[isalist] Re: Limit SMTP connections from several subnets in ISA 2000
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 05 Jan 2007 10:42:24 -0800
Wouldn¹t that smell bad?
t
On 1/5/07 9:25 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
> ³I was just being facetious² I see; too much playing with the kitties the
> past two weeks, I guess? I prefer ³being fecious², but that one seems to
> elude most folks?
>
> ³SMTP NAT and source IP packet filtering so that I can specify the two
> Internet subnets that are permitted through.² this is only possible using
> Server Publishing; as I stated, packet filters are only useful for ISA-local
> services. Server Publishing rules allow exceptions that you can use to block
> unwanted source IPs.
>
> ³need to deny anonymous SMTP connections² that¹s a completely
> different-colored barrel of horsemonkeys. I think you mean ³unknown²? ISA
> cannot authenticate SMTP connectio0ns at all.
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Danny
> Sent: Friday, January 05, 2007 9:13 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA 2000
>
> On 1/5/07, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
>>
>> Nope; that's not true, either.
>
>
> I was just being facetious. I have been inspired by:
> http://www.tacteam.net/openport.htm
>>
>>
>> SMTP Server Publishing gives you the SMTP Filter and (with ISA 2000 & 2004),
>> the Message Screecher.]
>
>
> For this requirement I just need an SMTP NAT and source IP packet filtering so
> that I can specify the two Internet subnets that are permitted through.
>>
>>
>> This is far more capable than the "zealot technique".
>>
>> It's packet filters that are for the "openaport" fuuls and they only apply to
>> services operating on the ISA itself.
>>
>>
>>
>> Is this an SBS deployment?
>
>
> Not in the Microsoft SBS software sense, but maybe in employee count. There is
> a dedicated ISA server and dedicated Exchange server. The change is that email
> protection has been outsourced to Postini and I need to deny anonymous SMTP
> connections from the rest of the Internet.
>
> ...D
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx [mailto: isalist-bounce@xxxxxxxxxxxxx
>> <mailto:isalist-bounce@xxxxxxxxxxxxx> ] On Behalf Of Danny
>> Sent: Friday, January 05, 2007 8:24 AM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA
>> 2000
>>
>>
>>
>> Actually Mr. Teacher, can I have that back. I want to say, at the end of the
>> day, it is the packet filters. :) Server Publishing rules in ISA 2000 are
>> just for all of the "hardware firewall" zealots.
>>
>> However, in appears as though I can only specify one source subnet per packet
>> filter.
>>
>> ...D
>>
>> On 1/5/07, Danny <nocmonkey@xxxxxxxxx> wrote:
>>
>> Server publishing, I believe, but ISA 2000 is like MS02 security bulletins to
>> me.
>>
>> Thanks,
>>
>> ...D
>>
>>
>>
>> On 1/3/07, Jim Harrison < Jim@xxxxxxxxxxxx <mailto:Jim@xxxxxxxxxxxx> > wrote:
>>
>> How is the SMTP service made public; server publishing rules or packet
>> filters?
>>
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx>
>> [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ]
>> On Behalf Of Danny
>> Sent: Wednesday, January 03, 2007 8:17 AM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Limit SMTP connections from several subnets in ISA 2000
>>
>>
>>
>> Been awhile since I used ISA 2000... what is the best way to restrict SMTP
>> connections from several specific Internet IP subnets?
>>
>> Thanks.
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
Other related posts:
