"I added a network" - don't do that. ISA "network" elements (as opposed to "network objects") are representative of physical or logical networks handled by Windows or RRAS (VPN). Unless you are actually adding a NIC (or 1Q VLAN), don't add networks elements. Create a computer object with the appropriate IP address and use that in the mail publishing rule. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx on behalf of Scheele, Brian Sent: Wed 5/10/2006 8:45 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Configuring ISA Server 2004 to allow email only from Frontbridge servers Our MX record for our email domain points to mail.frontbridge.com. Frontbridge filters the email, then forwards it to our IP address. I added a network, called Frontbridge to my ISA server with the list of IP addresses that Frontbridge sends from. All other SMTP traffic should be blocked since that traffic would bypass Frontbridge. ISA server now blocks all email that Frontbridge forwards (even if I do not add the Frontbridge network to any firewall policies). The result code is 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED I have to delete the network that I created so that email can come in. Does anyone know what I am doing wrong, or know how to properly set up ISA Server to allow email to come in from only specific IP addresses? We have only one external IP address. Thanks, Brian Scheele Systems Administrator <http://www.clarkfilter.com/Default.aspx> 3649 Hempland Road Lancaster, PA 17601-1393 Phone (717) 285-8050 Fax (717) 285-8051 All mail to and from this domain is GFI-scanned.