• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion for Parts 1 and 2 of spam whacking SMTP Relay articles

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Discussion for Parts 1 and 2 of spam whacking SMTP Relay articles Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Discussion for Parts 1 and 2 of spam whacking SMTP Rela... - 1.Dec.2003 8:01:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussion of parts 1 and 2 of the spam whacking SMTP relay articles at:

http://www.msexchange.org/articles/messagescreeneronfirewallpart1.html

http://isaserver.org/tutorials/messagescreeneronfirewallpart2.html

Thanks!
Tom

[ January 05, 2004, 11:38 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 2.Dec.2003 7:44:00 PM   
saint97007

 

Posts: 4
Joined: 28.Mar.2002
From: Beaverton Oregon
Status: offline
Hi Dr. Shinder -
First, I want to thank you for everything you do. I purchased your ISA Server (Configuring Book) and have found a lot of value in it.

Second, you were kind enough to answer me directly when I had a question previously - I don't recall the question - but I know you had the answer for me quickly. I appreciate your help.

I have read your recent article for Configuring a SPAM and Attachment Filtering SMTP Relay on the ISA Server (Part 1). The article mentions Server 2003 and IIS 6.0 - I am currently running ISA on Server 2000 and IIS 5.0 - Can I follow your instructions and get the same results on Windows Server 2000?

Will I have to re-install ISA Server or can I just re-publish my mail server? (Since ISA is already installed and running on Server 2000)

Lastly - I do have an open relay internally for a grading program we use in our Catholic Schools - this application emails progress reports to parents and students with a single click of the mouse. I don't want to prevent that relay from working - will the SMTP relay on the ISA Server block outbound email mass mailing as well as inbound?

Thank you so much for your help!

(in reply to tshinder)
Post #: 2
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 4.Dec.2003 5:34:00 PM   
FatAugie

 

Posts: 4
Joined: 7.Sep.2001
From: Rochester, NY
Status: offline
I have a question regarding the filtering of e-mail using ISA and the message filtering option.

Background: We have an employee who no longer works here, and is on every spam list known to man. I want to stop receiving mail for that person.

network layout: W2K web server/IIS SMTP message screener on a seperate computer from the ISA server. That webserver is not part of the domain, and it forwards to a smart host (exchange 5.5) located behind the ISA server (the exchange box is also seperate from ISA box)

Solutions tried: I have changed their e-mail address but I don't like sending back bounced messages with inside topography to spammers. I tried adding the e-mail address of the old employee as a keyword for the SMTP extension to filter, it does not work. I also tried surrounding the address with <>, "", and using wildcards, but no luck. It still makes it past the external SMTP server to the exchange server where it gets bounced back with a NDR.

Question: With the current software I have (W2K on all servers, ISA on dedicated server, SMTP service on IIS on another deidcated server, Exchange 5.5 on an internal server behind the ISA server) is there a way to filter based on the receiving address? All I seem to find is a way to block the sender which is not practical based on sheer numbers of e-mails/variations. Also, the keyword does not seem to affect e-mail addresses, is there a trick to get that to work?

Thanks,

Tony

(in reply to tshinder)
Post #: 3
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 8.Dec.2003 2:25:00 AM   
Guest
Hello,
I have a question regarding your article. Does this procedure work on Windows 2000 server?
My firewall is already installed on Windows 2000 server but the SMTP service is not installed. Can I simply install IIS 5 and then follow the document?
Regards,
Rayyan
Rayyan@seeingmachines.com

(in reply to tshinder)
  Post #: 4
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 11.Dec.2003 5:45:00 AM   
Guest
Regarding part 2 of your article. The ISA firewall (publishing rule) is set to forward email to the exchange server (10.0.0.2) and not the installed SMTP server (10.0.0.1) in part 1. Is this correct? If yes then, what purpose does the SMTP on firewall play?
Rayyan

(in reply to tshinder)
  Post #: 5
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 17.Dec.2003 2:12:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Dale:
Hi Dr. Shinder -
First, I want to thank you for everything you do. I purchased your ISA Server (Configuring Book) and have found a lot of value in it.

Second, you were kind enough to answer me directly when I had a question previously - I don't recall the question - but I know you had the answer for me quickly. I appreciate your help.

I have read your recent article for Configuring a SPAM and Attachment Filtering SMTP Relay on the ISA Server (Part 1). The article mentions Server 2003 and IIS 6.0 - I am currently running ISA on Server 2000 and IIS 5.0 - Can I follow your instructions and get the same results on Windows Server 2000?

Will I have to re-install ISA Server or can I just re-publish my mail server? (Since ISA is already installed and running on Server 2000)

Lastly - I do have an open relay internally for a grading program we use in our Catholic Schools - this application emails progress reports to parents and students with a single click of the mouse. I don't want to prevent that relay from working - will the SMTP relay on the ISA Server block outbound email mass mailing as well as inbound?

Thank you so much for your help!

Hi Dale,

Thanks! Yes, the procedures are almost exactly the same with Win2k. I don't even think there are any differneces in the interfaces. IIS 5 and IIS 6 look and feel almost exactly the same.

You should never had an open relay without authentication of some sort to protect yourself against spammers.

HTH,
Tom

(in reply to tshinder)
Post #: 6
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 17.Dec.2003 2:14:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by <rayyan>:
Regarding part 2 of your article. The ISA firewall (publishing rule) is set to forward email to the exchange server (10.0.0.2) and not the installed SMTP server (10.0.0.1) in part 1. Is this correct? If yes then, what purpose does the SMTP on firewall play?
Rayyan

Hi Rayyan,

The ISA firewall is an SMTP relay. Check out the articles here and on MSExchange.org on SMTP relays. That's why the mail is forwarded to the Exchange Server after the filtering SMTP relay whacks the spam.

HTH,
Tom

(in reply to tshinder)
Post #: 7
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 28.Dec.2003 10:44:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Rayyan,

Fixed it! It now says that you need to configure it to use the IP address on the internal interface of the ISA firewall.

HTH,
Tom

(in reply to tshinder)
Post #: 8
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 27.Jan.2004 9:25:00 PM   
nifita

 

Posts: 4
Joined: 27.Jan.2004
Status: offline
Hello Mr. Shinder,
Your article was the best instructions on ISA I've found so far...thank you very much for your efforts. I went through it step by step and it was very easy to follow. However, I am still having an issue with SMTP and ISA.
I'm running ISA Server 2000 on a Windows 2003 Server with Exchange 2003 and IIS 6.0 all on the same box. ISA was on there when it was Win2000, the previous IIS, and Exchange 2000. I did all the appropriate updates to ISA before upgrading, but it seems that after the upgrade the SMTP filters stopped working. Searching on forums, I was advised to disable socket pooling, which led me to your article.
I stepped through your article, skipping the beginning as IIS was already installed. The "Disable Service Socket Pooling" step went fine. When I got to the Relay Properties part, I was a little confused because my Default SMTP Server does not show up in IIS Manager. I did find it through Exchange System Manager, though, and the IP address was set properly to the internal address. I could not complete the steps regarding remote domains because only Current Sessions shows up beneath Default SMTP Server in Exchange System Manager (I'm not sure that I need remote domains, either, anyway). Is there a problem with the fact that this doesn't show up in IIS 6.0?
Also, in finishing Part II of your article, I also realized that I may have been using a misnomer in saying that the SMTP filter isn't working. It appears that it's actually the SMTP Message Screener that is no longer doing it's job. Does this have to be reinstalled after upgrading to SP1 and Windows 2003? Is there some other fix besides disabling socket pooling that can get this going again?
I also did check httpcfg query iplisten and that was set to the internal ip.
Sorry for the long message...I wanted to get in all the background. I hope you can direct me to the solution. Thank you very much,
Jenna Stiles

(in reply to tshinder)
Post #: 9
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 28.Jan.2004 5:56:00 PM   
flepage

 

Posts: 16
Joined: 27.Aug.2001
Status: offline
HI TOM

I want to know if I can use Exchange 5.5 with your scenario ?

(in reply to tshinder)
Post #: 10
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 29.Jan.2004 1:54:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by nifita:
Hello Mr. Shinder,
Your article was the best instructions on ISA I've found so far...thank you very much for your efforts. I went through it step by step and it was very easy to follow. However, I am still having an issue with SMTP and ISA.
I'm running ISA Server 2000 on a Windows 2003 Server with Exchange 2003 and IIS 6.0 all on the same box. ISA was on there when it was Win2000, the previous IIS, and Exchange 2000. I did all the appropriate updates to ISA before upgrading, but it seems that after the upgrade the SMTP filters stopped working. Searching on forums, I was advised to disable socket pooling, which led me to your article.
I stepped through your article, skipping the beginning as IIS was already installed. The "Disable Service Socket Pooling" step went fine. When I got to the Relay Properties part, I was a little confused because my Default SMTP Server does not show up in IIS Manager. I did find it through Exchange System Manager, though, and the IP address was set properly to the internal address. I could not complete the steps regarding remote domains because only Current Sessions shows up beneath Default SMTP Server in Exchange System Manager (I'm not sure that I need remote domains, either, anyway). Is there a problem with the fact that this doesn't show up in IIS 6.0?
Also, in finishing Part II of your article, I also realized that I may have been using a misnomer in saying that the SMTP filter isn't working. It appears that it's actually the SMTP Message Screener that is no longer doing it's job. Does this have to be reinstalled after upgrading to SP1 and Windows 2003? Is there some other fix besides disabling socket pooling that can get this going again?
I also did check httpcfg query iplisten and that was set to the internal ip.
Sorry for the long message...I wanted to get in all the background. I hope you can direct me to the solution. Thank you very much,
Jenna Stiles

Hi Jenna,

Thanks! I think part of the problem is that OWA is on the ISA box; that is quite a different setup and its done a lot differently. I included the instructions in the ISA Server and Beyond book, but I do need to get that info on the Web site. I'll definitely make that a priority.

Thanks!
Tom

(in reply to tshinder)
Post #: 11
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 29.Jan.2004 1:56:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by flepage:
HI TOM

I want to know if I can use Exchange 5.5 with your scenario ?

Hi Flepage,

Not sure. I've never published an Exchange 5.5 site, so it might work the same, might work differently. Give it a try and let us know!

Thanks!
Tom

(in reply to tshinder)
Post #: 12
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 29.Jan.2004 3:06:00 PM   
nifita

 

Posts: 4
Joined: 27.Jan.2004
Status: offline
Thank you for your response, Tom. Yes, OWA is on the ISA box. I will keep an eye out for information on this on your website. I am very interested in your book, as well, but if there's a chance I can get this information on your website sooner than I can order the book, I would greatly appreciate your letting me know.
Thank you very much for your time!
Jenna

(in reply to tshinder)
Post #: 13
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 30.Jan.2004 5:31:00 AM   
TimTrace

 

Posts: 119
Joined: 31.Oct.2001
From: St. Louis MO
Status: offline
Tom,

I'm wondering if I could set up my ISA Server as a SMTP relay, then install GFI Mail Security, and Mail Essentials on the ISA box...

1st, will it work, and what hoops might I have to jump through?

2nd, will I create any gaping security holes?

Thanks,

Tim ==

(in reply to tshinder)
Post #: 14
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 30.Jan.2004 11:54:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by nifita:
Thank you for your response, Tom. Yes, OWA is on the ISA box. I will keep an eye out for information on this on your website. I am very interested in your book, as well, but if there's a chance I can get this information on your website sooner than I can order the book, I would greatly appreciate your letting me know.
Thank you very much for your time!
Jenna

Hi Jenna,

The major issues are disabling socket pooling for the Exchange Services, esp the secure bindings pooling problem. Also, you need to bind the addresses on the internal interface to the sites.

There are some other issues, which I outlined in the book. I recommend you test the setup in VMware before you try it on your own production machine, to see where the problems might be.

HTH,
Tom

(in reply to tshinder)
Post #: 15
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 30.Jan.2004 11:55:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by TimTrace:
Tom,

I'm wondering if I could set up my ISA Server as a SMTP relay, then install GFI Mail Security, and Mail Essentials on the ISA box...

1st, will it work, and what hoops might I have to jump through?

2nd, will I create any gaping security holes?

Thanks,

Tim ==

Hi Tim,

That's a pretty good config. I'm not aware of any security risks with the GFI products, and I've used that config in a number of sites without probelms.

HTH,
Tom

(in reply to tshinder)
Post #: 16
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 29.Feb.2004 5:54:00 PM   
jdavalos

 

Posts: 1
Joined: 29.Feb.2004
Status: offline
Hello, Mr. Shinder. I write you from Per∑. I really thank you for your very useful and clear help.

I've tried to implement the solution of the two articles of the topic, and it didn't work.
My scenario is:
1. ISA over Win2000 (IIS 5).
2. Exchange Server 2000 on other server.
3. I have my email server published through the ISA (Server Publishing Rules -SPR-).
Then, for install and run the SMTP Service, I had to disable the SPR that publishes SMTP Server. Only when I did it, the SMTP Service ran.
When I type, at the Command Prompt (folder Inetpub\AdminScripts):
adsutil.vbs set /smtpsvc/1/DisableSocketPooling 1

it returns:
ErrNumber: -2147463162 (0x80005006)
Error Trying To SET the Property: DisableSocketPooling

Later, I did everything of the articles, and the result is that I don't receive emails, I only can send. Obviously, I changed my SPR of the SMTP Server to the internal IP of the ISA Server.

Could you help me, please? I really want to apply the solution on my network, it's very useful.

Thank you.

(in reply to tshinder)
Post #: 17
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 31.Mar.2004 8:03:00 AM   
jdclipper

 

Posts: 2
Joined: 31.Mar.2004
Status: offline
Hi Tom... having problems getting the SMTP filter to work correctly. I have ISA on Win2003 on one box and Exch 20003/Win2003 on another. I think I've followed your instructions but the filter does not stop messages for which I have specific keywords identified. Any troubleshooting hints? I can send/receive email fine so I'm pretty sure the relay is working fine. I have also tried using the Secure Email wizard to setup the SMTP publishing rule and get the following error message "The SMTP server is on the ISA Server computer. Therefore, the message screener will not filter messages as they are configured on the Commands property sheet of the SMTP filter." Thoughts? TIA!

(in reply to tshinder)
Post #: 18
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 5.Apr.2004 7:10:00 AM   
jdclipper

 

Posts: 2
Joined: 31.Mar.2004
Status: offline
All-

Here∆s my resolution to my own problem. I had to uninstall and reinstall the Win2003 ISA fix. It had been previously installed so I assumed there was no reason to reinstall. However, this was the change that caused the message screener to start working.

Now... having successfully enabled the filter, I cannot get an Outlook Express client to authenticate. I've installed SP1 and FP1 and the AUTH command in the SMTP commands... still no joy. If anyone has any experience with getting this to work I'd appreciate the insights. Thanks again.

(in reply to tshinder)
Post #: 19
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 5.Apr.2004 11:47:00 AM   
greg.marr@panthers.com.au

 

Posts: 2
Joined: 5.Apr.2004
Status: offline
Hi Tom

I posted the thread prior to this one and was just checking to see if anyone had replied to mine when I saw this one. Coincidentally, this procedure will resolve my issue and will give me additional spam blocking capabilities. Thankyou very much!

I have not implemented this yet but am looking forward to getting to work tomorrow so that I can do so.

One thing though...haven't I seen posts from you (amongst others) in the past that strongly recommend against installing anything other than ISA on the ISA server??? Has something changed to make installing IIS on the ISA server acceptable all of a sudden?

By the way, thanks very much for an awesome resource. This is without doubt the best planning/troubleshooting resource I have seen for ANY MS product!

Greg

(in reply to tshinder)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Discussion for Parts 1 and 2 of spam whacking SMTP Relay articles Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts