RE: SMTP Filter STARTTLS Issue
- From: "Troy Grover" <tgrover@xxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Fri, 13 Feb 2004 13:05:57 -0700
> I am having a REAL problem with this STARTTLS issue. I want to enable
> the SMTP Filter but every time I do there are certain e-mail servers that
> don't seem to get through. Specifically email servers that require TLS
> secured channel communication.
>
> It is clear from the headers and logs that the issue is directly a cause
> of this feature not working on the ISA Server, SMTP Filter.
>
> The STARTTLS Command is listed on my ISA Server with a LENGTH of 268.
>
> With the recent Virus outbreaks on the internet the function of using the
> SMTP filter is a critical asset but not at the expense of loosing
> legitimate emails.
>
> Since we can't control the configuuration of other's email servers it
> would appear that this needs to be fixed ASAP.
>
> Has anyone found a work around for this yet?
>
> Thanks for any help.
>
> Troy Grover
> Network Operations Specialist
> MCSE+I
Well, it seems I have solved this mistery issue.
The Solution:
At the moment it appears that if you delete the STARTTLS Command from the
ISA Servers, SMTP Filter, messages are delivered without a problem from
anyone that is requiring TLS secured channel communication. ALthough the
messages are not secure with TLS. Why this is, I am not sure, maybe the
sending email servers are accually establishing the TLS hanshake with ISA
at this point instead of with the SMTP server.
The ramifications from removing the STARTTLS command I suppose are still
to be determined. But don't add this command in unless you want to loose
email from server that don't roll to unsecured email if TLS fails.
Also, disabling the command doesn't work, you must delete it from the
command list.
Troy Grover
MCSE + I, Network +
Other related posts:
