RE: ISA 2004 Enterprise Edition and SMTP

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 24 Jan 2006 14:37:28 -0600

Hi Jerry,
 
If you install GFI on the ISA firewall itself, and publish the SMTP
on-box, then GFI works fine.
 
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls
**Who is John Galt?**

 


________________________________

        From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] 
        Sent: Tuesday, January 24, 2006 2:33 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: ISA 2004 Enterprise Edition and SMTP
        
        
        http://www.ISAserver.org
        

        Well, I just want to make sure that SMTP mail is processed by
the SMTP service on the ISA server.  GFIMailEssentials has a sink set up
to listen to a OnSubmit API event to one of the SMTP queues (whether
Drop, Pickup, or Queue, they did not say) and I just wanted to make sure
that even when publishing a mail server from the internal network that
ISA box is still behaving like an SMTP gateway; mail arrives, is
processed, and sent onward.

        Cordially yours,
        Jerry G. Young II
          MCSE (4.0/W2K)
        Atlanta EES Implementation Team Lead
        HHS Engineering
        Unisys 

        11493 Sunset Hills Rd.
        Reston, VA 20190
        Office: 703-579-2727
        Cell: 703-625-1468 

        THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
PROPRIETARY MATERIAL and is thus for use only by the intended recipient.
If you received this in error, please contact the sender and delete the
e-mail and its attachments from all computers. 

        
________________________________


        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
        Sent: Tuesday, January 24, 2006 3:10 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: ISA 2004 Enterprise Edition and SMTP

         

        http://www.ISAserver.org

        Hi Gerald,

         

        Another lovely example of the "network guys" subverting the
company's (one that I pay big money for in your example) security
posture.

         

        Its not really routing, unless you have a Network Rule setting a
Route relationship between source and destination.

         

        GFI works fine, what specific concerns do you have?

         

        Tom

        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://spaces.msn.com/members/drisa/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls
        **Who is John Galt?**

         

                 

                
________________________________


                From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] 
                Sent: Tuesday, January 24, 2006 1:59 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] ISA 2004 Enterprise Edition and SMTP

                http://www.ISAserver.org
                
                

                I have a couple of quick questions regarding the subject
heading. :-)

                If you use ISA 2004 EE and publish an SMTP server, there
are two options for handing forwarding.  These are:

                Requests appear to come from the ISA Server computer

                Requests appear to come from the original client

                If you choose the "Requests appear to come from the
original client" option, is ISA just simply routing the traffic back to
the published server or does the traffic stop at the ISA server before
final delivery to the published server?

                And if you are publishing an SMTP server from the
internal network through ISA, would a 3rd party application like
GFIMailEssentials still be able to work if it was running on the ISA
server that's publishing the SMTP server?

                Our environment is far from an ISA ideal since it's
being used by the federal government.  Our network topology looks like
the following:

                Hardware firewall -> ISA -> hardware firewall ->
internal network

                The government controls the hardware firewalls where I
control the ISA firewall.  The original goal here was to "enhance" our
SMTP gateway sitting in the DMZ by utilizing ISA.

                Cordially yours,

                Jerry G. Young II

                  MCSE (4.0/W2K)

                Atlanta EES Implementation Team Lead

                HHS Engineering

                Unisys

                 

                11493 Sunset Hills Rd.

                Reston, VA 20190

                Office: 703-579-2727

                Cell: 703-625-1468

                THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR
OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended
recipient. If you received this in error, please contact the sender and
delete the e-mail and its attachments from all computers.

                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Visit TechGenix.com for more information about our other
sites:
                http://www.techgenix.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
                To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                Report abuse to listadmin@xxxxxxxxxxxxx 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: gerald.young@xxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2006