Wouldn¹t that smell bad? t On 1/5/07 9:25 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > ³I was just being facetious² I see; too much playing with the kitties the > past two weeks, I guess? I prefer ³being fecious², but that one seems to > elude most folks? > > ³SMTP NAT and source IP packet filtering so that I can specify the two > Internet subnets that are permitted through.² this is only possible using > Server Publishing; as I stated, packet filters are only useful for ISA-local > services. Server Publishing rules allow exceptions that you can use to block > unwanted source IPs. > > ³need to deny anonymous SMTP connections² that¹s a completely > different-colored barrel of horsemonkeys. I think you mean ³unknown²? ISA > cannot authenticate SMTP connectio0ns at all. > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Danny > Sent: Friday, January 05, 2007 9:13 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA 2000 > > On 1/5/07, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: >> >> Nope; that's not true, either. > > > I was just being facetious. I have been inspired by: > http://www.tacteam.net/openport.htm >> >> >> SMTP Server Publishing gives you the SMTP Filter and (with ISA 2000 & 2004), >> the Message Screecher.] > > > For this requirement I just need an SMTP NAT and source IP packet filtering so > that I can specify the two Internet subnets that are permitted through. >> >> >> This is far more capable than the "zealot technique". >> >> It's packet filters that are for the "openaport" fuuls and they only apply to >> services operating on the ISA itself. >> >> >> >> Is this an SBS deployment? > > > Not in the Microsoft SBS software sense, but maybe in employee count. There is > a dedicated ISA server and dedicated Exchange server. The change is that email > protection has been outsourced to Postini and I need to deny anonymous SMTP > connections from the rest of the Internet. > > ...D >> >> >> From: isalist-bounce@xxxxxxxxxxxxx [mailto: isalist-bounce@xxxxxxxxxxxxx >> <mailto:isalist-bounce@xxxxxxxxxxxxx> ] On Behalf Of Danny >> Sent: Friday, January 05, 2007 8:24 AM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Limit SMTP connections from several subnets in ISA >> 2000 >> >> >> >> Actually Mr. Teacher, can I have that back. I want to say, at the end of the >> day, it is the packet filters. :) Server Publishing rules in ISA 2000 are >> just for all of the "hardware firewall" zealots. >> >> However, in appears as though I can only specify one source subnet per packet >> filter. >> >> ...D >> >> On 1/5/07, Danny <nocmonkey@xxxxxxxxx> wrote: >> >> Server publishing, I believe, but ISA 2000 is like MS02 security bulletins to >> me. >> >> Thanks, >> >> ...D >> >> >> >> On 1/3/07, Jim Harrison < Jim@xxxxxxxxxxxx <mailto:Jim@xxxxxxxxxxxx> > wrote: >> >> How is the SMTP service made public; server publishing rules or packet >> filters? >> >> >> >> From: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> >> [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ] >> On Behalf Of Danny >> Sent: Wednesday, January 03, 2007 8:17 AM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Limit SMTP connections from several subnets in ISA 2000 >> >> >> >> Been awhile since I used ISA 2000... what is the best way to restrict SMTP >> connections from several specific Internet IP subnets? >> >> Thanks. >> >> All mail to and from this domain is GFI-scanned. >> >>