Hi Tim, I believe they did know that it didn't work. But you know how allocation of resources goes. Need to triage things, and things like support for SecurID, link translation, OWA Wizard support, outbound RPC and inbound RPC encryption enforcement were more popular requests among their customers. I agree that support for secure SMTP would be great, especially now that SMTP auth is supported. But you seemed to be the only one who said anything about it in the last couple of years (in a public forum), and I guess not too many partners mentioned this either. I agree that a fix for this would be an ideal candidate for a hotfix or next SP. Tom -----Original Message----- From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx] Sent: Thursday, January 09, 2003 11:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SMTP Filter STARTTLS Issue http://www.ISAserver.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:20 AM 1/9/2003, you wrote: >http://www.ISAserver.org > > >Hi Edward, > >Really? I was asked about this feature and how popular it is. I searched >the mailing list archives (since I know it never appeared on the Web >site), and there was a single small thread almost two years ago. Because >of that, I figured it wasn't something anyone was interested in! If a >feature is missing or broken, let someone know, let everyone know. >Squeaky wheels get greased more often :-) It was probably mine... I remember asking about the STARTTLS a while back... I would agree that it is probably a little used feature- as Secure SMTP is a little used feature in the first place- I can see the combination of SMTPS with the ISA SMTP filter is probably something that very few people have ever tried to use... But hey, the filter has STARTTLS in it, so it should support it. It should have been tested thoroughly. In fact, it kind of worries me that a command is in there and supported, but it was obviously never tested. What else was never tested? I mean, here we are with ISA + SP1 + FP1 and it still doesn't work. I guess it could have been tested and found to be broken but ignored, which to me is just as bad, you know? What bothers me more than anything is that this specifically breaks a security measure. I can understand the NOOP length issue- that is just a setting. I would have liked to have seen the default length changed in FP1, but no biggie. The reality is that if I want to use the SMTP filter, I can't secure my SMTP traffic. Blah! -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPh2vFIhsmyD15h5gEQJt+ACg/Zrarf/Csoa7QqbOZuTmhfQJ6pUAn2Ac vlR3yJIT3du8uZcgs6swI4iI =ZW8Z -----END PGP SIGNATURE----- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')