Thanks Jim, Your ideas go me running down another track... My web publishing rule is using an internal IP instead of using a FQDN. DNS is not my strong suit so I will have to work on either setting up a host file (ugly... very ugly) or split DNS. Right now with the web publishing rule I have, it is set with the Internal IP and the box for "Send the original host header to the publishing server inestad of the actual one" and then it bridges the web request to 5108 on the internal IP. Tonight I will play with split DNS and change the mail server host ports to 80 for HTTP and see what difference this makes. Thanks, Jeff now you need either a server publilshing rul that accoommodates TCP-5108, or a new web publishing rule that redirects to TCP-5108. You still need to convert the <internalip to webmail.<FQDN. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! http://www.ISAserver.org Additional bit of information for the problem below... the proxy logs indicate the following: <CLIENT IP anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) 2003-06-13 01:48:33 <HOSTNAME - webmail.<FQDN INTERNAL ISA IP 5108 1641 708 102608 http GET http:// <INTERNAL MAIL SERVER IP:5108/attachment/ROUTING.OLD?auth=YjM1NjQxNjQ6MTcyLjE2LjAuMTpqZWZmLmJ1dHRl&message=Id5a6ec.DAT&msgsection=2&dir= Inet 200 The last 200 being the status code would indicate to me it was a proper request answered with an "OK" status code. (ISA logs are in GMT) "ROUTING.OLD" was the attachment name for this test. 5108 is the internal mail server port (the vendor default). It can be set to anything. ********************************** Greetings, It usually takes me a while to encounter a good problem... but I found one. I have a product called VPOP3 (a nice little all-in-one mail server) installed on an internal server. I am using server publishing to host SMTP, POP3 and LDAP (mail server global address book) All works well. The problems occur with webmail publishing. A destination set configured for webmail.<FQDN A web publishing rule is setup to use the destination set to redirect the inbound request to the internal mail server (running its own HTTP services) It is set to use SSL (required) with SSL being terminated at the proxy. All of this works great. Webmail is over SSL.... everyone is happy... until they try to download an attachment via webmail. When connecting directly to the mail server via webmail on the internal network... all is fine with attachments. (ie: no magic between client and server) However clients utilizing webmail from the internet get the following error when trying to download attachments: "Internet Explorer cannot download ...<message id.dat&msgsection=2&dir= from FQDN. Internet Explorer was not able to open this Internet Site. The requested site is either unavailable or cannot be found. Please try again later." It appears that the process to download the attachment is broken mid-stream. Per the vendor, the all web traffic, including attachments are passed over the same port. Webmail server logging indicates the following 12/6/2003 20:48:34.337 - [MAILHTTP - 32] - Socket Error during Socket::GetByte - 10054 [An existing connection was forcibly closed by the remote host. ] (addr:<INTERNAL IP OF ISA SERVER) It appears as if ISA is the cause of the winsock termination. The vendor's response to my questions was: "Hmm, the redirection may be killing the way VPOP3 handles attachments (it has to generate them on the fly and does some tricky things to the URLs to try to make the web browser download them with the right name)" Any ideas? I thought it might be some wild URL mojo but do not have URLScan installed. The server is a SNAT client so their shoudn't be any proxy client issues... :-) Jeff Butte Linked Solutions, Inc ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')