If you mean "can ISA do RBL lookups", then no. -----Original Message----- From: Darryl Janetzki [mailto:darrylj@xxxxxxxxxxxxxxxx] Sent: Monday, February 07, 2005 11:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs http://www.ISAserver.org I solved the firewall service hangs.. I had inadvertently placed a few IP addy's in the SMTP Filter Domain properties. It appears that ISA2004 does not like IP's in the SMTP filter properties... Has anyone input on the blocking of inbound traffic by IP and DNS Thanks Darryl Janetzki ________________________________ From: Darryl Janetzki Sent: Tuesday, 8 February 2005 1:25 AM Subject: Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs I was trying to create a rule to block inbound traffic by IP address. Ideally I'd like to create a "Villains destination set" and simply add spammers and villains to this set to block inbound attempts to the external interface of ISA2004 Domain name Sets/URL sets do not appear to be appropriate. Has any one any suggestions on doing this? The message screener does part of this function for SMTP screening and adding the IP to the SMPT relay exception list in the connection properties does a great job of whacking spam. I was more interested in blocking access attempts to the ISA external interface for a site or multiple sites using one rule and address set. Most spammers do not have reverse lookups. IP blocking is the only way to block SPAM as forged headers in the email and ISA logs give the wrong information. I have found that by looking at the SPAM email and viewing the headers of the email the IP of the originating SMTP server can be found... Drilling ISA20004 message screener logs is a waste of time as it does not have any information apart from farming a few word lists. (not much point in blocking my own email addy) Also, the firewall service is prone to hangs. If from the ISA 2004 console the service is attempted to be stopped the service hangs. A reboot is the only fix. Stopping the service from the MMC produces the same result. This bug occurred after a basic configuration of www, smtp relay and ftp rules... The sever has singe P4 hyper threading enabled, 2 GB RAM 2 HD's W2k3 and ISA2004 std. I reinstalled (out of curiosity and for practice) to test this "bug" and same thing occurs. Restoring the server with no rules, the ISA 2004 server is OK What could be the problem? Or should this feature in the ISA2004 console have a padlock on it.Or be renamed "Hang Firewall service" The event log does not give any clues The Firewall service was stopped gracefully. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. At this point the ISA console is hung and the service is "stopping" Thanks for any help Darryl Janetzki ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.