[isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?

• From: "Joe Pochedley" <joepochedley@xxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Mon, 9 Jun 2008 13:32:57 -0400

Hahah... Thanks, Jim.

 

FWIW, the computer set worked flawlessly.  Now all the SMTP connections
from others who aren't supposed to be sending us SMTP mail are blocked
at the FW.  

 

In watching the firewall log now, I can easily pick out all the SMTP
traffic that's not supposed to come through...  Never ceases to amaze
how these connections from various DHCP pools (DSL, cable, whatever)  at
carriers in Brazil, Tiawan, etc are just spewing this stuff out...  All
the wasted bandwidth and zombiefied PC's.... *sigh*

 

Joe P

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Friday, June 06, 2008 10:21 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Possible to Filter inbound publishing rules by
source (remote) IP?

 

I guess e need to have another round of <duh> moments to make Joe feel
better about himself - I'll start.

 

I filed a bug some months ago because every time I applied an ISA patch
through an external RDP session, I'd lose the session and would have to
jump on the console to complete the installation.  Needless to say, this
would drop ISATools.org until I could go home.

Just this week, it suddenly occurred to me why this failed and yes; it's
"by design", and not entirely that of ISA Server.

 

I don't use system policies to allow RDP from the Internet.  Instead, I:

1.       server-publish to the internal IP

2.       use custom ports for the listener

3.       bind TS to the internal NIC only

 

When the ISA services stop, so do any server publishing or web
listeners.

Although system policies provide for inbound RDP in lockdown mode,
because I didn't allow TS to bind to the external NIC, I was breaking
myself whenever I'd try to update ISA from "outside".

 

Needless to say, the bug has been closed as "no repro"...

 

Jim

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Joe Pochedley
Sent: Friday, June 06, 2008 6:00 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Possible to Filter inbound publishing rules by
source (remote) IP?

 

Thanks, Jim.

 

For some reason I was so focused on Networks that I forgot about
computer sets (and the fact that you can specify address ranges in a
computer set).   Duh on my part.

 

I'll just blame the lapse in memory on having worked 14 hours yesterday
(not wholly on this issue, mostly on our Exchange upgrade)...  But if I
haven't learned the lesson "if you can't figure it out late in the
evening, stop and look at it again in the morning" by now, then I
probably never will.  J

 

Thanks again.

 

Joe P

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Friday, June 06, 2008 1:22 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Possible to Filter inbound publishing rules by
source (remote) IP?

 

Yes.

You create a computer set and populate it with the addresses and subnets
as specified in the EHS admin page.

Then you apply this computer set to the SMTP server publishing rule
"From" tab.

 

Jim

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Joe Pochedley
Sent: Thursday, June 05, 2008 8:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Possible to Filter inbound publishing rules by source
(remote) IP?

 

Hopefully an easy one for the ISA gurus...

 

Recently we signed up for Microsoft's Frontbridge spam filtering
service.  As part of the setup, the MX record of our company has been
changed to Microsoft's service...  (Like PostINI and other hosted
filtering services.) 

 

Microsoft recommends only allowing inbound SMTP connections from their
list of servers.  This seems like a good idea, as I still see spam
coming direct into our IP (old MX record) and not being routed through
the service even though it's been more than a month since I changed the
MX records...  

 

Unfortunately, I can't find a way to make the publishing rule bend to my
will and only accept incoming SMTP connections only from the authorized
IP addresses.  Can it be done? If so would someone be kind enough to
point me in the right direction?

 

Running ISA 2006 here.

Joe Pochedley
Network & Telecommunications Manager
The North American Mfg. Co.
email: JoePochedley@xxxxxxxxx

 

• References:
  • [isalist] Possible to Filter inbound publishing rules by source (remote) IP?
    • From: Joe Pochedley
  • [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
    • From: Jim Harrison
  • [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
    • From: Joe Pochedley
  • [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
    • From: Jim Harrison

Other related posts:

• » [isalist] Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?
• » [isalist] Re: Possible to Filter inbound publishing rules by source (remote) IP?

1. Home
2. isalist
3. Archive
4. 06-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---