http://www.ISAserver.org ------------------------------------------------------- I did, I went back and re read you OP email... paragraphs man! I didn't think it worth clarifying further, as steve says, it still needs the outgoing rule on the bog standard pop3 protocol rather than pop3 server. The pop3 server protocol should be used for publishing your own server only and in a separate rule to any outgoing stuff (if the servers even to be accessible outside on the internet). At least that's how I'd do it. Last thing, verbosity in error reporting isnt a great thing, get to the point asap with as focused sentences as possible, filling it with words will just turn people off reading it, responding to people who point out errors in your statement or diagnosis with emotive responses isnt going to help any situation either, reread everything you have to post twice before posting, you'd see errors like your response to tom upon review. My experience of this list so far has actually been mostly solved before I even clicked on 'send' due to having to lay out my problem in as logical and 'to the point' as possible language, walking myself thru the problem at hand and writing it out has helped me solve the problems myself. Any problems beyond that which I have posted I've later pinned down to non ISA things anyway so the response I got was appropriate. Paul. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tee Darling Sent: Tuesday, December 05, 2006 10:24 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!! Paul, Maybe if you have taken some time and read all the e-mails related to this incident I first reported, you would have known that first, I have a mail server sitting inside the internal LAN, and second just be'cos I am using Verizon DSL, I have been trying to setup Outlook 2003 on one of my workstations to access my verizon e-mails. So now you really know what is going on here. Do you have any more ideas to help make what I am trying to do here work? Thanks. T On 12/5/06, Paul Noble < pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx <mailto:pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx> > wrote: http://www.ISAserver.org ------------------------------------------------------- But tom didn't state pop3 he stated pop3 server which is pulled from your rule listings you provided. Unless you're actually hosting a 'mail' server on your local lan or even any services for the internet to access you really shouldn't have any incoming rules at all, the default deny incoming should trump all. If you're just a client pulling data from an isp pop3 server then your outgoing rule should contact pop3 protocol NOT pop3 server protocol which you stated. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto: isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tee Darling Sent: Tuesday, December 05, 2006 6:56 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!! Tom, What are you talking about now? And what is correct then? If you're talking about the protocol that was allowed from the Internal network to the incoming.verizon.net host, then it was POP3 Server protocol that was added and not Pop3 as you have stated here. Thanks. T On 12/5/06, Thomas W Shinder < tshinder@xxxxxxxxxxx> wrote: Pop3 server is incorrect. From: isalist-bounce@xxxxxxxxxxxxx [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ] On Behalf Of Steve Moffat Sent: Monday, December 04, 2006 8:45 PM To: ISA Mailing List Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!! Have you any idea how to set up a mail account? It's looking for the correct username and password. Are you allowing smtp out to the mail server? Read the help....it's all covered there. S From: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ] On Behalf Of Tee Darling Sent: Monday, December 04, 2006 7:07 PM To: ISA Mailing List Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!! I have a rule in place now to "allow" -->Selected Protocols - POP3 Server --> From Internal --> incoming.verizon.net. The somehow "good news" is that when I try to "Test Account Settings.." in Outlook 2003 I received the following info: Established network connection ---> Completed Find outgoing mail server (SMTP) ---> Completed Find incoming mail server (POP3) ---> Completed Log onto incoming mail server (POP3) -> Failed Send test e-mail message -> Failed Note: Before I implemented the rule above, I was receiving "Failed" through out the above test. Now I am receiving 3 "Completed" and 2 "Failed" In addition, I received 2 errors now when I do the Test Account Settings: 1). Send test e-mail message: The specified server was found, but there was no response from the server. Please verifiy that the port and SSL information is correct. To access these settings close this dialog, then click More Settings and click on the Advanced tab 2). Log onto incoming mail server (POP3): The specified server was found, but there was no response from the server. Please verifiy that the port and SSl information is correct. To access these settings close this dialog, then click More Settings and click on the Advanced tab. Someone out there may have encountered this problem before. Any help as to how this was resolved? T On 12/4/06, Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx> wrote: You need outbound 110 to the pop3 server, not inbound. Outbound from internal to incoming.verizon.net host. t On 12/4/06 1:23 PM, "Tee Darling" <tee.darling77@xxxxxxxxx > spoketh to all: Well, I do have a rule in place for incoming POP3 from the External to Internal network but I have been getting this error all the time. T On 12/4/06, Steve Moffat < steve@xxxxxxxxxx> wrote: Well yeeesss You need an access rule on your ISA server to allow POP3 to the mail server S From: isalist-bounce@xxxxxxxxxxxxx [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> <mailto:isalist-bounce@xxxxxxxxxxxxx> > ] On Behalf Of Tee Darling Sent: Monday, December 04, 2006 4:21 PM To: ISA Mailing List Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!! This is what I received when I telnet to my ISP POP3 mail server: " C:\>telnet incoming.verizon.net <http://incoming.verizon.net> <http://incoming.verizon.net> <http://incoming.verizon.net> 110 Connecting To incoming.verizon.net...Could not open connection to the host, on p ort 110: Connect failed C:\> Is there a rule that I have to come up with in order for this to work? T On 12/4/06, Ara Avvali < Ara.Avvali@xxxxxxxxxxxxx> wrote: No he me means telnet to your isp pop mail server From: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> <mailto:isalist-bounce@xxxxxxxxxxxxx> <mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> > > ] On Behalf Of Tee Darling Sent: Monday, December 04, 2006 11:08 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!! If you mean, to telnet inside the LAN from a workstation to the ISA box, then this is what I received when I do that....---> C:\>telnet 192.168.35.1 <http://192.168.35.1> <http://192.168.35.1> 110 Connecting To 192.168.35.1...Could not open connection to the host, on port 110: Connect failed C:\> T On 12/4/06, Steve Moffat < steve@xxxxxxxxxx <mailto:steve@xxxxxxxxxx > <mailto:steve@xxxxxxxxxx> > wrote: Can you telnet to port 110 from your workstations? S From: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> <mailto:isalist-bounce@xxxxxxxxxxxxx> <mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> > > ] On Behalf Of Tee Darling Sent: Monday, December 04, 2006 2:15 PM To: ISA Mailing List Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!! Jim, The answer to your questions is that Yes, traffic does flow through ISA. All my workstations have the ISA client installed and they connect to the Internet through the ISA box. The error code given by Outlook is this --> "0x80042108 Outlook is unable to connect to your incoming POP3 e-mail server". I did a search at MS knowledge base and I received KB article 318790. This article talks about this info: SYMPTOMS When you start Microsoft Outlook, you may not be able to send and receive messages, and you may receive the following error message: 0x80042108 Outlook is unable to connect to your incoming POP3 e-mail server. Error! Filename not specified. <#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top> Back to the top <#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top> CAUSE This behavior may occur if any of the following conditions are true: * There are corrupted files on your hard disk. * You are running Norton Personal Firewall 2002. * You are running Norton Internet Security software. * You have installed an update to Microsoft Office. * The Norton anti-spam add-in is enabled in Outlook. Note Norton Personal Firewall 2002, Norton Internet Security software, and the Norton Anti-Spam add-in are supported by Symantec Inc. Error! Filename not specified. <#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top> Back to the top <#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top> RESOLUTION To resolve this behavior, remove your Norton Person Firewall or Norton Internet Security software and then reinstall your Norton Person Firewall or Norton Internet Security software. Alternatively, you can use the contact information that is provided later in this article if you need help. To remove and then reinstall Norton Person Firewall or to remove and then reinstall Norton Internet Security software, follow these steps. ---------------------------------------------------------------------------- ----------------------------------------------------- Here is the info for my Client and ISA Ipconfig /all: "Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. Client IPconfig /all C:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : vivace Primary Dns Suffix . . . . . . . : XXXXXXX.net Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : XXXXXXX.net Ethernet adapter LAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapt er(LNE100TX v4) Physical Address. . . . . . . . . : 00-03-6D-15-28-95 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.35.25 <http://192.168.35.25> <http://192.168.35.25> Subnet Mask . . . . . . . . . . . : 255.255.255.0 <http://255.255.255.0> <http://255.255.255.0> <http://255.255.255.0> Default Gateway . . . . . . . . . : 192.168.35.1 <http://192.168.35.1> <http://192.168.35.1> <http://192.168.35.1> DNS Servers . . . . . . . . . . . : 192.168.35.5 <http://192.168.35.5> <http://192.168.35.5> <http://192.168.35.5> ---> my Domain IP 192.168.35.1---> ISA box IP Ethernet adapter Connection To Verizon: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : CNet PRO200WL PCI Fast Ethernet Adap ter Physical Address. . . . . . . . . : 00-08-A1-22-CE-FC C:\> ISA Ipconfig /all C:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : ISA1 Primary Dns Suffix . . . . . . . : XXXXXXXX.net Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : Yes DNS Suffix Search List. . . . . . : XXXXXXXX.net Ethernet adapter LAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection Physical Address. . . . . . . . . : 00-B0-D0-20-1C-DA DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.35.1 <http://192.168.35.1> <http://192.168.35.1> Subnet Mask . . . . . . . . . . . : 255.255.255.0 <http://255.255.255.0> <http://255.255.255.0> Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.35.1 <http://192.168.35.1> <http://192.168.35.1> Ethernet adapter WAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter (PILA847 0B) Physical Address. . . . . . . . . : 00-D0-B7-4D-52-A4 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.3 <http://192.168.1.3> < http://192.168.1.3 <http://192.168.1.3> > Subnet Mask . . . . . . . . . . . : 255.255.255.0 <http://255.255.255.0> < http://255.255.255.0 <http://255.255.255.0> > Default Gateway . . . . . . . . . : 192.168.1.1 <http://192.168.1.1> <http://192.168.1.1 > DNS Servers . . . . . . . . . . . : 192.168.35.1 <http://192.168.35.1> <http://192.168.35.1 > NetBIOS over Tcpip. . . . . . . . : Disabled C:\>c" Any help please? Thanks T On 12/4/06, Jim Harrison < Jim@xxxxxxxxxxxx <mailto:Jim@xxxxxxxxxxxx> <mailto:Jim@xxxxxxxxxxxx> <mailto:Jim@xxxxxxxxxxxx> > wrote: You're not giving the error codes provided by Outlook. Using that, you can search MSKB and very often discover your answer. You also haven't provided any alerts or error events from your ISA. Does *any* traffic flow through ISA? What is the ISA ipconfig/all? What is the test client ipconfig/all? From: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> > <mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> > ] On Behalf Of Tee Darling Sent: Monday, December 04, 2006 3:59 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Verizon DSL and ISA Server 2004 Problem!!! ISA Gurus, I just added a Verizon DLS box (Westel 327W) to my network and now I can't send any e-mail out. Here is the configuration: I have 2 NICs in my ISA Server 2004. The internal NIC has the IP range 192.168.35.0 <http://192.168.35.0> <http://192.168.35.0> thru 192.168.35.254 <http://192.168.35.254> <http://192.168.35.254> . The External NIC is connected to the Verizon DSL box. The DSL box gives out the DHCP IP range 192.168.1.15 <http://192.168.1.15> <http://192.168.1.15> thru 192.168.1. 47. I have assigned 192.168.1.3 <http://192.168.1.3> <http://192.168.1.3> <http://192.168.1.3 > to the NIC that is connected to the DSL . This DSL box by default allows all traffic to exit without any interferance. I have configured port forwarding for example port 25, port 443, port 110 etc to the appropriate box. I can receive e-mail on my Exchange Server 2003 without any difficulty but whenever I send email out from one of my workstations, the email ends up in the queue on the server and just sits there. Anything I am missing here? Next, I am a little bit confused as to what kind of route configuration I need to setup between my internal LAN and the DSL IP range or if one would like to call it the DMZ. I am not sure if I can call the area of the DSL IP range as the DMZ. Or would that area be part of the External network? My plan is to add a 3rd NIC and assign the IP range 10.0.0.0 <http://10.0.0.0> <http://10.0.0.0> thru 10.x.x.254 and call that zone the DMZ. I haven't done this yet so I am not worry about it now. My main problem is how to configure the ISA firewall again to let the email go out from my Exchange Server 2003 box. I just had this problem when I switched from my cable provider to the DSL provider. I never had this problem with my cable box which wasn't given out any private IP addresses out. I am also having problem making my verizon mail go out from my internal LAN from one of my machine which has Outlook 2003. Here are the errors I get from this workstation: 1). Find incoming mail server (POP3): Outlok could not connect to the incoming mail server (POP3). The problem could be the server name or port, or your server may not support SSL. Verify your port and SSl settings in More Settings under the Advanced tab. 2). Find outgoing mail server (SMTP): Outlok could not connect to the outgoing mail server (POP3). The problem could be the server name or port, or your server may not support SSL. Verify your port and SSl settings in More Settings under the Advanced tab. 3). Log onto incoming mail server (POP3): The specified server was found, but there was no response from the server. Please verify that th eport and SSL informatoin is correct. To access these settings close the dialog, then click More Settings and click on the Advanced tab. 4). Find incoming mail server (POP3): Outlok could not connect to the incoming mail server (POP3). The problem could be the server name or port, or your server may not support SSL. Verify your port and SSl settings in More Settings under the Advanced tab. Any help will be greatly appreciated. Thanks. Tee All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx