• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Access IMAP/SMTP behind ISA?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Access IMAP/SMTP behind ISA? Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Access IMAP/SMTP behind ISA? - 9.Mar.2010 5:16:54 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
I'm trying to acces IMAP and SMTP behind ISA. Every mail client i try just fails to connect and i've tried several domains including googlemail.

I have creating the following access rule:

Mail Access Protocol - Enabled / Allow

Selected Protocols - HTTP, HTTPS, SMTP, IMAP4, IMAPS, POP3
From - INTERNAL
To - EXTERNAL
Users - ALL USERS
Schedule - ALWAYS
All content types

Do i need to do anything else besides setup the access rule?

One thing i have noticed is that the SMTP filter port range is 465, but gmail says to set this as 587. In ISA the option to add more ports is grayed out?

Anyone have any experience with this?
Post #: 1
RE: Access IMAP/SMTP behind ISA? - 9.Mar.2010 8:42:02 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

this is not a issue. If you need to create a custom protocol to access some resource you just do it.

Search through this web site on how to create custom protocols on ISA.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to forcer)
Post #: 2
RE: Access IMAP/SMTP behind ISA? - 10.Mar.2010 4:18:02 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
Thanks, but even the standard protocols aren't working, the mail servers on my own website domain don't work.

Regardless, i created a new protocol 'IMAP-GMAIL' and 'SMTP-GMAIL'

TCP - Outbound - 993 imap
TCP - Outbound - 587 smtp

I've added those protocols to the Mail Access Protocol (Access Rule) but still nothing :(

Could it be something to do with SSL/TLS?

(in reply to paulo.oliveira)
Post #: 3
RE: Access IMAP/SMTP behind ISA? - 11.Mar.2010 4:41:52 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
I have tried adding new protocols but it didnt work, i was told i needed to allow smtp./imap.gmail.com, how do i do that?

(in reply to forcer)
Post #: 4
RE: Access IMAP/SMTP behind ISA? - 15.Mar.2010 5:34:51 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
please anyonee :(

(in reply to forcer)
Post #: 5
RE: Access IMAP/SMTP behind ISA? - 15.Mar.2010 7:48:02 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Have you tried using server publishing?

Have a look at this:

http://technet.microsoft.com/en-us/library/cc713317.aspx

Cheers

JJ

< Message edited by Jason Jones -- 15.Mar.2010 7:51:05 PM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to forcer)
Post #: 6
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 6:12:02 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
Thanks for that but i think that's for servers using local mail servers.. i just want to connect to web mail stuff like gmail, hotmail and my own domains.

(in reply to Jason Jones)
Post #: 7
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 8:13:33 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Ah ok, when you said "behind" I assume you meant internal mail servers. So, you are talking about connecting to externql mail servers?

What network topology is your ISA server using, e.g. do you have at least two NICs?

Are you using the firewall client?

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to forcer)
Post #: 8
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 8:20:08 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
I am just trying to connect to IMAP and SMTP of gmail and other domains.

for example, when i fire Outlook 2007 up at home it connects fine.

When if ire Outlook 2007 up at work i get errors such as:

task xxxxx@gmail.com - sending error report (0x800CCC0D) : Cannot find the e-mail server.

Task 'Synchronizing subscribed folders for XXXXX@gmail.com.' reported error (0x800CCC0E) : 'Outlook cannot synchronize subscribed folders for XXXXX@gmail.com. Error: Cannot connect to the server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'


This is obviously because ISA Server is blocking access. we can't access any SMTP or IMAP.. or even POP3

Yes we have 2 NICS. We're using the Edge Firewall

We are using the firewall client.

(in reply to Jason Jones)
Post #: 9
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 8:41:12 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
By default, the firewall client disables external access using Outlook...

You can resolve this using the following info:

http://www.isaserver.org/articles/2004olpop3smtp.html

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to forcer)
Post #: 10
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 9:01:17 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
Thanks for that, i've tried that but still nothing.

It fails with or without the firewall client.

Also in the log, that articles describes the error 'Connection Denied' when trying to access that protocol.

But when i try to access it i get 'Unidentified IP Traffic'

(in reply to Jason Jones)
Post #: 11
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 10:08:37 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
AFAIK gmail uses IMAPS, POP3S & SMTPS

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to forcer)
Post #: 12
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 10:12:29 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
That's correct i have also configured those in the access rule.

