Hi Danny, Agreed. I didn't mean to say that my luck with HTML mail is something that should be generalized to the canaille. However, more importantly, is the DNS query issue. If anyone ever notices that their HTML mail shows up slowly in the preview pane, you should run a quick packet trace with the network analyzer of your choice. You'll see repeated DNS queries to the DNS server the client machine is configured to use. Danny -- re: the DNS servers queried. No, that's the issue. You might already know that the Web proxy client configure enables the ISA firewall to perform DNS name resolution services on behalf of the client; the same is true for the Firewall client configuration. So, its interesting, esp. in light of [Outlook] Disable=0 in the Firewall client configuration, that the machine acts, in this instance only, as a SecureNAT client and thus queries local DNS servers, almost after if a local split DNS were being used for these domains (which obviously isn't the case). Thanks! Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Danny [mailto:nocmonkey@xxxxxxxxx] Sent: Tuesday, May 03, 2005 9:53 AM To: [ExchangeList] Subject: [exchangelist] Re: DNS queries on HTML mail in Outlook http://www.MSExchange.org/ On 5/2/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > Hi Danny, > Agreed, its some pretty weird stuff. I leave HTML mail open because I > have four AV and spam relays in front of my Exchange Server, and I run > AV and antispyware on my hosts. So, I guess if HTML mail is that robust, > it deserves to infect him. I haven't been nailed by it in over 7 years, > so maybe my time is running out :-)) Thomas, I see your point, but I do not want to mislead anyone on this list seeking guidance, as your personal success with avoiding getting "nailed" does not apply to most organizations with users much, much less experienced than you. AV software and spam relays are reactive-based technologies. I prefer proactive configurations as the primary line of defence in combination with reactive solutions, such as AV and anti-spam software. <http://www.google.ca/search?q=plain+text+microsoft+security+workaround+ site%3Amicrosoft.com> (For all other list members considering Mr. Shinder's approach versus mine, you will notice - in the URL above - how many disclosed Microsoft software vulnerabilities could have been mitigated by viewing email in Plain Text.) I'd rather replace the door with an iron wall, than hire four security security guards only trained for known threats to watch the door. Anyway, to each is his own. > I've notice this phenomenum before, but never got around to asking > anyone about it. What's interesting is that it bypasses the Web proxy > and firewall client configuration, as the queries are generated by the > SecureNAT client config. Are you saying that these DNS lookups (if not already in the resolve cache) are bypassing the default DNS server in the domain, and are attempting to go right through your firewall from the client? > I *think* this may be related to a bug in > Outlook 2003 and its HTTP handling. I recall some with Microsoft QFE > mentioning this to me, I'll have to ask him about this. Thank you, ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tshinder@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx