!!! And here I thought the list button was to add a list of whitelisted recipients/domains! Thanks David!!! -----Original Message----- From: David Vella [mailto:davidv@xxxxxxx] Sent: Monday, February 17, 2003 11:04 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Email has different SMTP TO: and MIME TO: fields in the email addresses http://www.ISAserver.org Hi, To allow such newsletters to go through you need to whitelist the recipient and not the sender. To do so in the whitelist tab click the 'Add list' button and add 'isalist@xxxxxxxxxxxxx' (omit qoutes). BTW, FYI MailEssentials 8 has been released in BETA. regards, David Vella - GFI Software Ltd. - www.gfi.com Messaging, Content Security & Network security software GFI: FAXmaker - LANguard - MailSecurity - DownloadSecurity -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Monday, February 17, 2003 5:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Email has different SMTP TO: and MIME TO: fields in the email addresses http://www.ISAserver.org Hi Edward, Hmmm. Interesting problem. I guess I haven't run up against it because I don't use mail domain names to filter spam. I thought I had a pretty good handle on Mail Essentials, but I've never been able to figure out how to whitelist a particular sender or message. For example, I have a filter for the word "blah", but I don't want that filter to be applied to mail coming from you. I've not been able to figure out how to create this kind of exception. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Edward Sullivan [mailto:esullivan@xxxxxxx] Sent: Monday, February 17, 2003 10:03 AM To: [ISAserver.org Discussion List] Subject: [isalist] Email has different SMTP TO: and MIME TO: fields in the email addresses http://www.ISAserver.org Here is an interesting dilemma: The ISA list routinely is caught by GFI MailEssentials as spam due to the fact that it sees the SMTP TO: and the MIME TO: as different. Normally, I would whitelist the sender as typically the sender would be the listname, but this list changes the sendername to the actual sendername, and while I love you all I do not intend to whitelist everyone on the ISAlist. Tom, any ideas? Would it be possible to have the email show as being from isalist@xxxxxxxxxxxxx instead of the sender? There is an excellent thread about spam and this type of problem on slashdot.org, btw: http://slashdot.org/article.pl?sid=03/02/16/0218230&mode=thread&tid=111&; tid=172 -----Original Message----- From: Tim Guy [mailto:Tim@xxxxxxxxxxxxxxx] Sent: Monday, February 17, 2003 9:58 AM To: [ISAserver.org Discussion List] Subject: esullivan@xxxxxxx - Email has different SMTP TO: and MIME TO: fields in the email addresses - [isalist] Re: Isa Reports - Superuser??? http://www.ISAserver.org 192.168.1.50 Superuser kazaa.exe:3:5.1 2003-02-17 12:55:15 ROUTER - 81.98.235.47 1214 - - - 1214 TCP Connect 13301 5 763 Yes its CS-username but no I'm not authorising. The Isa server is purely stand along. I thought (wrongly) that we weren't really big enough for that. Ip addressing would suffice as we've only got 20(ish) workstations. This guys picked up the Isa client from another install (maybe from home), and tailored it to our network. Tim -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 17 February 2003 15:39 To: [ISAserver.org Discussion List] Subject: [isalist] Re: Isa Reports - Superuser??? http://www.ISAserver.org Can you include that log entry? If you're authenticating ISA users, and that name appears in the cs-username field, then those are the credentials ISA accepted. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Tim Guy" <Tim@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, February 17, 2003 07:14 Subject: [isalist] Isa Reports - Superuser??? http://www.ISAserver.org I've got someone using Kazaa through the ISA firewall here. I haven't got any kazaa ports open so I assume they are going through port 80. In the report logs, it gives ip addresses normally (no user control here, Yet!) but this guys got Superuser instead of an IP address Where does this Superuser designation come from? Is it an ISA client rather than a NAT client? Cheers Tim ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tim@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stephen@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This mail was content checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection and anti-virus for Exchange & SMTP servers. Spam, viruses, dangerous attachments and offensive content are removed automatically. Key features include: Multiple virus engines; Email content & attachment checking; Exploit shield - email intrusion detection & defence; Email threats engine - analyses & defuses HTML scripts, .exe files & more. In addition to GFI MailSecurity, GFI also produces the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')