Re: SMTP publishing

• From: "JosephK" <josephk@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 19 Dec 2005 23:07:28 -0800

I'm just trying to get a handle on the correlation of doing ipconfig and
the order of nic cards when you select advance.  For me, it still shows
Client for Microsoft Networks. Does that mean ISA then overrides the
settings for DMZ, EXTRNAL ETC.

Another thing when I do IPCONFIG on one of my ISA machines I get the
listing that shows DMZ, EXTERNAL, INTERNAL and PARIMETER. Then when I
look at advanced settings it shows INTERNAL, DMZ, PARIMETER AND
EXTERNAL.  I think this is a dumb question but one that confuse me on
occasion when looking at many different machines.  Not sure where I can
read about this so I ask here. I'm thinking that it's just the slots
that are occupied by the PCI bus.

So, if it is when does the binding actually take place?

Joseph



-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Monday, December 19, 2005 10:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SMTP publishing

http://www.ISAserver.org

Since your *default* ISA policies disable that functionality, it makes
little difference whether it's bound to the external interface or not.

..and there's always the "attack surface" question...

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------

-----Original Message-----
From: JosephK [mailto:josephk@xxxxxxxxx] 
Sent: Monday, December 19, 2005 10:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SMTP publishing

http://www.ISAserver.org

Would you still want to remove client for windows networks on all the
external interfaces?

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Monday, December 19, 2005 7:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SMTP publishing

http://www.ISAserver.org

Sure you can. When the "external" interface is on a private address
network and the client is on a private address network too. Sounds like
this isn't your scenario. I'm thinking of this type of scenario:

Inbound SMTP relay on private address DMZ between FE and BE ISA
firewalls
Route relationship between the SMTP server on the "internal" network. 

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> Sent: Monday, December 19, 2005 8:58 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: SMTP publishing
> 
> http://www.ISAserver.org
> 
> You said I had to actually hit the SMTP server address, not 
> the ISA external 
> interface address for the "route" deal to work.  You can't 
> hit the 1918 
> address externally...
> 
> That being said, changing the source network to the Perimiter and the 
> destination to External with NAT worked.  Thing is, in a 
> route, you'd want 
> it the other way around... But to make the relationship the 
> same as an 
> "Internal" network, that's what I had to do.
> 
> I'm going to see if the reverse direction in "route" will 
> work as well-- but 
> even if it does, I don't think I was a route relationship 
> from the External 
> to the DMZ, right?  Or will it not matter for the same reason 
> I just stated 
> above re: 1918?
> 
> t
> 
> -----
> "I may disapprove of what you say,
> but I will defend to the death your
> right to say it."
> 
> 
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, December 19, 2005 6:39 PM
> Subject: [isalist] Re: SMTP publishing
> 
> 
> http://www.ISAserver.org
> 
> Why? If the "external" interface of the ISA firewall is on a private
> address segment, you could use private addresses in the DMZ.
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
> 
> 
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Monday, December 19, 2005 8:33 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: SMTP publishing
> >
> > http://www.ISAserver.org
> >
> > I'll find out in a bit-- that's the part that is confusing
> > me... But hell,
> > it won't work now, so we'll see.  I server publish the SMTP
> > server address
> > in a route relationship would mean that you could never have
> > a 1918 address
> > in the perimiter...
> >
> > t
> >
> > -----
> > "I may disapprove of what you say,
> > but I will defend to the death your
> > right to say it."
> >
> >
> > ----- Original Message ----- 
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Monday, December 19, 2005 6:22 PM
> > Subject: [isalist] Re: SMTP publishing
> >
> >
> > http://www.ISAserver.org
> >
> > You sure about that?
> >
> > I thought I tested it and the port stealing thingie worked. 
> Now I need
> > to test again!
> >
> > Thanks!
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Monday, December 19, 2005 3:15 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Re: SMTP publishing
> > >
> > > http://www.ISAserver.org
> > >
> > > Here's the catch:
> > > Server publishing is *non-functional* if the source and
> > > destination networks have a "route" relationship.
> > > If you want to s-pub a host in the DMZ net, you need to
> > > create a NAT relationship between the external net and that host.
> > >
> > >
> > > -------------------------------------------------------
> > >    Jim Harrison
> > >    MCP(NT4, W2K), A+, Network+, PCG
> > >    http://isaserver.org/Jim_Harrison/
> > >    http://isatools.org
> > >    Read the help / books / articles!
> > > -------------------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Monday, December 19, 2005 09:40
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Re: SMTP publishing
> > >
> > > http://www.ISAserver.org
> > >
> > > OK- pretty straight forward article... But here's the deal.
> > > In that config, they call the "perimiter network" the DMZ
> > > itself.  As in this:
> > >
> > > DMZ
> > >   |
> > > ISA Box
> > >   |
> > > Internal Network.
> > >
> > >
> > > They publish SMTP from the External interface to the Internal
> > > Interface.
> > > Done it a million times.  But in my case, this is a bit different:
> > >
> > > Internet
> > >   |
> > > ISA Box ---  Permiter Network (DMZ)
> > >   |
> > > Internal Network
> > >
> > > I want to publish from the External Interface into the DMZ-
> > > not into the Internal network.  If I publish to the Internal,
> > > then it actuall works.
> > > When I publish to the DMZ Perimiter, it says SMTP denied by
> > > the default rule from External to Local-Host.  The Permiter
> > > network here is set to route-- but of course, I can't just
> > > set an access rule-- the DMZ is 192.168.3.0 and I must
> > > *publish* to it, not just route to it.
> > >
> > > Any ideas?
> > >
> > > t
> > >
> > >
> > >
> > >
> > > -----
> > > "I may disapprove of what you say,
> > > but I will defend to the death your
> > > right to say it."
> > >
> > >
> > > ----- Original Message -----
> > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Monday, December 19, 2005 9:11 AM
> > > Subject: [isalist] Re: SMTP publishing
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Enable SMTP service logging and get ready to fire up NetMon,
> > > but take a
> > > quick read of this great article that will shed some light
> > on possible
> > > SMTP service issues and SMTP filtering at the ISA firewall.
> > >
> > > http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/fir
> > > ewall-exch
> > > ange2003.mspx
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Monday, December 19, 2005 10:54 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Re: SMTP publishing
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Yo-
> > > >
> > > > I too have this funky issue with SMTP publishing just on this
> > > > one box.  This
> > > > one is an External, Internal, Perimeter Network setup-- when
> > > > I go to publish
> > > > from the External IP to the Perimeter segment, the rule is in
> > > > place just
> > > > fine, but I get the Default Rule denied the traffic.  It
> > > > showed that it
> > > > denied SMTP (not SMTP Server, btw) from the External to Local
> > > > Host. The
> > > > network segments are set up correctly, with the right IP's
> > > > and all.  The
> > > > perimeter network is set to route.  It just won't work.
> > > >
> > > > The only thing different about this box is that this is the
> > > > one that still
> > > > shows "192.168.7.180" in my Domain Controller built-in
> > > > Computer Sets that it
> > > > won't let me edit out.  I did the whole ADSI Edit thing and
> > > > ntdsutil, but
> > > > that site was gracefully removed, and it no longer referenced
> > > > anywhere.  Odd
> > > > thing is that my perimeter network is 192.168.3.0
> > 255.255.255.0 (NOT
> > > > 192.168.7.0) so I'm not sure what all the hubbub is about.
> > > >
> > > > Jim?  Tom?  Anyone?
> > > >
> > > > t
> > > >
> > > >
> > > > -----
> > > > "I may disapprove of what you say,
> > > > but I will defend to the death your
> > > > right to say it."
> > > >
> > > >
> > > > ----- Original Message ----- 
> > > > From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Friday, December 16, 2005 11:03 AM
> > > > Subject: [isalist] SMTP publishing
> > > >
> > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > I just created a rule to publish SMTP from my Exchange 2003
> > > > server, but
> > > > > I'm
> > > > > getting 0x8007274c errors on the ISA server when I try to
> > > > telnet to port
> > > > > 25.
> > > > > I do establish a connection, but get no response.
> > > > >
> > > > > The Exchange server is a front end server and I have OWA
> > > > and RPC over HTTP
> > > > > published through ISA  for this same server.  I can telnet
> > > > to this server
> > > > > internally.
> > > > >
> > > > > I don't see anything written to the smtpsvc logs on
> > > > Exchange and a netstat
> > > > > doesn't show any connection from the ISA server, so it
> > > > looks like the
> > > > > external telnet connection to ISA is made OK, but traffic
> > > > isn't making it
> > > > > from ISA to Exchange.
> > > > >
> > > > > Also, I can make a telnet connection from the console of
> > > ISA to the
> > > > > Exchange
> > > > > server.
> > > > >
> > > > > I'm stumped.  Anyone have an idea?
> > > > >
> > > > > Jeff
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our 
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > thor@xxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: 
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing
• » Re: SMTP publishing

1. Home
2. isalist
3. Archive
4. 12-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---