Which; playing with the kitties or being fecious?
:-p
*From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
*On Behalf Of *Thor (Hammer of God)
*Sent:* Friday, January 05, 2007 10:42 AM
*To:* isalist@xxxxxxxxxxxxx
*Subject:* [isalist] Re: Limit SMTP connections from several subnets in
ISA 2000
Wouldn't that smell bad?
t
On 1/5/07 9:25 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
"I was just being facetious" – I see; too much playing with the kitties
the past two weeks, I guess… I prefer "being fecious", but that one seems
to elude most folks…
"SMTP NAT and source IP packet filtering so that I can specify the two
Internet subnets that are permitted through." – this is only possible
using Server Publishing; as I stated, packet filters are only useful for
ISA-local services. Server Publishing rules allow exceptions that you can
use to block unwanted source IPs.
"need to deny anonymous SMTP connections" – that's a completely
different-colored barrel of horsemonkeys. I think you mean "unknown"? ISA
cannot authenticate SMTP connectio0ns at all.
*From:* isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]<isalist-bounce@xxxxxxxxxxxxx%5D>
*On Behalf Of *Danny
*Sent:* Friday, January 05, 2007 9:13 AM
*To:* isalist@xxxxxxxxxxxxx
*Subject:* [isalist] Re: Limit SMTP connections from several subnets in
ISA 2000
On 1/5/07, *Jim Harrison* <Jim@xxxxxxxxxxxx> wrote:
Nope; that's not true, either.
I was just being facetious. I have been inspired by:
http://www.tacteam.net/openport.htm
SMTP Server Publishing gives you the SMTP Filter and (with ISA 2000 &
2004), the Message Screecher.]
For this requirement I just need an SMTP NAT and source IP packet
filtering so that I can specify the two Internet subnets that are permitted
through.
This is far more capable than the "zealot technique".
It's packet filters that are for the "openaport" fuuls and they only apply
to services operating on the ISA itself.
Is this an SBS deployment?
Not in the Microsoft SBS software sense, but maybe in employee count.
There is a dedicated ISA server and dedicated Exchange server. The change is
that email protection has been outsourced to Postini and I need to deny
anonymous SMTP connections from the rest of the Internet.
...D
*From:* isalist-bounce@xxxxxxxxxxxxx [mailto: isalist-bounce@xxxxxxxxxxxxx<
mailto:isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx>> ] *On
Behalf Of *Danny
*Sent:* Friday, January 05, 2007 8:24 AM
*To:* isalist@xxxxxxxxxxxxx
*Subject:* [isalist] Re: Limit SMTP connections from several subnets in
ISA 2000
Actually Mr. Teacher, can I have that back. I want to say, at the end of
the day, it is the packet filters. :) Server Publishing rules in ISA 2000
are just for all of the "hardware firewall" zealots.
However, in appears as though I can only specify one source subnet per
packet filter.
...D
On 1/5/07, *Danny* <nocmonkey@xxxxxxxxx> wrote:
Server publishing, I believe, but ISA 2000 is like MS02 security bulletins
to me.
Thanks,
...D
On 1/3/07, *Jim Harrison* < Jim@xxxxxxxxxxxx
<mailto:Jim@xxxxxxxxxxxx><Jim@xxxxxxxxxxxx>> wrote:
How is the SMTP service made public; server publishing rules or packet
filters?
*From:* isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> <isalist-bounce@xxxxxxxxxxxxx>[mailto:
isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx<isalist-bounce@xxxxxxxxxxxxx>>
] *On Behalf Of *Danny
*Sent:* Wednesday, January 03, 2007 8:17 AM
*To:* isalist@xxxxxxxxxxxxx
*Subject:* [isalist] Limit SMTP connections from several subnets in ISA
2000
Been awhile since I used ISA 2000... what is the best way to restrict SMTP
connections from several specific Internet IP subnets?
Thanks.
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
