• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Postini and ISA 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Postini and ISA 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Postini and ISA 2006 - 9.Jun.2010 10:13:44 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
Hi,

I have been asked to add the following IP ranges to my ISA 2006 server in order for Postini to deliver email to my Exchange server:


Inbound port 25:

IP Range: 207.126.144.0 - 207.126.159.255
IP/Subnet Mask Pair: 207.126.144.0 / 255.255.240.0
CIDR Range: 207.126.144.0 / 20


I can't seem to get this right and all their tests are failing. Has anyone done this before who can assist?

Many thanks

Neil
Post #: 1
RE: Postini and ISA 2006 - 9.Jun.2010 10:27:09 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Hi Neil,

Use the Mail Server publishing wizard to create the necessary SMTP publishing rule as discussed here:

http://technet.microsoft.com/en-us/library/bb794751.aspx

Create a new computer set called 'Postini Mail Relays', edit the properties of this set, then add a subnet object for: 207.126.144.0 / 20

Once you have created the computer set, add the 'Postini Mail Relays' computer set to the From tab of your SMTP publishing rule.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to neilbarker)
Post #: 2
RE: Postini and ISA 2006 - 9.Jun.2010 10:58:56 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
Thanks Jason.

I have tried that and rerun the Postini tests. I still get the same result:

Error
Unable to send SMTP message test: 550 - MAIL FROM failed.
The email server is not available. Check your firewall or email server for settings that might be preventing delivery.

What else could be preventing this?

Thanks in advance.

(in reply to Jason Jones)
Post #: 3
RE: Postini and ISA 2006 - 9.Jun.2010 11:02:07 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Back to basics...can you telnet to port 25 on your mail server external address from an Internet host?

You will need to remove the Postini computer set from the "from" tab to do this...

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to neilbarker)
Post #: 4
RE: Postini and ISA 2006 - 9.Jun.2010 11:08:14 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
I cannot telnet at the moment as I am on a Windows 7 PC and do not have telnet (unless you know of a way to do it on 7)

Perhaps you could try for me - mailgate2.qccis.com

We are currently receiving email to our Mime Sweeper server that does our content filtering before it hits the Exchange server.

We are moving to Postini, but before we can I need to get the firewall sorted out.

Not sure if I am barking up the wrong tree here but do I need a new receive connector on my Exchange 2007 server?

Thanks

(in reply to Jason Jones)
Post #: 5
RE: Postini and ISA 2006 - 9.Jun.2010 11:10:45 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
Jason, in addition to the last post I already have a couple of mail server publishing rules in place.

Would they cause a conflict when I am testing?

(in reply to neilbarker)
Post #: 6
RE: Postini and ISA 2006 - 9.Jun.2010 11:24:26 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
I can telnet on port 25 successfully and my test email was accepted for delivery!

220 SMTP Relay
ehlo
250-qcc.co.uk
250-SIZE 31457280
250-ETRN
250-ENHANCEDSTATUSCODES
250-DSN
250-VRFY
250-AUTH
250 8BITMIME
mail from:jason.jones@silversands.co.uk
250 2.0.0 jason.jones@silversands.co.uk OK
rcpt to:test@qccis.com
250 2.0.0 test@qccis.com OK
data
354 Ready for data
test
.
250 2.0.0 Message received OK

Looks good to me...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to neilbarker)
Post #: 7
RE: Postini and ISA 2006 - 9.Jun.2010 11:27:02 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Do their tests work if you leave don't limit to their source IP addresses?

Are you sure they have given you the correct source IP addresses?

Error 550 normally means "cannot relay" so they are probably connecting but you need to define them as an allowed relay host or similar...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Jason Jones)
Post #: 8
RE: Postini and ISA 2006 - 9.Jun.2010 11:30:07 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
Yes that all works on the existing setup for email coming to ISA then being passed to Mimesweeper and then on to Exchange

What I can't get working is Postini's test email page. It allows you to test their connection to your mail server. So mail comes into ISA and then straight to Exchange - bypassing Mimesweeper (the aim is to get rid of the internal mimesweeper server and then replace with external Postini scanning).

(in reply to Jason Jones)
Post #: 9
RE: Postini and ISA 2006 - 9.Jun.2010 11:33:39 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
I originally created the SMTP publishing rule using ANY in the from tab and even this did not work.

I have had the IP's confirmed twice by email from 2 different support people so I guess they are correct.

I am sure I am missing something but can't put my finger on it.

Do you know where I should define them as allowed to relay?

Cheers

Neil

(in reply to neilbarker)
Post #: 10
RE: Postini and ISA 2006 - 9.Jun.2010 11:43:28 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
Found this in the ISA server app log:


The server publishing rule Postini Incoming SMTP Server, which maps 10.1.0.13:25:TCP to 188.220.57.67:25 for the protocol SMTP Server, was unable to bind a socket for the server. The server publishing rule cannot be applied.

Could it not bind a socket as port 25 is already in use?

(in reply to neilbarker)
Post #: 11
RE: Postini and ISA 2006 - 9.Jun.2010 11:48:33 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Are you trying to use multiple server publishing rules with the same address and port?

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to neilbarker)
Post #: 12
RE: Postini and ISA 2006 - 9.Jun.2010 11:51:15 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
I certainky was Jason.

I then disable the old one and enabled the new one and saw the follwing in the ISA app log:


A problem preventing application of the server publishing rule Postini Incoming SMTP Server that maps 10.1.0.13:25:TCP to 188.220.57.67:25 for the protocol SMTP Server was resolved. This rule was previously ignored.

Which told me the new rule had bound to port 25. I re ran the Postini test and my email came through.

Many thanks for all your assistance in helping me resolve this problem.

(in reply to Jason Jones)
Post #: 13
RE: Postini and ISA 2006 - 9.Jun.2010 5:37:03 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Cool, no problem!

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to neilbarker)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Postini and ISA 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts