Re: SMTP Filter - HELP! (NOT config help)

• From: "Edward Sullivan" <esullivan@xxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 10 Dec 2002 17:58:07 -0600

I do not think this is the cause. We do have a secondary MX in place in DNS in 
case of emergencies, but there is no policy enabled via the firewall to allow 
mail to pass and the IP address is not live either.

The only SMTP policy enabled on our firewall routes all inbound SMTP traffic 
through the DMZ port of the firewall to the DMZ IP of the SMTP server, which 
ISA is configured to see as the untrusted zone. From that point the SMTP server 
relays to the primary Exchange server though the internal trusted NIC.

I am double-checking all of the settings and policies to make sure nothing has 
been missed, but there is only one way for email to get in, and it is a tight 
fit at that! There are only two other servers with firewall policies allowing 
traffic in, and neither of those have SMTP installed (or policies allowing SMTP 
traffic)and there are NO servers with real IP addresses assigned.

Any other ideas?





-----Original Message-----
From: Chris H [mailto:ntpro@xxxxxxxxxx]
Sent: Tuesday, December 10, 2002 5:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SMTP Filter - HELP! (NOT config help)


http://www.ISAserver.org


I cannot speak to ISA server's problem, but having gone through this with 2
other email packages I have found that almost always the mail is coming in
from another route you are not filtering such as an old secondary MX record
or another IIS server that you dont know has SMTP service running on it or a
Proxy server with the SOCKS service open, etc. It took me a few weeks to
finally nail everything down  . . .
----- Original Message -----
From: Edward Sullivan
To: [ISAserver.org Discussion List]
Sent: Tuesday, December 10, 2002 6:16 PM
Subject: [isalist] SMTP Filter - HELP! (NOT config help)


http://www.ISAserver.org


We are running ISA and IIS SMTP on our perimeter email screener, and using
the SMTP Filter to screen for:

Attachment types (.exe, .pif, .com, .vbs, .bat, and .scr)
Domains which we receive spam from (about 100 in the list)
Spam keywords (126 keywords in the list)

Any message that meets SMTP filter criteria is forwarded to a spam box on
our primary Exchange Server.

This server is not our firewall - we are only using ISA for the email
filtering functionality. The server hardware is a Dell 2550 with 512MB of
RAM, and a 2 GHZ XEON Processor. Dual NIC's, of course. To me, this seems
like a well-sized server for the application.

My question is this - I have noticed that certain keywords are not being
filtered, and that messages that contain keywords are not being forwarded to
our spam address, and are instead making it to our users. Is there an
effective limit to the number of keywords ISA can handle, or is there a
misconfiguration somewhere? Has anyone else seen this behavior, and found a
way to correct it? A bug in ISA perhaps? (Heaven forbid!)

Thanks in advance for your responses!
Ed Sullivan
Director of Information Services
esullivan@xxxxxxx <mailto:esullivan@xxxxxxx>
KMA Direct Communications
Confidential and Proprietary

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ntpro@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
esullivan@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Re: SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)
• » SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)
• » SMTP Filter - HELP! (NOT config help)
• » Re: SMTP Filter - HELP! (NOT config help)

1. Home
2. isalist
3. Archive
4. 12-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---