Hi Stefaan, The thing to remember is that the SMTP filter was designed as a protective mechanism; not an SMTP service. It's very basic and requires an IIS or Exch SMTP service to do more than just "watch the wire". If your SMTP server understands or publishes certain commands, then you should add them to the "allowed" list and let your SMTP server handle them. If it doesn't understand the verbs that are causing the rejections, then ISA is acting the way I'd want it to; "don't bother my servers with requests they don't support". My SMTP server reports "too many protocol violations" for the times when ISA "cuts them off at the knees". It's a good feeling for me... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, April 06, 2002 8:00 AM Subject: [isalist] Re: SP1a SMTP filter still broken? http://www.ISAserver.org Hi Jim, why does the SMTP filter reacts abnormally on not allowed verbs? The SMTP filter closes the connection instead of answering with a '500 Command not understood' respons. So, he don't let the other site fallback on more 'basic' SMTP commands. That is exactly the reason why I don't use the SMTP filter! Other SMTP security products (such as WebShield from NAI) send always a '500 Command not understood' respons on not allowed or implemented commands. BTW --- I hoped it would be resolved in SP1a, but no luck... Regards, Stefaan -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: zaterdag 6 april 2002 17:33 To: [ISAserver.org Discussion List] Subject: [isalist] Re: SP1a SMTP filter still broken? http://www.ISAserver.org Actually, that looks like it choked on the ETRN command. Is that included in your list of "allowed" verbs? I know it's not in the default list. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, April 06, 2002 5:02 AM Subject: [isalist] SP1a SMTP filter still broken? http://www.ISAserver.org Hey guys, I thought I'd give the SP1a SMTP filter another chance. I've had it running for about 5 days without a problem, but last night I get this in the Application Log: Event Type: Error Event Source: SmtpEvt Event Category: None Event ID: 20031 Date: 4/5/2002 Time: 7:44:40 PM User: N/A Computer: ISASERVER Description: An unknown SMTP command For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 45 54 52 4e 20 40 54 48 ETRN @TH 0008: 45 52 4d 4f 54 49 43 44 ERMOTICD 0010: 45 56 45 4c 4f 50 4d 45 EVELOPME 0018: 4e 54 53 2e 43 4f 2e 55 NTS.CO.U 0020: 4b K Looks like the same stuff we saw before SP1 was taken down. Anyone else seen this? Thanks! Tom www.isaserver.org/shinder ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')