RE: Can ISA be configured to block all outbound SMTP except from SBS server?
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Wed, 05 Apr 2006 08:05:51 GMT
Hi Nick,
Thank you for posting in SBS newsgroup.
From the description, I understand the issue to be: You want to block alloutbound SMTP traffic from internal network but SBS and allow inbound SMTP
traffic. If I have misunderstood your concerns, please do not hesitate to
let me know.
As I know, we can run Internet Connection Wizard and then create a protocol
rule which denies the outbound SMTP traffic. Please try the following steps
to create a new protocol rule:
1. Open the ISA 2000 management console and then expand Servers and Arrays
| server name | Policy Elements.
2. Right click Protocol Definitions and then click New.
3. Type the name and then click Next.
4. Type 25 on Port number and then select TCP and Outbound.
5. Click Next and then select No on Secondary Connections page.
6. Click Next and then click Finish.
7. Under Policy Elements, right click Client Address Sets and then click
New.
8. Type the name and then add the IPs of all client computers.
9. Click OK.
10. Navigate to Access Policy->Protocol Rules.
11. Right click Protocol Rules and click New->Rule, enter a descriptive
name for this rule and click Next.
12. Click Deny and then click Next.
13. Change the "Apply this rule to" from All IP traffic to Selected
protocols, and then check the protocol you have created just now, then
click Next.
14. Select Always in Schedule page and then click Next.
15. Select Specific computers and then click Next.
16. Click Add and then add the Client Address Set you have created just now.
17. Click Ok and then click Next.
18. Click Finish.
19. Move the protocol rule to the top of the rules.
20. Navigate to Monitoring->Services, please restart the Firewall Service.
(If possible, you can also reboot the server)
Related information:
324958 How to block open SMTP relaying and clean up Exchange Server SMTP
queues in Windows Small Business Server
http://support.microsoft.com/default.aspx?scid=kb;EN-US;324958
320703 HOW TO: Configure the SMTP Filter in ISA Server to Block SMTP E-mail
Attachments by File Name Extension in SBS
http://support.microsoft.com/default.aspx?scid=kb;EN-US;320703
319267 How to secure Simple Mail Transfer Protocol client message delivery
in Exchange 2000 Server
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319267
Hope it helps.
Please feel free to let me know if there is anything I can do for you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Nick" <nrsprice@xxxxxxxxxxx>
| Subject: Can ISA be configured to block all outbound SMTP except from SBS
server?
| Date: Tue, 4 Apr 2006 19:41:05 +0100
| Lines: 22
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <e3z0VdBWGHA.5668@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: mail.ingenium-it.com 82.70.51.165
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:258044
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi All,
|
| I have a client running SBS2k with ISA2k.
|
| I would like to block all outbound SMTP traffic from any (internal) IP
| except the SBS server itself.
|
| I also (obviously!) need to retain the inbound routing of SMTP port 25
| traffic from the WAN side to the Exchange server running on SBS to
continue
| to allow external inbound email.
|
| The idea is to block anything nasty that installs its own SMTP engine etc
| and spams.
|
| As I'm no ISA tech, so can anyone advise on how I would go about this
| (explicitly explaining it, if possible, so that I don't break anything!)?
|
| Many thanks!
|
| NickP
|
|
|
.
- References:
- Prev by Date: Re: Server Management
- Next by Date: RE: Remote Desktop not working after SP1
- Previous by thread: Can ISA be configured to block all outbound SMTP except from SBS server?
- Next by thread: New to SBS 2003 to SBS2003 SP1
- Index(es):
Relevant Pages
|
