[isalist] Re: Limit SMTP connections from several subnets in ISA 2000
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 05 Jan 2007 11:23:47 -0800
Well, since ³fecious² isn¹t a word, I can only imagine the closest thing to
it... Which, as it happens, does come out of a kitty ;)
t
On 1/5/07 10:52 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
> Which; playing with the kitties or being fecious?
> :-p
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Thor (Hammer of God)
> Sent: Friday, January 05, 2007 10:42 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA 2000
>
> Wouldn¹t that smell bad?
>
> t
>
>
> On 1/5/07 9:25 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
> ³I was just being facetious² I see; too much playing with the kitties the
> past two weeks, I guess? I prefer ³being fecious², but that one seems to
> elude most folks?
>
> ³SMTP NAT and source IP packet filtering so that I can specify the two
> Internet subnets that are permitted through.² this is only possible using
> Server Publishing; as I stated, packet filters are only useful for ISA-local
> services. Server Publishing rules allow exceptions that you can use to block
> unwanted source IPs.
>
> ³need to deny anonymous SMTP connections² that¹s a completely
> different-colored barrel of horsemonkeys. I think you mean ³unknown²? ISA
> cannot authenticate SMTP connectio0ns at all.
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Danny
> Sent: Friday, January 05, 2007 9:13 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA 2000
>
> On 1/5/07, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
>
> Nope; that's not true, either.
>
>
> I was just being facetious. I have been inspired by:
> http://www.tacteam.net/openport.htm
>
>
> SMTP Server Publishing gives you the SMTP Filter and (with ISA 2000 & 2004),
> the Message Screecher.]
>
>
> For this requirement I just need an SMTP NAT and source IP packet filtering so
> that I can specify the two Internet subnets that are permitted through.
>
>
> This is far more capable than the "zealot technique".
>
> It's packet filters that are for the "openaport" fuuls and they only apply to
> services operating on the ISA itself.
>
>
>
> Is this an SBS deployment?
>
>
> Not in the Microsoft SBS software sense, but maybe in employee count. There is
> a dedicated ISA server and dedicated Exchange server. The change is that email
> protection has been outsourced to Postini and I need to deny anonymous SMTP
> connections from the rest of the Internet.
>
> ...D
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto: isalist-bounce@xxxxxxxxxxxxx
> <mailto:isalist-bounce@xxxxxxxxxxxxx> ] On Behalf Of Danny
> Sent: Friday, January 05, 2007 8:24 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA 2000
>
>
>
> Actually Mr. Teacher, can I have that back. I want to say, at the end of the
> day, it is the packet filters. :) Server Publishing rules in ISA 2000 are just
> for all of the "hardware firewall" zealots.
>
> However, in appears as though I can only specify one source subnet per packet
> filter.
>
> ...D
>
> On 1/5/07, Danny <nocmonkey@xxxxxxxxx> wrote:
>
> Server publishing, I believe, but ISA 2000 is like MS02 security bulletins to
> me.
>
> Thanks,
>
> ...D
>
>
>
> On 1/3/07, Jim Harrison < Jim@xxxxxxxxxxxx <mailto:Jim@xxxxxxxxxxxx> > wrote:
>
> How is the SMTP service made public; server publishing rules or packet
> filters?
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx>
> [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ]
> On Behalf Of Danny
> Sent: Wednesday, January 03, 2007 8:17 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Limit SMTP connections from several subnets in ISA 2000
>
>
>
> Been awhile since I used ISA 2000... what is the best way to restrict SMTP
> connections from several specific Internet IP subnets?
>
> Thanks.
> All mail to and from this domain is GFI-scanned.
>
>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
Other related posts:
