RE: Logging help needed!
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 19 Dec 2004 08:53:38 -0800
If your logs show "initiated" followed by "closed", then a successful
connection is being made.
When a connection attempt fails you get "Failed" (whodathuinkit?) and
the result code will include the error code.
Actually, the correct order of things for an SMTP conversation is:
1 - DNS Query for MX (or A record)
2 - DNS response providing at least one IP address
3 - connection attempt to TCP:25 (Initiated Connection)
4 - nice conversation between client and server over tea and biscuits
5 - close connection (Closed Connection)
ISA is not going to log ever single packet that travels between the
client and server.
You should get some captures of the events you consider to be failing.
This will provide more details.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Sunday, December 19, 2004 7:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Logging help needed!
http://www.ISAserver.org
Hi Jim,
Very simple, when the connection is made on a working port 25, it
initiates the connection with the server on port 25, then uses DNS, then
closes DNS and then closes port 25.
On connection were port 25 is being blocked ISA will make the initial
connection, then wait.... wait... then close the connection on port
25.... then wait... wait.. initiate the connection with the same mail
server on port 25.... then wait... wait and close it again.. On and on
it keeps trying to initiate the connection with the mail server. This is
a tall tail sign that port 25 is being blocked. As soon as I change
ISP's all the mail goes through and I get emails on my external test
accounts with 3 seconds of the change.
Regards,
Andrew
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Sunday, December 19, 2004 2:14 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Logging help needed!
http://www.ISAserver.org
Exactly how are you determining from your logs that your ISP is blocking
you?
All the logs can tell you is that you made a connection or not or that
you received a connection or not.
It can't tell you that it was specifically blocked.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Saturday, December 18, 2004 4:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Logging help needed!
http://www.ISAserver.org
Hi,
I need to know what is the best way to save my logging information so
that I can show someone else what the problem is?
I am currently changing ISP's and the one I am changing to reportedly
doesn't block port 25, however my ISA logs show that they are indeed
blocking port 25, so I was asked by a senior engineer to send him my
logs so he can the problem rectified.
Your help would be appreciated!
Regards,
Andrew
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
