If your logs show "initiated" followed by "closed", then a successful connection is being made. When a connection attempt fails you get "Failed" (whodathuinkit?) and the result code will include the error code. Actually, the correct order of things for an SMTP conversation is: 1 - DNS Query for MX (or A record) 2 - DNS response providing at least one IP address 3 - connection attempt to TCP:25 (Initiated Connection) 4 - nice conversation between client and server over tea and biscuits 5 - close connection (Closed Connection) ISA is not going to log ever single packet that travels between the client and server. You should get some captures of the events you consider to be failing. This will provide more details. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Sunday, December 19, 2004 7:15 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Logging help needed! http://www.ISAserver.org Hi Jim, Very simple, when the connection is made on a working port 25, it initiates the connection with the server on port 25, then uses DNS, then closes DNS and then closes port 25. On connection were port 25 is being blocked ISA will make the initial connection, then wait.... wait... then close the connection on port 25.... then wait... wait.. initiate the connection with the same mail server on port 25.... then wait... wait and close it again.. On and on it keeps trying to initiate the connection with the mail server. This is a tall tail sign that port 25 is being blocked. As soon as I change ISP's all the mail goes through and I get emails on my external test accounts with 3 seconds of the change. Regards, Andrew -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Sunday, December 19, 2004 2:14 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Logging help needed! http://www.ISAserver.org Exactly how are you determining from your logs that your ISP is blocking you? All the logs can tell you is that you made a connection or not or that you received a connection or not. It can't tell you that it was specifically blocked. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Saturday, December 18, 2004 4:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] Logging help needed! http://www.ISAserver.org Hi, I need to know what is the best way to save my logging information so that I can show someone else what the problem is? I am currently changing ISP's and the one I am changing to reportedly doesn't block port 25, however my ISA logs show that they are indeed blocking port 25, so I was asked by a senior engineer to send him my logs so he can the problem rectified. Your help would be appreciated! Regards, Andrew ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.