Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Pop3 rule not working.
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Pop3 rule not working. - 7.Nov.2006 5:03:25 AM
|
|
|
rover
Posts: 66
Joined: 2.May2006
Status: offline
|
Hi guys
I've created the pop3 rule before to go through the ISA server 2006 Standard Edition and it works.
I've install a new ISA server 2006 Standard edition on one of the servers, I've published the server and used pop3 server protocol.
In the TO tab I've selected that the requests comes from the ISA server to the mail server.
If I try to connect to the mail server through the ISA server the ISA server monitoring shows me that it's being blocked by the Default ISA rule, it ignores the rule I've created completely.
Can you help me please!!
|
|
|
|
|
RE: Pop3 rule not working. - 7.Nov.2006 2:54:24 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi rover,
Is the mail server configured as a SecureNAT client?
Do you test from a location external to the ISA Server?
What's the result of the command 'fwengmon /c' on the ISA Server?
HTH,
Stefaan
|
|
|
|
|
RE: Pop3 rule not working. - 8.Nov.2006 1:10:12 AM
|
|
|
rover
Posts: 66
Joined: 2.May2006
Status: offline
|
Hi Stefaan
Thanks for the replay.
I'm not sure if the mail server is a secure NAT server how can I check that or configure the server as one?
I've tested the pop3 from an external source, gave me an error unable to contact server.
How do I use the "fwengmon /c" command, I've tried it in the command prompt.
Sorry for all the questions but I'm a bit new to the technical stuff of the ISA server.
Thanks
Rover
|
|
|
|
|
RE: Pop3 rule not working. - 8.Nov.2006 5:27:11 AM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Rover,
quote:
I'm not sure if the mail server is a secure NAT server how can I check that or configure the server as one?
Check out Jim Harrison’s excellent articles over at http://www.isaserver.org/Jim_Harrison/.
quote:
How do I use the "fwengmon /c" command, I've tried it in the command prompt.
Check out Firewall Kernel Mode Tool for ISA Server 2006.
HTH,
Stefaan
|
|
|
|
|
RE: Pop3 rule not working. - 8.Nov.2006 9:09:48 AM
|
|
|
rover
Posts: 66
Joined: 2.May2006
Status: offline
|
Hi
I've made the mail server a secure NAT client but still nothing.
The strange thing is that the same mail server goes through a differant gateway than the firewall the pop3 is configured on.
the output of the command fwengmon /c:
4 port 25 connections to the mail server
4 port 110 connections to the mail server
1 port 80 connection to the mail server = this one works
It tells me that the Default Domain policy is stopping the connection.
It's not even picking up the pop3 policy I configured.
|
|
|
|
|
RE: Pop3 rule not working. - 8.Nov.2006 9:25:45 AM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Rover,
quote:
The strange thing is that the same mail server goes through a differant gateway than the firewall the pop3 is configured on.
Please, give us full details of your network layout! An 'ipconfig /all' on the ISA server and the Mail server could be very useful.
HTH,
Stefaan
|
|
|
|
|
RE: Pop3 rule not working. - 9.Nov.2006 7:05:05 AM
|
|
|
rover
Posts: 66
Joined: 2.May2006
Status: offline
|
The ipconfig /all on the mail server:
ip: 192.168.123.25
s/n: 255.255.255.0
g/w: 192.168.123.57
dns: 192.168.123.150 = domain controller
ISA Server Firewall 2006 Standard Edition:
ip: 192.168.123.57
s/n: 255.255.255.0
g/w: outside ip address
dns: outside ip address
We have 3 firewalls, 2 ISA firewalls and 1 ipcop firewall.
!!!!!!!!!The current configuration on the same mail server is:!!!!!!!!!
ip: 192.168.123.25
s/n: 255.255.255.0
g/w: 192.168.123.59 = ipcop firewall
dns: 192.168.123.150 = domain controller
the pop3 is hosted by the ISA server with the .57 ip and the policy works fine even if the default g/w isn't the ISA server in the Mail server.
everything works!!!
I want to put a new ISA server in the current ISA servers place, and then the problems begins.
< Message edited by rover -- 9.Nov.2006 7:06:24 AM >
|
|
|
|
|
RE: Pop3 rule not working. - 9.Nov.2006 2:51:47 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Rover,
quote:
ISA Server Firewall 2006 Standard Edition:
ip: 192.168.123.57
s/n: 255.255.255.0
g/w: outside ip address
dns: outside ip address
Is that all you have for the ISA server? So, only one NIC?
HTH,
Stefaan
|
|
|
|
|
RE: Pop3 rule not working. - 10.Nov.2006 1:48:05 AM
|
|
|
rover
Posts: 66
Joined: 2.May2006
Status: offline
|
Hi
No I have 2 nics the other nic is all public ip's (outside ip's)
|
|
|
|
|
RE: Pop3 rule not working. - 13.Nov.2006 1:38:31 AM
|
|
|
rover
Posts: 66
Joined: 2.May2006
Status: offline
|
Hi Stefaan
Made the changes.
Only one g/w, on the external interface.
Dns made it the internal DNS server on the internal interface.
Internal interface:
2 ip's on the 1 card : 192.168.123.157
192.168.123.156
no g/w
dns ( internal dns server ) : 192.168.123.150
192.168.123.151
ISA server External interface:
2 ip's on the 1 card : 196.36.136.181
196.36.136.178
g/w: 196.36.136.177
dns : 168.210.2.2.
196.14.239.2
Tried the mail server and stil nothing the ISA server tells me blocked by the default policy, there is a pop3 policy in the ISA server and the output of the command fwengmon /c:
4 port 25 connections to the mail server
4 port 110 connections to the mail server
|
|
|
|
|
RE: Pop3 rule not working. - 13.Nov.2006 2:31:54 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Rover,
quote:
ISA server External interface:
2 ip's on the 1 card : 196.36.136.181
196.36.136.178
g/w: 196.36.136.177
dns : 168.210.2.2.
196.14.239.2
Don't specify *any* DNS server on the ISA external interface for optimum performance. Just configure those DNS servers as forwarders in your internal DNS server and make sure the internal DNS servers can resolve external FQDN's.
Can you give as the *exact* details of:
- the POP3 server publishing rule.
- the output of the fwengmon /C command.
- the full (all fields) ISA logging of the attempt to access the POP3 server.
HTH,
Stefaan
|
|
|
|
|
RE: Pop3 rule not working. - 14.Nov.2006 1:55:11 AM
|
|
|
rover
Posts: 66
Joined: 2.May2006
Status: offline
|
Hi Stefaan
Pop3 Publishing rule:
General: Name - POP3 Server rule
Enable
Action: Allow
Traffic: Pop3Server
From: Anywhere
To: 192.168.123.25 (mail server)
Requests appear to come from the ISA server Computer
Networks: External, Internal, Local Host, All Networks
Schedule: Always
fwengmon /C command
ID
4 TCP(6) 0.0.0.0 192.168.123.25:110 No
5 TCP(6) 0.0.0.0 192.168.123.25:110 No
3 TCP(6) 0.0.0.0 192.168.123.25:110 No
2 TCP(6) 0.0.0.0 192.168.123.25:110 No
Log: Monitoring
Client ip: 200.36.12.59
Destination ip: 196.36.136.178:110
Protocol: Pop3
Action: Denied [Enterprise] Default rule 0xc004000dFWX_E_Policy Rules Denied
|
|
|
|
|
RE: Pop3 rule not working. - 14.Nov.2006 3:06:50 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi rover,
in the Networks tab of the POP3 Server publishing rule you should only select the External interface or maybe even better only one IP address belonging to that interface.
HTH,
Stefaan
|
|
|
|
|
RE: Pop3 rule not working. - 15.Nov.2006 9:44:19 AM
|
|
|
rover
Posts: 66
Joined: 2.May2006
Status: offline
|
hi Stefaan
I've selected the ip for the external interface and still nothing, do you think it will make a differance if you select External and not anywhere because. I've installed the ISA server on another server and set the same settings in the policy and the same problem.
I have no idea what is causing the problem, as I said we have a identical ISA 2006 firewall server in production and everything is working fine.Everthing is exactly the same but if I shut down the one and bring up the new one the pop3 rule doesn't want to work, everthing else works.
|
|
|
|
|
RE: Pop3 rule not working. - 15.Nov.2006 2:14:08 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi rover,
again, can you give as the *exact* details of the output of the fwengmon /C command after the configuration changes?
What does fwengmon /C gives when you delete the POP3 publishing rule? No listener on TCP port 110 should be shown.
What happens if you recreate the POP3 Server publishing rule?
HTH,
Stefaan
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
