Re: SP1a SMTP filter still broken?

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 6 Apr 2002 09:08:46 -0800

Hi Stefaan,

The thing to remember is that the SMTP filter was designed as a protective
mechanism; not an SMTP service.
It's very basic and requires an IIS or Exch SMTP service to do more than
just "watch the wire".
If your SMTP server understands or publishes certain commands, then you
should add them to the "allowed" list and let your SMTP server handle them.
If it doesn't understand the verbs that are causing the rejections, then ISA
is acting the way I'd want it to; "don't bother my servers with requests
they don't support".
My SMTP server reports "too many protocol violations" for the times when ISA
"cuts them off at the knees".  It's a good feeling for me...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, April 06, 2002 8:00 AM
Subject: [isalist] Re: SP1a SMTP filter still broken?


http://www.ISAserver.org


Hi Jim,

why does the SMTP filter reacts abnormally on not allowed verbs? The SMTP
filter closes the connection instead of answering with a '500 Command not
understood' respons. So, he don't let the other site fallback on more
'basic' SMTP commands. That is exactly the reason why I don't use the SMTP
filter! Other SMTP security products (such as WebShield from NAI) send
always a '500 Command not understood' respons on not allowed or implemented
commands.

BTW --- I hoped it would be resolved in SP1a, but no luck...

Regards,
Stefaan

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: zaterdag 6 april 2002 17:33
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SP1a SMTP filter still broken?


http://www.ISAserver.org


Actually, that looks like it choked on the ETRN command.
Is that included in your list of "allowed" verbs?
I know it's not in the default list.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, April 06, 2002 5:02 AM
Subject: [isalist] SP1a SMTP filter still broken?


http://www.ISAserver.org


Hey guys,

I thought I'd give the SP1a SMTP filter another chance. I've had it
running for about 5 days without a problem, but last night I get this in
the Application Log:

Event Type: Error
Event Source: SmtpEvt
Event Category: None
Event ID: 20031
Date: 4/5/2002
Time: 7:44:40 PM
User: N/A
Computer: ISASERVER
Description:
An unknown SMTP command

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 45 54 52 4e 20 40 54 48   ETRN @TH
0008: 45 52 4d 4f 54 49 43 44   ERMOTICD
0010: 45 56 45 4c 4f 50 4d 45   EVELOPME
0018: 4e 54 53 2e 43 4f 2e 55   NTS.CO.U
0020: 4b                        K

Looks like the same stuff we saw before SP1 was taken down.

Anyone else seen this?

Thanks!

Tom
www.isaserver.org/shinder


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: