[isalist] Re: Limit SMTP connections from several subnets in ISA 2000
- From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 6 Jan 2007 11:17:23 -0800
Me thinks there is a fascist lurking some where in this conversation.
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Saturday, January 06, 2007 9:53 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
2000
Ficio is the root of the word
http://www.urbandictionary.com/define.php?term=fecio
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
_____
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Friday, January 05, 2007 4:29 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
2000
"Jim's Dictionary." That's the only place you're gonna find it. ;)
t
On 1/5/07 1:24 PM, "Gerald G. Young" <g.young@xxxxxxxx> spoketh to all:
Which dictionary is "fecious" listed in? Everything that I see wants to
correct the spelling to facetious.
Cordially yours,
Jerry G. Young II
Product Engineer - Senior
Platform Engineering, Enterprise Hosting
NTT America, an NTT Communications Company
22451 Shaw Rd.
Sterling, VA 20166
Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
<mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Steve Moffat
Sent: Friday, January 05, 2007 4:19 PM
To: ISA Mailing List
Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
2000
Ya get that from your CV?
:-)
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
<mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Jim Harrison
Sent: Friday, January 05, 2007 5:13 PM
To: ISA Mailing List
Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
2000
It is, too.
"Fecious"; adj. insultingly tongue-in-cheek. "A smartass with a shitty
attitude"
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
<mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thor (Hammer of God)
Sent: Friday, January 05, 2007 11:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
2000
Well, since "fecious" isn't a word, I can only imagine the closest thing to
it... Which, as it happens, does come out of a kitty ;)
t
On 1/5/07 10:52 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
Which; playing with the kitties or being fecious?
:-p
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
<mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thor (Hammer of God)
Sent: Friday, January 05, 2007 10:42 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
2000
Wouldn't that smell bad?
t
On 1/5/07 9:25 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
"I was just being facetious" - I see; too much playing with the kitties the
past two weeks, I guess. I prefer "being fecious", but that one seems to
elude most folks.
"SMTP NAT and source IP packet filtering so that I can specify the two
Internet subnets that are permitted through." - this is only possible using
Server Publishing; as I stated, packet filters are only useful for ISA-local
services. Server Publishing rules allow exceptions that you can use to
block unwanted source IPs.
"need to deny anonymous SMTP connections" - that's a completely
different-colored barrel of horsemonkeys. I think you mean "unknown"? ISA
cannot authenticate SMTP connectio0ns at all.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
<mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Danny
Sent: Friday, January 05, 2007 9:13 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
2000
On 1/5/07, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
Nope; that's not true, either.
I was just being facetious. I have been inspired by:
http://www.tacteam.net/openport.htm
SMTP Server Publishing gives you the SMTP Filter and (with ISA 2000 &
2004), the Message Screecher.]
For this requirement I just need an SMTP NAT and source IP packet filtering
so that I can specify the two Internet subnets that are permitted through.
This is far more capable than the "zealot technique".
It's packet filters that are for the "openaport" fuuls and they only apply
to services operating on the ISA itself.
Is this an SBS deployment?
Not in the Microsoft SBS software sense, but maybe in employee count. There
is a dedicated ISA server and dedicated Exchange server. The change is that
email protection has been outsourced to Postini and I need to deny anonymous
SMTP connections from the rest of the Internet.
...D
From: isalist-bounce@xxxxxxxxxxxxx [mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> ] On Behalf Of Danny
Sent: Friday, January 05, 2007 8:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
2000
Actually Mr. Teacher, can I have that back. I want to say, at the end of the
day, it is the packet filters. :) Server Publishing rules in ISA 2000 are
just for all of the "hardware firewall" zealots.
However, in appears as though I can only specify one source subnet per
packet filter.
...D
On 1/5/07, Danny <nocmonkey@xxxxxxxxx> wrote:
Server publishing, I believe, but ISA 2000 is like MS02 security bulletins
to me.
Thanks,
...D
On 1/3/07, Jim Harrison < Jim@xxxxxxxxxxxx <mailto:Jim@xxxxxxxxxxxx>
<mailto:Jim@xxxxxxxxxxxx> > wrote:
How is the SMTP service made public; server publishing rules or packet
filters?
From: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx>
<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> ] On Behalf Of Danny
Sent: Wednesday, January 03, 2007 8:17 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Limit SMTP connections from several subnets in ISA 2000
Been awhile since I used ISA 2000... what is the best way to restrict SMTP
connections from several specific Internet IP subnets?
Thanks.
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
Other related posts:
