Re: SMTP publishing

From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Mon, 19 Dec 2005 18:33:53 -0800

P.S. Deleteing the registry key for the Computer referenced in the Domain Computers Set did the trick. That' bugger is gone.


-----
"I may disapprove of what you say,
but I will defend to the death your
right to say it."

----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, December 19, 2005 6:22 PM Subject: [isalist] Re: SMTP publishing


http://www.ISAserver.org

You sure about that?

I thought I tested it and the port stealing thingie worked. Now I need
to test again!

Thanks!
Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, December 19, 2005 3:15 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SMTP publishing
http://www.ISAserver.org
Here's the catch:
Server publishing is *non-functional* if the source and
destination networks have a "route" relationship.
If you want to s-pub a host in the DMZ net, you need to
create a NAT relationship between the external net and that host.
-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Monday, December 19, 2005 09:40
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SMTP publishing
http://www.ISAserver.org
OK- pretty straight forward article... But here's the deal.
In that config, they call the "perimiter network" the DMZ
itself.  As in this:
DMZ
  |
ISA Box
  |
Internal Network.
They publish SMTP from the External interface to the Internal
Interface.
Done it a million times.  But in my case, this is a bit different:
Internet
  |
ISA Box ---  Permiter Network (DMZ)
  |
Internal Network
I want to publish from the External Interface into the DMZ-
not into the Internal network.  If I publish to the Internal,
then it actuall works.
When I publish to the DMZ Perimiter, it says SMTP denied by
the default rule from External to Local-Host.  The Permiter
network here is set to route-- but of course, I can't just
set an access rule-- the DMZ is 192.168.3.0 and I must
*publish* to it, not just route to it.
Any ideas?
t
-----
"I may disapprove of what you say,
but I will defend to the death your
right to say it."
----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, December 19, 2005 9:11 AM
Subject: [isalist] Re: SMTP publishing
http://www.ISAserver.org
Enable SMTP service logging and get ready to fire up NetMon,
but take a
quick read of this great article that will shed some light on possible
SMTP service issues and SMTP filtering at the ISA firewall.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/fir
ewall-exch
ange2003.mspx
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Monday, December 19, 2005 10:54 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: SMTP publishing > > http://www.ISAserver.org > > Yo- > > I too have this funky issue with SMTP publishing just on this > one box. This > one is an External, Internal, Perimeter Network setup-- when > I go to publish > from the External IP to the Perimeter segment, the rule is in > place just > fine, but I get the Default Rule denied the traffic. It > showed that it > denied SMTP (not SMTP Server, btw) from the External to Local > Host. The > network segments are set up correctly, with the right IP's > and all. The > perimeter network is set to route. It just won't work. > > The only thing different about this box is that this is the > one that still > shows "192.168.7.180" in my Domain Controller built-in > Computer Sets that it > won't let me edit out. I did the whole ADSI Edit thing and > ntdsutil, but > that site was gracefully removed, and it no longer referenced > anywhere. Odd > thing is that my perimeter network is 192.168.3.0 255.255.255.0 (NOT > 192.168.7.0) so I'm not sure what all the hubbub is about. > > Jim? Tom? Anyone? > > t > > > ----- > "I may disapprove of what you say, > but I will defend to the death your > right to say it." > > > ----- Original Message ----- > From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Friday, December 16, 2005 11:03 AM > Subject: [isalist] SMTP publishing > > > > http://www.ISAserver.org > > > > I just created a rule to publish SMTP from my Exchange 2003 > server, but > > I'm > > getting 0x8007274c errors on the ISA server when I try to > telnet to port > > 25. > > I do establish a connection, but get no response. > > > > The Exchange server is a front end server and I have OWA > and RPC over HTTP > > published through ISA for this same server. I can telnet > to this server > > internally. > > > > I don't see anything written to the smtpsvc logs on > Exchange and a netstat > > doesn't show any connection from the ISA server, so it > looks like the > > external telnet connection to ISA is made OK, but traffic > isn't making it > > from ISA to Exchange. > > > > Also, I can make a telnet connection from the console of ISA to the > > Exchange > > server. > > > > I'm stumped. Anyone have an idea? > > > > Jeff > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > thor@xxxxxxxxxxxxxxx > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: jim@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx

Re: SMTP publishing

Other related posts: