[isalist] Re: Configuring ISA Server 2004 to allow email only from Frontbridge servers

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Thu, 11 May 2006 07:47:11 -0500

That's why I make it a point to call them out as ISA firewall Networks
(capital N). Many people make the same errors becuase of the confusion
in the nomenclature.
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
        Sent: Thursday, May 11, 2006 1:44 AM
        To: isalist@xxxxxxxxxxxxx; isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Configuring ISA Server 2004 to allow
email only from Frontbridge servers
        
        
        "I added a network" - don't do that.
        ISA "network" elements (as opposed to "network objects") are
representative of physical or logical networks handled by Windows or
RRAS (VPN).
        Unless you are actually adding a NIC (or 1Q VLAN), don't add
networks elements.
        
         
        Create a computer object with the appropriate IP address and use
that in the mail publishing rule.

________________________________

        From: isalist-bounce@xxxxxxxxxxxxx on behalf of Scheele, Brian
        Sent: Wed 5/10/2006 8:45 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Configuring ISA Server 2004 to allow email
only from Frontbridge servers
        
        
        Our MX record for our email domain points to
mail.frontbridge.com.
         
        Frontbridge filters the email, then forwards it to our IP
address.
         
        I added a network, called Frontbridge to my ISA server with the
list of IP addresses that Frontbridge sends from.  All other SMTP
traffic should be blocked since that traffic would bypass Frontbridge.
         
        ISA server now blocks all email that Frontbridge forwards (even
if I do not add the Frontbridge network to any firewall policies).  The
result code is 
         
        0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED
         
        I have to delete the network that I created so that email can
come in.
         
        Does anyone know what I am doing wrong, or know how to properly
set up ISA Server to allow email to come in from only specific IP
addresses?  We have only one external IP address.
         
        Thanks,
         
        Brian Scheele
        Systems Administrator
         
        Clark Filter <http://www.clarkfilter.com/Default.aspx> 
        3649 Hempland Road
        Lancaster, PA 17601-1393
        Phone     (717) 285-8050
        Fax       (717) 285-8051
         

        All mail to and from this domain is GFI-scanned.

Other related posts:

• » [isalist] Configuring ISA Server 2004 to allow email only from Frontbridge servers
• » [isalist] Re: Configuring ISA Server 2004 to allow email only from Frontbridge servers
• » [isalist] Re: Configuring ISA Server 2004 to allow email only from Frontbridge servers
• » [isalist] Re: Configuring ISA Server 2004 to allow email only from Frontbridge servers
• » [isalist] Re: Configuring ISA Server 2004 to allow email only from Frontbridge servers
• » [isalist] Configuring ISA Server 2004 to allow email only from Frontbridge servers
• » [isalist] Re: Configuring ISA Server 2004 to allow email only from Frontbridge servers
• » [isalist] Re: Configuring ISA Server 2004 to allow email only from Frontbridge servers

1. Home
2. isalist
3. Archive
4. 05-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---