| > group of computers, or a domain, as appropriate to your situation:
| >
| > - To add a single computer, click Single Computer, type the IP address
of
| > the e-mail messaging server of your Internet service provider (ISP) in
the
| > IP address box, and then click OK.
| >
| > Alternatively, click DNS Lookup, type a host name, and then click OK.
| >
| > - To add a group of computers, click Group of computers, type the
subnet
| > address and the subnet mask of the group in the corresponding boxes,
and
| > then click OK.
| >
| > Microsoft recommends this option if your ISP has a tendency to change
the
| > IP address of their e-mail messaging server without warning.
| >
| > - To add a domain, click Domain, type the domain name that you want in
the
| > Name box, and then click OK.
| >
| > Note that this option requires a DNS reverse lookup on each incoming
| > connection.
| >
| > If you have any concerns, please feel free to let me know.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > --------------------
| > | Thread-Topic: Firewall Configuration for SMTP
| > | thread-index: AcYCWg4IHnA6Ek+jTx2a6/JQ1o6y3Q==
| > | X-WBNR-Posting-Host: 208.200.82.13
| > | From: "=?Utf-8?B?V2F5bmU=?=" <Wayne@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <BCD27378-4CF5-41B5-963D-26E29C0B204E@xxxxxxxxxxxxx>
| > <7F3555BB-1B42-44E7-B324-02D8F1DF5BA9@xxxxxxxxxxxxx>
| > <EnoY3HiAGHA.1504@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: Firewall Configuration for SMTP
| > | Date: Fri, 16 Dec 2005 08:02:03 -0800
| > | Lines: 110
| > | Message-ID: <B30DB315-2142-47C4-889D-B77AE2ED065C@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path:
| >
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA
| > 03.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:230711
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi, and thanks for getting back to me. I am using ISA server 2000
(ver
| > 3)
| > | and I am trying to restrict inbound smtp traffic. We have a
filtering
| > | service off site that the MX records point to, then they forward all
| > email to
| > | our exchange server. To prevent email bypassing this filter (by them
| > sending
| > | directly to our IP address) I need to only allow this traffic, which
| > comes
| > | from two ranges of IP addresses. If I go into the access policy ->
IP
| > packet
| > | filters -> SBS smtp predefined typy -> allow, I am able to put in an
IP
| > and
| > | Mask. I do nte see how I can put in more then one range here. In
the
| > latest
| > | version you can specify as many ranges as you like. If I create two
smtp
| > | filters for incoming traffic, one for each range, will this end up
| > blocking
| > | all traffic?
| > | Thanks - Wayne
| > |
| > | ""Crina Li"" wrote:
| > |
| > | > Hi Wayne,
| > | >
| > | > Thank you for posting in SBS newsgroup.
| > | >
| > | > You said "need to lock down the firewall to only accept SMTP
traffic
| > from
| > | > two networks", do you mean you are using ISA server 2000 and want
to
| > | > implement restriction on outbound SMTP traffic?
| > | >
| > | > If so, you can create computer sets for the particular subnets and
| > create
| > | > protocol rule to allow the requests from the computer sets.
| > | >
| > | > Hope it helps and I look forward to hearing from you.
| > | >
| > | > Best regards,
| > | >
| > | > Crina Li (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | >
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | > --------------------
| > | > | Thread-Topic: Firewall Configuration for SMTP
| > | > | thread-index: AcYBzn8A1jOJgh2BTp2zinOwJV71aA==
| > | > | X-WBNR-Posting-Host: 208.200.82.13
| > | > | From: "=?Utf-8?B?V2F5bmU=?=" <Wayne@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > | References: <BCD27378-4CF5-41B5-963D-26E29C0B204E@xxxxxxxxxxxxx>
| > | > | Subject: RE: Firewall Configuration for SMTP
| > | > | Date: Thu, 15 Dec 2005 15:23:03 -0800
| > | > | Lines: 15
| > | > | Message-ID: <7F3555BB-1B42-44E7-B324-02D8F1DF5BA9@xxxxxxxxxxxxx>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain;
| > | > | charset="Utf-8"
| > | > | Content-Transfer-Encoding: 7bit
| > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | Content-Class: urn:content-classes:message
| > | > | Importance: normal
| > | > | Priority: normal
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | Path:
| > TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.windows.server.sbs:230527
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | PS, I do not have the latest version of ISA server, on which this
is
| > an
| > | > easy
| > | > | configuration, but the previous version.
| > | > | Thanks !
| > | > |
| > | > |
| > | > | "Wayne" wrote:
| > | > |
| > | > | > Hi,
| > | > | > I am running SBS2003 premium, ISA installed, and need to lock
down
| > the
| > | > | > firewall to only accept SMTP traffic from two networks. When I
go
| > to
| > | > look at
| > | > | > the existing rule it is wide open, but it does look like I can
| > restrict
| > | > it to
| > | > | > a single subnet. How can I allow two different subnets to send
| > SMTP
| > | > traffic?
| > | > | > If I create 2 rules, one for each subnet will they end up
blocking
| > | > each
| > | > | > other?
| > | > | > Thanks - Wayne
| > | > |
| > | >
| > | >
| > |
| >
| >
|
.
- References:
- RE: Firewall Configuration for SMTP
- From: "Crina Li"
- RE: Firewall Configuration for SMTP
- From: Wayne
- RE: Firewall Configuration for SMTP
- From: "Crina Li"
- RE: Firewall Configuration for SMTP
- From: Wayne
- RE: Firewall Configuration for SMTP
- Prev by Date: RE: Help .. Small Business Server Error may be DNS ?
- Next by Date: Re: Cannot access website from Internet after installing ISA 2004
- Previous by thread: RE: Firewall Configuration for SMTP
- Next by thread: Company Web Does Not load
- Index(es):
Relevant Pages
|
Loading
