RE: SMTP Filter STARTTLS Issue

• From: Jim Harrison <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 14 Jun 2003 06:43:19 -0700

SMTPS is not supported in the SMTP filter.
Since it can't "see" the email in an encrypted SMTP conversation, it can't act 
on anything.
If you need encrypted SMTP, disable the SMTP Filter.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!



http://www.ISAserver.org


Hi guys,

I'm picking up this thread yet again. My provider tries a STARTTLS when
delivering mails, and I have a case where the mail recipient's ISA logs
an error. So here's another request for secure SMTP ;) 

I discovered that the STARTTLS command is missing in the SMTP filter on
my installation. So the problem seems to have been "fixed" by removing
the command from the filter by MS.

Just one more question: why is secure SMTP not working? What exactly
happens?

Mark


> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
> Sent: Friday, January 10, 2003 2:25 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: SMTP Filter STARTTLS Issue
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Tim,
> 
> I believe they did know that it didn't work. But you know how 
> allocation of resources goes. Need to triage things, and 
> things like support for SecurID, link translation, OWA Wizard 
> support, outbound RPC and inbound RPC encryption enforcement 
> were more popular requests among their customers. I agree 
> that support for secure SMTP would be great, especially now 
> that SMTP auth is supported. But you seemed to be the only 
> one who said anything about it in the last couple of years 
> (in a public forum), and I guess not too many partners 
> mentioned this either. I agree that a fix for this would be 
> an ideal candidate for a hotfix or next SP.
> 
> Tom
> 
> -----Original Message-----
> From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx] 
> Sent: Thursday, January 09, 2003 11:19 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: SMTP Filter STARTTLS Issue
> 
> 
> http://www.ISAserver.org
> 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> At 08:20 AM 1/9/2003, you wrote:
> >http://www.ISAserver.org
> >
> >
> >Hi Edward,
> >
> >Really? I was asked about this feature and how popular it is. I
> searched
> >the mailing list archives (since I know it never appeared on the Web 
> >site), and there was a single small thread almost two years ago.
> Because
> >of that, I figured it wasn't something anyone was interested 
> in! If a 
> >feature is missing or broken, let someone know, let everyone know. 
> >Squeaky wheels get greased more often :-)
> 
> 
> It was probably mine... I remember asking about the STARTTLS 
> a while back...
> 
> I would agree that it is probably a little used feature- as 
> Secure SMTP is 
> a little used feature in the first place- I can see the 
> combination of 
> SMTPS with the ISA SMTP filter is probably something that 
> very few people 
> have ever tried to  use... But hey, the filter has STARTTLS 
> in it, so it
> 
> should support it.  It should have been tested thoroughly.  
> In fact, it 
> kind of worries me that a command is in there and supported, 
> but it was 
> obviously never tested.  What else was never tested?  I mean, 
> here we are 
> with ISA + SP1 + FP1 and it still doesn't work.
> 
> I guess it could have been tested and found to be broken but 
> ignored, which 
> to me is just as bad, you know?
> 
> What bothers me more than anything is that this specifically breaks a 
> security measure.  I can understand the NOOP length issue- 
> that is just a 
> setting.  I would have liked to have seen the default length 
> changed in 
> FP1, but no biggie.   The reality is that if I want to use the SMTP
> filter, 
> I can't secure my SMTP traffic. Blah!
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
> 
> iQA/AwUBPh2vFIhsmyD15h5gEQJt+ACg/Zrarf/Csoa7QqbOZuTmhfQJ6pUAn2Ac
> vlR3yJIT3du8uZcgs6swI4iI
> =ZW8Z
> -----END PGP SIGNATURE-----
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/ 
> Windows Security Resource Site: 
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions: 
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a 
> blank email to $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/ 
> Windows Security Resource Site: 
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions: 
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email 
> to $subst('Email.Unsub')
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue
• » RE: SMTP Filter STARTTLS Issue

1. Home
2. isalist
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---