Re: SMTP publishing
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 13:43:46 -0600
OK, let me see if I have this straight:
1. Network Rule DMZ to External = Route
2. Publish DMZ SMTP Server to External Network
OK, here's a million dollar question:
Is DNS pointing to the IP address on the ISA firewall or the IP address
of the SMTP server?
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Monday, December 19, 2005 11:40 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: SMTP publishing
>
> http://www.ISAserver.org
>
> OK- pretty straight forward article... But here's the deal.
> In that config,
> they call the "perimiter network" the DMZ itself. As in this:
>
> DMZ
> |
> ISA Box
> |
> Internal Network.
>
>
> They publish SMTP from the External interface to the Internal
> Interface.
> Done it a million times. But in my case, this is a bit different:
>
> Internet
> |
> ISA Box --- Permiter Network (DMZ)
> |
> Internal Network
>
> I want to publish from the External Interface into the DMZ-
> not into the
> Internal network. If I publish to the Internal, then it
> actuall works.
> When I publish to the DMZ Perimiter, it says SMTP denied by
> the default rule
> from External to Local-Host. The Permiter network here is
> set to route--
> but of course, I can't just set an access rule-- the DMZ is
> 192.168.3.0 and
> I must *publish* to it, not just route to it.
>
> Any ideas?
>
> t
>
>
>
>
> -----
> "I may disapprove of what you say,
> but I will defend to the death your
> right to say it."
>
>
> ----- Original Message -----
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, December 19, 2005 9:11 AM
> Subject: [isalist] Re: SMTP publishing
>
>
> http://www.ISAserver.org
>
> Enable SMTP service logging and get ready to fire up NetMon,
> but take a
> quick read of this great article that will shed some light on possible
> SMTP service issues and SMTP filtering at the ISA firewall.
>
> http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/fir
> ewall-exch
> ange2003.mspx
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Monday, December 19, 2005 10:54 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: SMTP publishing
> >
> > http://www.ISAserver.org
> >
> > Yo-
> >
> > I too have this funky issue with SMTP publishing just on this
> > one box. This
> > one is an External, Internal, Perimeter Network setup-- when
> > I go to publish
> > from the External IP to the Perimeter segment, the rule is in
> > place just
> > fine, but I get the Default Rule denied the traffic. It
> > showed that it
> > denied SMTP (not SMTP Server, btw) from the External to Local
> > Host. The
> > network segments are set up correctly, with the right IP's
> > and all. The
> > perimeter network is set to route. It just won't work.
> >
> > The only thing different about this box is that this is the
> > one that still
> > shows "192.168.7.180" in my Domain Controller built-in
> > Computer Sets that it
> > won't let me edit out. I did the whole ADSI Edit thing and
> > ntdsutil, but
> > that site was gracefully removed, and it no longer referenced
> > anywhere. Odd
> > thing is that my perimeter network is 192.168.3.0 255.255.255.0 (NOT
> > 192.168.7.0) so I'm not sure what all the hubbub is about.
> >
> > Jim? Tom? Anyone?
> >
> > t
> >
> >
> > -----
> > "I may disapprove of what you say,
> > but I will defend to the death your
> > right to say it."
> >
> >
> > ----- Original Message -----
> > From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Friday, December 16, 2005 11:03 AM
> > Subject: [isalist] SMTP publishing
> >
> >
> > > http://www.ISAserver.org
> > >
> > > I just created a rule to publish SMTP from my Exchange 2003
> > server, but
> > > I'm
> > > getting 0x8007274c errors on the ISA server when I try to
> > telnet to port
> > > 25.
> > > I do establish a connection, but get no response.
> > >
> > > The Exchange server is a front end server and I have OWA
> > and RPC over HTTP
> > > published through ISA for this same server. I can telnet
> > to this server
> > > internally.
> > >
> > > I don't see anything written to the smtpsvc logs on
> > Exchange and a netstat
> > > doesn't show any connection from the ISA server, so it
> > looks like the
> > > external telnet connection to ISA is made OK, but traffic
> > isn't making it
> > > from ISA to Exchange.
> > >
> > > Also, I can make a telnet connection from the console of
> ISA to the
> > > Exchange
> > > server.
> > >
> > > I'm stumped. Anyone have an idea?
> > >
> > > Jeff
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
