RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
- From: "Bryan D. Andrews" <bandrews@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 2 Jun 2005 11:47:36 -0400
Yes but as far as I know you still can't send out through any IP except
the default. Are you saying that I can bind different mail servers to
different outbound IPs?
The articles I have read do not indicate this.
I have been through this in and out for the past couple of years and
have never found an acceptable solution.
This seems like a weakness mostly for smaller orgs that do not have the
resources to set up relay servers. The solution is obviously that -
setup a relay server that allows you to bind smtp instances to different
IPs (if you want them to appear to the world as different orgs).
I just feel strongly that the "proxy" nature of ISA is a hindrance that
you don't see in other popular firewalls.
Oh well.
-----Original Message-----
From: JosephK [mailto:josephk@xxxxxxxxx]
Sent: Wednesday, June 01, 2005 2:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP
Importance: High
http://www.ISAserver.org
Your not running IIS on the ISA box when you just select the SMTP
service
at least on 2003. And when you setup the outbound relay you can have
your internal exchange or mail server send to the ISA box and on the ISA
box you setup the ISA system policy to allow outbound connections. Then
on the SMTP service you specify the only box that can relay through your
machine is the internal mail machine.
Thank you,
Lots of good articles out on isaserver.org by the way.
Joseph
-----Original Message-----
From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxx]
Sent: Wednesday, June 01, 2005 11:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP
http://www.ISAserver.org
Hmmm... I always thought the best policy was not to run IIS or anything
other than ISA on the ISA server.
In these articles you mention are they "outbound" relays also? Does this
scenario support binding the smtp instance to particular IPs for
different relaying servers?
Thanks again for the replies!
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, June 01, 2005 1:51 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP
http://www.ISAserver.org
Hi Joseph,
True enough! There are several articles by moi on the ms.com and
ISAserver.org sites on how to configure the ISA firewall itself as an
inbound SMTP relay. No extra software, no extra hardware.
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: JosephK [mailto:josephk@xxxxxxxxx]
Sent: Wednesday, June 01, 2005 12:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP
Importance: High
http://www.ISAserver.org
Relay servers can be located on the ISA box and in the DMZ on
the web machine. I have it setup this way and it works great and I'm
not using an extra machine. However, I have used POSTFIX and sendmail
in testing and they work as well.
Thank you,
Joseph
-----Original Message-----
From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxx]
Sent: Wednesday, June 01, 2005 10:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP
http://www.ISAserver.org
That assumes the following:
* That there is someone who knows linux
* That there is an extra workstation
* That they want another point of failure for email
* That they want to spend the time configuring this
I just feel like this is a hack and it should not be this way.
Might be out of luck huh....?
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Wednesday, June 01, 2005 9:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP
http://www.ISAserver.org
Can't they afford an old workstation, with freebie Linux, and one of the
many flavours of mailserver available???
S
-----Original Message-----
From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxx]
Sent: Wednesday, June 01, 2005 10:33 AM
To: ISA Mailing List
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP
http://www.ISAserver.org
Hehe - that is what I am saying... a relay server is not an option at
this point.
I guess I am really trying to find out if there is any movement on this
issue at MS? Or will there be? I know this group would know if there
was... :)
Does checkpoint or other popular firewalls have this issue? I would
think the answer is no.
This should be taken seriously considering the SenderID. Not every
company can afford to create relay servers in a dmz.
Thanks Tom for the reply.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
