Hi Thomas, Vpop3 is actually a complete mail server on its own, but I just use it to download from a pop3 account then forward mail to exchange and receive mail from exchange to send it outbound! Vpop3 is the mail relay, setup to relay through the ISA box to the ISP SMTP server and yes, the Vpop3 server is the only machine allowed SMTP outbound through the ISA box. I have compared the ISA logs to the Vpop3 logs and they match identically! Looks like I need to make some changes in the morning and use the ISA server as the SMTP relay, get rid of the dodgy pop3 downloader and move all of my MX records to point to my IP address of my ISA server! Thanks for the pointers, now to the book! ...Spence Note to self - Must read Dr. Shinder's book completely instead of making some of it up as I go along! -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 14 July 2005 19:39 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Can anyone give me a bit of advice about log files. http://www.ISAserver.org Hi Spence, I assume that VPop3 is a POP3 downloader, right? So this has no effect on outgoing SMTP messages. So, Exchange is responsible for outgoing mail, and your using the ISA firewall as an outbound SMTP relay? The SMTP service logs on both the Exchange Server and the SMTP relay on the ISA firewall will give you detailed information on what messages it's handled. Well, as long as you've configured SMTP logging :-) (that's a safety tip for you, make sure you always enable SMTP logging and watch your disk usage with SNMP or whatever else you like to monitor such things). I'd check both to confirm they match up. Also, please tell me that your access rules are configured to only allow outbound SMTP *only from* the Exchange Server and only to the SMTP relay address on the ISA firewall. Thanks! Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx] > Sent: Thursday, July 14, 2005 1:32 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Can anyone give me a bit of advice > about log files. > > http://www.ISAserver.org > > Mail goes from (Wait for it!) > > Outlook > Exchange > Vpop3 > ISP SMTP Server > recipient > > Hope that makes sense! > > ..Spence > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: 14 July 2005 19:11 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Can anyone give me a bit of advice about log > files. > > http://www.ISAserver.org > > Hi Spencer, > > Are the users sending mail from their own machines, or are > you using an > outbound SMTP relay (I hope the latter!) > > Thanks! > > Tom > www.isaserver.org/shinder > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx] > > Sent: Thursday, July 14, 2005 1:07 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Can anyone give me a bit of advice about > log files. > > > > http://www.ISAserver.org > > > > Hello all, > > > > I'm going to cut a really long (4 weeks!) story short to > get a bit of > > advice from everyone. > > > > Windows 2003 server with Exchange 2003, Vpop3 for sending and > > receiving > > emails - SecureNAT client to the Windows 2003 server with > ISA 2004. 20 > > PC's all web proxy and Firewall clients. > > > > Basic rules are setup, allow SMTP out to ISP SMTP server > > only, POP3 in, > > Web access, published OWA and deny everything else. > > > > My ISP is telling me that my mailserver is sending over 100 > > messages at > > 1 time and therefore rate limiting me - basically blocking access to > > their smtp server for 5 minutes which is then blocking legitimate > > emails. > > > > I checked the logs and we made less than 50 connections to their > > mailserver in the whole day! I have now changed the way I > > send emails to > > use MX records rather than their relay but I would still > like to prove > > them wrong. > > > > I have checked all machines for updates, anti virus and > > scumware and no > > errors or problems were found. > > > > Will everything that goes out of my network be logged in the > > ISA logs as > > this is the only machine that has an external IP address? > > If this is true (I think it will be!) then how can my ISP > say that I'm > > sending these messages when I am 100% sure that it's no me or my > > network. > > Is it possible that someone is spoofing my ip address and relaying > > through their server. > > > > What am I overlooking? > > > > ...Spence > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > ser@xxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ser@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx