Re: How to allow POP3 SSL connections w' ISA 2004

Tech-Archive recommends: Speed Up your PC by fixing your registry

You'll need inbound rules as well

--
Cris Hanna [SBS-MVP]
------------------------------
Please do not contact me directly, only respond in the Newsgroups
MVPs do not work for Microsoft
------------------------------
Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2
"Mike H" <mkREMOVEhuskeyALL@xxxxxxxxxxxxxxxxxxx> wrote in message news:eshywALnHHA.4848@xxxxxxxxxxxxxxxxxxxxxxx
Outlook 2003 on an XP domain workstation is configured to receive POP3
SSL e-mail on port 995 and send with SMTP SSL on port 465, both to an
external server, i.e. gmail and us.army.mil (not our Exchange server). I
can send, but I can't receive.

This worked using the RRAS firewall, and worked after installing ISA
Server 2004 SP1 and SP2, but does not work with ISA Server 2004 SP3. The
server running SBS 2003 SP2. Perhaps I've misconfigured the policies.

Here are my policies in ISA Server. Is the error obvious?

Name: "SBS Client POP3S Outbound Access Rule"
Action: Allow
Protocols: POP3S (Parameters Port range 995, TCP, Outbound, No
application filters)
From/Listener: Internal
To: External
Condition: All Users

and

Name: "SBS Client SMTPS Outbound Access Fule"
Action: Allow
Protocols: SMTPS (Parameters Port 465, TCP, Outbound, No application
filters)
From/Listener: Internal
To: External
Condition: All Users

Outlook complains that it can't find the POP3 server. This happens
nearly instantly. I can see in ISA Server logging the following when
checking gmail:
1:26:15PM, Destination 209.85.146.109, Dest Port 995, Protocol POP3S,
Action "Initiated Connection", Rule "SBS Client POP3S Outbound Access
Rule, Client IP 192.168.16.242 (this is my workstation), Source
Internal, Destination External
and a nano second later, exactly the same entry.

This is followed by 2 "Closed Connection" entries 14 seconds later.

--
Mike H

.

Relevant Pages

  • Re: BlackICE & SQL Slammer
    ... You have very limited control of outbound access with BI. ... the other personal firewalls adding this type of feature and hopefully ISS ... someone opening a server to the internet, that server is their big hole, and ...
    (comp.security.firewalls)
  • Re: Unrestricted Outbound Web Server Access Opinion
    ... the main problem with unrestricted outbound access is the one ... Once the security of the server is compromised, ... easier to transfer data from/to the server. ...
    (Security-Basics)
  • Re: Could not get into server instance
    ... As a very first step -- scan your computer for virus or Trojans, ... The alert was asking for Management Console ... > I refused this outbound access and kept retrying to get into ... > my server in Enterprise. ...
    (microsoft.public.sqlserver.security)
  • Re: Damn you, FEDEX! or Nikon D40 lost in Springfield, MO blackhole.
    ... the 2 mp Mavica he had been using with a Nikon D40. ... After shopping around, he got me to order one for him. ... The shipper had it insured, but from what I have read it could take weeks to sort this crap out. ... You may get your insurance from FedEx and a couple weeks later they find it and deliver it. ...
    (alt.photography)
  • Re: Could not get into server instance
    ... >> I ran Enterprise manager, but I could not get into my ... The alert was asking for Management Console ... >> I refused this outbound access and kept retrying to get into ... >> my server in Enterprise. ...
    (microsoft.public.sqlserver.security)