RE: Can anyone give me a bit of advice about log files.
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 14 Jul 2005 20:44:37 -0500
Hi Spence,
One thing that will speed things along is the reduce the TTL on your
records to something like an hour a couple days + the current TTL before
making the change. Then, at the time you make the change, all current
cached records will have a TTL of one hour. Some may try to send mail
after you make the change, but almost all SMTP servers have enough
retries and retry intervals set where one hour of downtime won't lead to
any loss of mail. Doing it this way, you'll hardly notice the change. I
had to do it a few months ago, and things went smooth as silk.
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
> Sent: Thursday, July 14, 2005 4:25 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Can anyone give me a bit of advice
> about log files.
>
> http://www.ISAserver.org
>
> Right, been doing a little reading but I still have a couple of
> questions.
>
> I now have a live system which I need to change - has anyone ever done
> this before?
>
> I've got 7 domains to change MX records for - I can cope with that
> Now I know that the timing of the changes is not an exact
> science so my
> idea is.....
>
> First I will install the smtp relay on the ISA server and
> configure that
> correctly.
> I will then change exchange to use this for outbound mail and accept
> mail via SMTP - I can still keep the pop3 downloader feeding
> exchange at
> this time.
> Change MX records and create any other required records for DNS
> Remove Vpop3 completely from the system.
>
> Now, does this sound realistic?
>
> Thanks for the help.
>
> ....Spence
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: 14 July 2005 20:29
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Can anyone give me a bit of advice about log
> files.
>
> http://www.ISAserver.org
>
> Hi Spence,
>
> Congrats! Bagging the POP3 downloader is your best move this year :)
>
> Thanks!
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
> > Sent: Thursday, July 14, 2005 2:11 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Can anyone give me a bit of advice
> > about log files.
> >
> > http://www.ISAserver.org
> >
> > Hi Thomas,
> >
> > Vpop3 is actually a complete mail server on its own, but I
> just use it
> > to download from a pop3 account then forward mail to exchange and
> > receive mail from exchange to send it outbound!
> >
> > Vpop3 is the mail relay, setup to relay through the ISA box
> to the ISP
> > SMTP server and yes, the Vpop3 server is the only machine
> allowed SMTP
> > outbound through the ISA box.
> >
> > I have compared the ISA logs to the Vpop3 logs and they match
> > identically!
> >
> > Looks like I need to make some changes in the morning and
> use the ISA
> > server as the SMTP relay, get rid of the dodgy pop3
> > downloader and move
> > all of my MX records to point to my IP address of my ISA server!
> >
> > Thanks for the pointers, now to the book!
> >
> > ...Spence
> >
> > Note to self - Must read Dr. Shinder's book completely
> > instead of making
> > some of it up as I go along!
> >
> >
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: 14 July 2005 19:39
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Can anyone give me a bit of advice about log
> > files.
> >
> > http://www.ISAserver.org
> >
> > Hi Spence,
> > I assume that VPop3 is a POP3 downloader, right? So this
> has no effect
> > on outgoing SMTP messages.
> >
> > So, Exchange is responsible for outgoing mail, and your
> using the ISA
> > firewall as an outbound SMTP relay?
> >
> > The SMTP service logs on both the Exchange Server and the
> > SMTP relay on
> > the ISA firewall will give you detailed information on what messages
> > it's handled. Well, as long as you've configured SMTP logging :-)
> > (that's a safety tip for you, make sure you always enable
> SMTP logging
> > and watch your disk usage with SNMP or whatever else you like
> > to monitor
> > such things).
> >
> > I'd check both to confirm they match up.
> >
> > Also, please tell me that your access rules are configured to
> > only allow
> > outbound SMTP *only from* the Exchange Server and only to the
> > SMTP relay
> > address on the ISA firewall.
> >
> > Thanks!
> >
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
> > > Sent: Thursday, July 14, 2005 1:32 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Can anyone give me a bit of advice
> > > about log files.
> > >
> > > http://www.ISAserver.org
> > >
> > > Mail goes from (Wait for it!)
> > >
> > > Outlook > Exchange > Vpop3 > ISP SMTP Server > recipient
> > >
> > > Hope that makes sense!
> > >
> > > ..Spence
> > >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: 14 July 2005 19:11
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Can anyone give me a bit of advice
> about log
> > > files.
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Spencer,
> > >
> > > Are the users sending mail from their own machines, or are
> > > you using an
> > > outbound SMTP relay (I hope the latter!)
> > >
> > > Thanks!
> > >
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
> > > > Sent: Thursday, July 14, 2005 1:07 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Can anyone give me a bit of advice about
> > > log files.
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hello all,
> > > >
> > > > I'm going to cut a really long (4 weeks!) story short to
> > > get a bit of
> > > > advice from everyone.
> > > >
> > > > Windows 2003 server with Exchange 2003, Vpop3 for sending and
> > > > receiving
> > > > emails - SecureNAT client to the Windows 2003 server with
> > > ISA 2004. 20
> > > > PC's all web proxy and Firewall clients.
> > > >
> > > > Basic rules are setup, allow SMTP out to ISP SMTP server
> > > > only, POP3 in,
> > > > Web access, published OWA and deny everything else.
> > > >
> > > > My ISP is telling me that my mailserver is sending over 100
> > > > messages at
> > > > 1 time and therefore rate limiting me - basically
> > blocking access to
> > > > their smtp server for 5 minutes which is then blocking
> legitimate
> > > > emails.
> > > >
> > > > I checked the logs and we made less than 50 connections to their
> > > > mailserver in the whole day! I have now changed the way I
> > > > send emails to
> > > > use MX records rather than their relay but I would still
> > > like to prove
> > > > them wrong.
> > > >
> > > > I have checked all machines for updates, anti virus and
> > > > scumware and no
> > > > errors or problems were found.
> > > >
> > > > Will everything that goes out of my network be logged in the
> > > > ISA logs as
> > > > this is the only machine that has an external IP address?
> > > > If this is true (I think it will be!) then how can my ISP
> > > say that I'm
> > > > sending these messages when I am 100% sure that it's no me or my
> > > > network.
> > > > Is it possible that someone is spoofing my ip address
> and relaying
> > > > through their server.
> > > >
> > > > What am I overlooking?
> > > >
> > > > ...Spence
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > ser@xxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > ser@xxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> ser@xxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
Other related posts:
