Hi Muhammad, Yes. HTH< Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: rizwan@xxxxxxxxxxx [mailto:rizwan@xxxxxxxxxxx] Sent: Wednesday, June 11, 2003 11:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Setup SMTP Filter http://www.ISAserver.org Dear All, Please could anybody tell me that SMTP filter of ISA works with Domino Mailserver Version 5.0.2. Its urgent . Awaiting your reply. Kind regards, Muhammad Rizwan Khalid Asst. Manager M.I.S ------------------------------------------------------------------------ -- Makkays Tel: +92 51 2822 075 (Ext.141) Kulsum Plaza, Fax: +92 51 2270 955 42 Jinnah Avenue, Mobile: 0300 8503841 Islamabad, E-Mail: rizwan@xxxxxxxxxxx Pakistan. Web: http://www.makkays.com ------------------------------------------------------------------------ --- "Jim Harrison" To: "[ISAserver.org <jim@isatools Discussion List]" .org> <isalist@xxxxxxxxxxxxx> cc: 06/11/03 Subject: [isalist] Re: Setup 08:13 PM SMTP Filter Please respond to "[ISAserver.o rg Discussion List]" http://www.ISAserver.org The thing is, the SMTP filter shouldn't reject non-command strings like "500 XXXX command not recognized" I'd still like to see that trace... Unfortunately, the SMTP filter has no logging functionality. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, June 11, 2003 07:59 Subject: [isalist] Re: Setup SMTP Filter http://www.ISAserver.org Hi Jim I've done some more digging and discovered that the EHLO verb is an ESMTP command and that's why all non-ESMTP enabled mail servers reply with an Error 500 - Unknown Command. In this error these mail servers "generalise" the original verb with placeholders (X) and thus say that the verb XXXX was not recognised. I tried creating a new XXXX SMTP verb the other day but I did not give it a length of 71 (as is the case of HELO). After increasing the length of the XXXX verb to 71, everything seems fine because now the firewall allows the XXXX command to be passed through to my mail server, who then switches over to the HELO command and then communication continues just fine. One last thing if you please, does ISA do any logging of all rejected SMTP messages? I mean if I reject a specific domain/keyword/sender, does ISA log this information anywhere? Thanks William R. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 11 June 2003 15:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Setup SMTP Filter http://www.ISAserver.org The quick answer is to add "XXXX" in the allowed list and give it the same length as HELO. The long answer is, "there's no such SMTP verb as XXXX". Can you turn off the SMTP filter and get a trace of this converstation? I've had some experience with the verb functions in the SMTP filter (can we say AUTH?). Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! http://www.ISAserver.org Hi there I have now discovered the following on my mail server. 1) When it initiates a connection it issues an EHLO command as follows: >>> EHLO columbus.co.za 2) I then get a reply from the receiving mail server as follows 500 Syntax error, command "XXXX columbus.co.za" unrecognized 3) Then my mail server tries another route as follows: >>> HELO columbus.co.za 4) An then I get a valid reply: 250 madrid.acxgroup.com Hello columbus.co.za ([196.37.130.153]), pleased to meet you And then communication continues just fine. But when I enable the ISA SMTP filter, I start getting the following alerts from my firewall: ISA Server alert: An unknown SMTP command XXXX MADRID.ACXGROUP.COM So it would appear that the XXXX reply is somehow a "valid" SMTP command/response, but how can I go about telling ISA to permit this message through. The thing is I can now quite happily just ignore these alerts, but then my mail server is not going to get the XXXX response from the receiving mail server, and thus my mail server won't know to try and use the HELO command instead. I can think that one resolution to this problem would be to force all SMTP communication to begin with a HELO instead of an EHLO, but this problem doesn't exist for all mail servers that I connect to. Which of the 2 commands (EHLO and HELO) is the most universal and should be accepted by ALL mail servers, regardless of the flavour (E.g. Exchange, Sendmail etc etc) Cheers William R. >>> MAIL From:<testcert-centre@xxxxxxxxxxxxxx> 250 testcert-centre@xxxxxxxxxxxxxxxxx Sender OK >>> RCPT To:<codocs@xxxxxxxxxxxx> 250 codocs@xxxxxxxxxxxxxxx Recipient OK >>> DATA -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 03 June 2003 17:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Setup SMTP Filter http://www.ISAserver.org Are those commands actually "XXXX"? If so, those aren't valid SMTP verbs and you then have two choices: 1. run your favorite packet tracer on the ISA external IP and watch for this event to fire. You can then watch the conversation up to that point to see what's going on. 2. contact the owners of those servers and ask them why they're sending this to you If not, what are they? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, June 03, 2003 07:20 Subject: [isalist] Re: Setup SMTP Filter http://www.ISAserver.org Hi Jim After enabling the SMTP Filter and setting the NOOP length to 20 bytes, I then started getting the following alerts from my Firewall: ISA Server alert: An unknown SMTP command XXXX ASTPROXY01.AST.CO.ZA XXXX TCEN-UL-MAILSV01.TELKOM.CO.ZA XXXX SMTP.LANTIC.NET XXXX NS2.DHV.NL XXXX MFCS002.SAMANCORCR.CO.ZA XXXX JS000414.JOBSERVE.COM XXXX AVEROMAR01.POVOAHOLDINGS.COM etc etc etc Do you perhaps know where I may start trying to figure out what exactly these commands are that I need to enable? (BTW, I have a linux-based sendmail server - no fancy schmancy exchange servers for me :( Thanks William R. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 02 June 2003 16:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Setup SMTP Filter http://www.ISAserver.org Generally, 20 is seen as a good upper limit for NOOP. AUTH should be 1024, if you enable it. Don't expect to screen HTML mail; the screener doesn't seem to like them. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, June 02, 2003 01:03 Subject: [isalist] Setup SMTP Filter http://www.ISAserver.org Hi there My original installation of ISA Server excluded the setup of the SMTP filter as I appeared to have problems with receiving mail etc. I have now got some time on my hands ( yeah right.!) and would like to start playing with it again. I would like to know of any "out-the-box" tricks that I need to use to get it working properly. I know for one thing that the default NOOP value of 6 is apparently too small. Could someone please let me know what a more acceptable NOOP setting is, as well as any other variables/settings that I need to customise, or be on the lookout for. Any reference to reading material to assist with the comprehension of this topic would be a great asset. Cheers William R. _____ William Robertson AST Mpumalanga Systems House / Consultant: Software Tel: 013-2472703 / 083 638 0354 Fax: 013-2462236 --------------------------------------------------------------------- Everything in this e-mail and attachments relating to the official business of Columbus Stainless is proprietary to the company. It is confidential, legally privileged and protected by law. Columbus Stainless does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Columbus Stainless. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is,for whatever reason, corrupted or does not reach its intended destination. --------------------------------------------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --------------------------------------------------------------------- Everything in this e-mail and attachments relating to the official business of Columbus Stainless is proprietary to the company. It is confidential, legally privileged and protected by law. Columbus Stainless does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Columbus Stainless. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is,for whatever reason, corrupted or does not reach its intended destination. --------------------------------------------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --------------------------------------------------------------------- Everything in this e-mail and attachments relating to the official business of Columbus Stainless is proprietary to the company. It is confidential, legally privileged and protected by law. Columbus Stainless does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Columbus Stainless. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is,for whatever reason, corrupted or does not reach its intended destination. --------------------------------------------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --------------------------------------------------------------------- Everything in this e-mail and attachments relating to the official business of Columbus Stainless is proprietary to the company. It is confidential, legally privileged and protected by law. Columbus Stainless does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Columbus Stainless. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is,for whatever reason, corrupted or does not reach its intended destination. --------------------------------------------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rizwan@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')