IMAP4, IMAPS, POP3, POPS, SMTP, SMTPS

(in reply to SteveMoffat)
Post #: 13
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 10:47:19 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
I've managed to get a connection noticed in ISA.

When i click Send/Receive mail in outlook i get this

imap.gmail.com - Sending - COMPLETED green tick success

Checking for new mail in subscribed folders on imap.gmail.com - ERRORS
Could not fetch new headers in the folder inbox for account imap.gmail.com
Error: unable to connect to server...

Check for new mail errors, same error as above..

(in reply to forcer)
Post #: 14
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 11:16:53 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
here is a screenshot of what the log shoots out when i try to connect:


(in reply to forcer)
Post #: 15
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 11:25:28 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Have you enabled auto config in the ISA MMC?
8080 & 1745 are for the fw client.
Have you enabled Outllok in the FW client?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to forcer)
Post #: 16
RE: Access IMAP/SMTP behind ISA? - 16.Mar.2010 11:35:44 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
"Have you enabled auto config in the ISA MMC?"

-I'm not sure, how/where can i check this??


"Have you enabled Outllok in the FW client?"

- By this do you mean change outlook in Application Settings, Disabled from 1 to 0 (zero) .. in which case, yes ive done that.

(in reply to SteveMoffat)
Post #: 17
RE: Access IMAP/SMTP behind ISA? - 17.Mar.2010 11:52:16 AM   
forcer

 

Posts: 25
Joined: 13.Sep.2006
Status: offline
I've updated ISA to latest service pack and it provides more info on the logs.

All i get is:

Unidentified IP Traffic(TCP:1745) Initiated Connection
Unidentified IP Traffic(TCP:1745) Connection Closed

Initiated Connection
Log type: Firewall service
Status: The operation completed successfully.
Rule:
Source: Internal ( 192.168.16.73:63894)
Destination:
Local Host ( 192.168.16.4:1745)
Protocol: Unidentified IP Traffic (TCP:1745)
User:


 Additional information
  • Number of bytes sent: 0
  • Number of bytes received: 0
  • Processing time: 0ms
  • Original Client IP: 192.168.16.73
  • Client agent:
    then:

    Closed Connection
    Log type: Firewall service
    Status:
    A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
    Rule: Source: Internal ( 192.168.16.73:63894)
    Destination: Local Host ( 192.168.16.4:1745)
    Protocol:
    Unidentified IP Traffic (TCP:1745)
    User:

    Additional information
  • Number of bytes sent: 16530
  • Number of bytes received: 15514
  • Processing time: 4000ms
  • Original Client IP: 192.168.16.73
  • Client agent:
    I'm seriously thinning out on top.

    (in reply to forcer)
  • Post #: 18
    RE: Access IMAP/SMTP behind ISA? - 17.Mar.2010 11:54:49 AM   
    Jason Jones

     

    Posts: 4663
    Joined: 30.Jul.2002
    From: United Kingdom
    Status: offline
    Is the firewall client option actually enabled on the internal network object?

    _____________________________

    Jason Jones | Forefront MVP | Silversands Ltd
    My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

    (in reply to forcer)
    Post #: 19
    RE: Access IMAP/SMTP behind ISA? - 17.Mar.2010 12:05:37 PM   
    forcer

     

    Posts: 25
    Joined: 13.Sep.2006
    Status: offline
    Yes it is.

    But one thing i have noticed when checking this is that when i click the Web Proxy tab on the internal network object SSL is unticked.

    When i tick it, i need to enter a certificate, when i click browse it says 'no certificate is installed on this server' leaving me no option but to untick it again.

    could this be related?

    (in reply to Jason Jones)
    Post #: 20

    Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
    All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Access IMAP/SMTP behind ISA? Page: [1] 2   next >   >>
    Jump to:

    New Messages No New Messages
    Hot Topic w/ New Messages Hot Topic w/o New Messages
    Locked w/ New Messages Locked w/o New Messages
     Post New Thread
     Reply to Message
     Post New Poll
     Submit Vote
     Delete My Own Post
     Delete My Own Thread
     Rate Posts