RE: Can anyone give me a bit of advice about log files.

• From: "Spencer Read \(Nemesis\)" <ser@xxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 14 Jul 2005 20:11:13 +0100

Hi Thomas,

Vpop3 is actually a complete mail server on its own, but I just use it
to download from a pop3 account then forward mail to exchange and
receive mail from exchange to send it outbound!

Vpop3 is the mail relay, setup to relay through the ISA box to the ISP
SMTP server and yes, the Vpop3 server is the only machine allowed SMTP
outbound through the ISA box.

I have compared the ISA logs to the Vpop3 logs and they match
identically!

Looks like I need to make some changes in the morning and use the ISA
server as the SMTP relay, get rid of the dodgy pop3 downloader and move
all of my MX records to point to my IP address of my ISA server!

Thanks for the pointers, now to the book!

...Spence

Note to self - Must read Dr. Shinder's book completely instead of making
some of it up as I go along!



-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: 14 July 2005 19:39
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Can anyone give me a bit of advice about log
files.

http://www.ISAserver.org

Hi Spence,
I assume that VPop3 is a POP3 downloader, right? So this has no effect
on outgoing SMTP messages.

So, Exchange is responsible for outgoing mail, and your using the ISA
firewall as an outbound SMTP relay?

The SMTP service logs on both the Exchange Server and the SMTP relay on
the ISA firewall will give you detailed information on what messages
it's handled. Well, as long as you've configured SMTP logging :-)
(that's a safety tip for you, make sure you always enable SMTP logging
and watch your disk usage with SNMP or whatever else you like to monitor
such things).

I'd check both to confirm they match up.

Also, please tell me that your access rules are configured to only allow
outbound SMTP *only from* the Exchange Server and only to the SMTP relay
address on the ISA firewall.

Thanks!

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx] 
> Sent: Thursday, July 14, 2005 1:32 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Can anyone give me a bit of advice 
> about log files.
> 
> http://www.ISAserver.org
> 
> Mail goes from (Wait for it!)
> 
> Outlook > Exchange > Vpop3 > ISP SMTP Server > recipient 
> 
> Hope that makes sense!
> 
> ..Spence
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: 14 July 2005 19:11
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Can anyone give me a bit of advice about log
> files.
> 
> http://www.ISAserver.org
> 
> Hi Spencer,
> 
> Are the users sending mail from their own machines, or are 
> you using an
> outbound SMTP relay (I hope the latter!)
> 
> Thanks!
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx] 
> > Sent: Thursday, July 14, 2005 1:07 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Can anyone give me a bit of advice about 
> log files.
> > 
> > http://www.ISAserver.org
> > 
> > Hello all,
> > 
> > I'm going to cut a really long (4 weeks!) story short to 
> get a bit of
> > advice from everyone.
> > 
> > Windows 2003 server with Exchange 2003, Vpop3 for sending and 
> > receiving
> > emails - SecureNAT client to the Windows 2003 server with 
> ISA 2004. 20
> > PC's all web proxy and Firewall clients.
> > 
> > Basic rules are setup, allow SMTP out to ISP SMTP server 
> > only, POP3 in,
> > Web access, published OWA and deny everything else.
> > 
> > My ISP is telling me that my mailserver is sending over 100 
> > messages at
> > 1 time and therefore rate limiting me - basically blocking access to
> > their smtp server for 5 minutes which is then blocking legitimate
> > emails.
> > 
> > I checked the logs and we made less than 50 connections to their
> > mailserver in the whole day! I have now changed the way I 
> > send emails to
> > use MX records rather than their relay but I would still 
> like to prove
> > them wrong.
> > 
> > I have checked all machines for updates, anti virus and 
> > scumware and no
> > errors or problems were found.
> > 
> > Will everything that goes out of my network be logged in the 
> > ISA logs as
> > this is the only machine that has an external IP address?
> > If this is true (I think it will be!) then how can my ISP 
> say that I'm
> > sending these messages when I am 100% sure that it's no me or my
> > network.
> > Is it possible that someone is spoofing my ip address and relaying
> > through their server.  
> > 
> > What am I overlooking?
> > 
> > ...Spence
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> ser@xxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ser@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.
• » RE: Can anyone give me a bit of advice about log files.

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---