OK, let me see if I have this straight: 1. Network Rule DMZ to External = Route 2. Publish DMZ SMTP Server to External Network OK, here's a million dollar question: Is DNS pointing to the IP address on the ISA firewall or the IP address of the SMTP server? Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Monday, December 19, 2005 11:40 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: SMTP publishing > > http://www.ISAserver.org > > OK- pretty straight forward article... But here's the deal. > In that config, > they call the "perimiter network" the DMZ itself. As in this: > > DMZ > | > ISA Box > | > Internal Network. > > > They publish SMTP from the External interface to the Internal > Interface. > Done it a million times. But in my case, this is a bit different: > > Internet > | > ISA Box --- Permiter Network (DMZ) > | > Internal Network > > I want to publish from the External Interface into the DMZ- > not into the > Internal network. If I publish to the Internal, then it > actuall works. > When I publish to the DMZ Perimiter, it says SMTP denied by > the default rule > from External to Local-Host. The Permiter network here is > set to route-- > but of course, I can't just set an access rule-- the DMZ is > 192.168.3.0 and > I must *publish* to it, not just route to it. > > Any ideas? > > t > > > > > ----- > "I may disapprove of what you say, > but I will defend to the death your > right to say it." > > > ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Monday, December 19, 2005 9:11 AM > Subject: [isalist] Re: SMTP publishing > > > http://www.ISAserver.org > > Enable SMTP service logging and get ready to fire up NetMon, > but take a > quick read of this great article that will shed some light on possible > SMTP service issues and SMTP filtering at the ISA firewall. > > http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/fir > ewall-exch > ange2003.mspx > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Monday, December 19, 2005 10:54 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: SMTP publishing > > > > http://www.ISAserver.org > > > > Yo- > > > > I too have this funky issue with SMTP publishing just on this > > one box. This > > one is an External, Internal, Perimeter Network setup-- when > > I go to publish > > from the External IP to the Perimeter segment, the rule is in > > place just > > fine, but I get the Default Rule denied the traffic. It > > showed that it > > denied SMTP (not SMTP Server, btw) from the External to Local > > Host. The > > network segments are set up correctly, with the right IP's > > and all. The > > perimeter network is set to route. It just won't work. > > > > The only thing different about this box is that this is the > > one that still > > shows "192.168.7.180" in my Domain Controller built-in > > Computer Sets that it > > won't let me edit out. I did the whole ADSI Edit thing and > > ntdsutil, but > > that site was gracefully removed, and it no longer referenced > > anywhere. Odd > > thing is that my perimeter network is 192.168.3.0 255.255.255.0 (NOT > > 192.168.7.0) so I'm not sure what all the hubbub is about. > > > > Jim? Tom? Anyone? > > > > t > > > > > > ----- > > "I may disapprove of what you say, > > but I will defend to the death your > > right to say it." > > > > > > ----- Original Message ----- > > From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Friday, December 16, 2005 11:03 AM > > Subject: [isalist] SMTP publishing > > > > > > > http://www.ISAserver.org > > > > > > I just created a rule to publish SMTP from my Exchange 2003 > > server, but > > > I'm > > > getting 0x8007274c errors on the ISA server when I try to > > telnet to port > > > 25. > > > I do establish a connection, but get no response. > > > > > > The Exchange server is a front end server and I have OWA > > and RPC over HTTP > > > published through ISA for this same server. I can telnet > > to this server > > > internally. > > > > > > I don't see anything written to the smtpsvc logs on > > Exchange and a netstat > > > doesn't show any connection from the ISA server, so it > > looks like the > > > external telnet connection to ISA is made OK, but traffic > > isn't making it > > > from ISA to Exchange. > > > > > > Also, I can make a telnet connection from the console of > ISA to the > > > Exchange > > > server. > > > > > > I'm stumped. Anyone have an idea? > > > > > > Jeff > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > thor@xxxxxxxxxxxxxxx > > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >