Hi there I have an interesting problem in that I have at least 3 external POP3 mail servers which ISA logs Intruder Alerts for. The 3 servers are notoriusly busy so I am under the impression that there is some sort of a timeout taking place on th eISA Server and then when the external mail server tries to reply to my mail server, the ISA Server has already "closed" that session. If this is the case then ISA would surely see the external request as an intruder as it it is trying to communicate on an un-established session. What I need to know is the following: 1) Does the above statement make any sense. I.e. Is it true? 2) How can I get the ISA Server to permit longer sessions for the mail server. Cheers William R.