Re: Setup SMTP Filter
- From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 11 Jun 2003 14:42:12 +0200
Hi there
I have now discovered the following on my mail server.
1) When it initiates a connection it issues an EHLO command as follows:
>>> EHLO columbus.co.za
2) I then get a reply from the receiving mail server as follows
500 Syntax error, command "XXXX columbus.co.za" unrecognized
3) Then my mail server tries another route as follows:
>>> HELO columbus.co.za
4) An then I get a valid reply:
250 madrid.acxgroup.com Hello columbus.co.za ([196.37.130.153]),
pleased to meet you
And then communication continues just fine. But when I enable the ISA
SMTP filter, I start getting the following alerts from my firewall:
ISA Server alert: An unknown SMTP command
XXXX MADRID.ACXGROUP.COM
So it would appear that the XXXX reply is somehow a "valid" SMTP
command/response, but how can I go about telling ISA to permit this
message through.
The thing is I can now quite happily just ignore these alerts, but then
my mail server is not going to get the XXXX response from the receiving
mail server, and thus my mail server won't know to try and use the HELO
command instead.
I can think that one resolution to this problem would be to force all
SMTP communication to begin with a HELO instead of an EHLO, but this
problem doesn't exist for all mail servers that I connect to. Which of
the 2 commands (EHLO and HELO) is the most universal and should be
accepted by ALL mail servers, regardless of the flavour (E.g. Exchange,
Sendmail etc etc)
Cheers
William R.
>>> MAIL From:<testcert-centre@xxxxxxxxxxxxxx>
250 testcert-centre@xxxxxxxxxxxxxxxxx Sender OK
>>> RCPT To:<codocs@xxxxxxxxxxxx>
250 codocs@xxxxxxxxxxxxxxx Recipient OK
>>> DATA
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 03 June 2003 17:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Setup SMTP Filter
http://www.ISAserver.org
Are those commands actually "XXXX"?
If so, those aren't valid SMTP verbs and you then have two choices:
1. run your favorite packet tracer on the ISA external IP and watch for
this
event to fire.
You can then watch the conversation up to that point to see what's
going
on.
2. contact the owners of those servers and ask them why they're sending
this
to you
If not, what are they?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, June 03, 2003 07:20
Subject: [isalist] Re: Setup SMTP Filter
http://www.ISAserver.org
Hi Jim
After enabling the SMTP Filter and setting the NOOP length to 20 bytes,
I then started getting the following alerts from my Firewall:
ISA Server alert: An unknown SMTP command
XXXX ASTPROXY01.AST.CO.ZA
XXXX TCEN-UL-MAILSV01.TELKOM.CO.ZA
XXXX SMTP.LANTIC.NET
XXXX NS2.DHV.NL
XXXX MFCS002.SAMANCORCR.CO.ZA
XXXX JS000414.JOBSERVE.COM
XXXX AVEROMAR01.POVOAHOLDINGS.COM
etc
etc
etc
Do you perhaps know where I may start trying to figure out what exactly
these commands are that I need to enable? (BTW, I have a linux-based
sendmail server - no fancy schmancy exchange servers for me :(
Thanks
William R.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 02 June 2003 16:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Setup SMTP Filter
http://www.ISAserver.org
Generally, 20 is seen as a good upper limit for NOOP.
AUTH should be 1024, if you enable it.
Don't expect to screen HTML mail; the screener doesn't seem to like
them.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, June 02, 2003 01:03
Subject: [isalist] Setup SMTP Filter
http://www.ISAserver.org
Hi there
My original installation of ISA Server excluded the setup of the SMTP
filter as I appeared to have problems with receiving mail etc. I have
now got some time on my hands ( yeah right.!) and would like to start
playing with it again.
I would like to know of any "out-the-box" tricks that I need to use to
get it working properly. I know for one thing that the default NOOP
value of 6 is apparently too small. Could someone please let me know
what a more acceptable NOOP setting is, as well as any other
variables/settings that I need to customise, or be on the lookout for.
Any reference to reading material to assist with the comprehension of
this topic would be a great asset.
Cheers
William R.
_____
William Robertson
AST Mpumalanga
Systems House / Consultant: Software
Tel: 013-2472703 / 083 638 0354
Fax: 013-2462236
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
Other related posts:
