Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Server Publishing my Exchange 2000 Server
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Server Publishing my Exchange 2000 Server - 25.Apr.2002 6:39:00 PM
|
|
|
Xuser
Posts: 205
Joined: 29.Jan.2002
From: Canada
Status: offline
|
Hi all. When it comes to Server Publishing, I'm new at this game. Pls guide me if you can.
I have two Win2k Server DCs and one ISA Server in a test environment.
-- ISA Server has two NICs: 1 internal and 1 external connected to our ISP via cable modem.
-- One of our Win2k DCs, also running DNS and Exch2000 server.
Why do I need to publish my Exchange 2000 Server? If I have to publish my Exch2000 Server, do I still need an A and an MX records?
Pls advise.
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 27.Apr.2002 10:32:00 PM
|
|
|
Xuser
Posts: 205
Joined: 29.Jan.2002
From: Canada
Status: offline
|
Hi Stefaan. Yes, I have bought Tom's book and it was helpful in many areas.
Something I should mentioned is that we can receive and send external e-mails (Internet mails), not problem. When you said to allow our Exchange to handle our external maildomain, I don't quite understand.
After some reading and researching, here is what I think the differences between publishing and not are:
1. In order for an external client to use an MAPI client, such as Outlook to directly access our Exchange server, we have to Publish our Exchange SMTP server, correct?
2. Since our Exchange Server already have both an A and MX records, and we are sending/receiving internet e-mails, we don't have to Publish our Exchange Server correct?
Pls advise, thanks!
|
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 28.Apr.2002 3:19:00 AM
|
|
|
Xuser
Posts: 205
Joined: 29.Jan.2002
From: Canada
Status: offline
|
Hi Stefaan.
You said: "If you already use Exchange for mail to/from the Internet (external maildomain), then you must have the SMTP connector operational on Exchange and published it directly on ISA or through the SMTP filter / Message screener. Otherwise the mail isn't going through ISA."
No, we did not publish any server at all. Not even the Msg Screener which is what I want to get it going. But first, I have to understand how our Exch5.5 is able to send/receive mail without us publishing it. This is what I don't understand how come our Exchange5.5 Server is able to send/receive internet mail. Our ISA Server firewall is the only gateway to the outside world.
When I have the SMTP Server published, with the internal IP pointing to our IIS 5 SMTP virtual server and external IP pointing to our external NIC of ISA Server, our Exchange Internet Mail Service will not start.
All I wanted to do is to get the Message Screener working ;-((
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 28.Apr.2002 11:27:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Tom,
very nice article (as usual). Although I'm not yet completely convinced that the security can be enforced from the central site, I'll definitely look further into it.
Thanks,
Stefaan
|
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 28.Apr.2002 11:41:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Xuser,
I agree with you that you will have to find out first how the exchange server can send/receive mail from the Internet. If it is going through the ISA (what seems to be the case) you should be able to trace that back. Have you already looked in the ISA log files? You should find there something related to the mail to/from the Internet. Otherwise it's time to get a Network Monitor and take some traces.
BTW --- W2K server includes already a Network Monitor utility. You can also get a free one like Ethereal. Check out http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=14;t=000062 .
HTH,
Stefaan
|
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 29.Apr.2002 3:24:00 PM
|
|
|
Xuser
Posts: 205
Joined: 29.Jan.2002
From: Canada
Status: offline
|
Yes, I think I will start a trace and see what I can find. In the meantime, here's another thing I think might help you or anyone else help me solve this mystery.
My external IP of our cable modem's DNS is <our server name>.<MyDomain>.com.
Do you think that because our Server name is part of our domain name that is has anything to do with us not having to publish our Exchange 5.5 Server?
|
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 29.Apr.2002 10:48:00 PM
|
|
|
Xuser
Posts: 205
Joined: 29.Jan.2002
From: Canada
Status: offline
|
Ok, I have not perform any trace yet but here's what I found out.
-- There were two .ini files: wspcfg.ini which has port 25 bind to it. I found out this was input by one of our IT person who has left. We used to have a Proxy Server 2.0 and I guess this .ini files were in place to allow the outside world to see our Exchange 5.5 Server. In other words, it was published using the .ini files.
|
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 29.Apr.2002 11:16:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Stefaan,
What are you concerns regarding security for this solution? I can test any thing you might be worried about and see if there is a potential security risk.
Thanks!
Tom
quote:
Originally posted by spouseele:
Hi Tom,
very nice article (as usual). Although I'm not yet completely convinced that the security can be enforced from the central site, I'll definitely look further into it.
Thanks,
Stefaan
|
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 29.Apr.2002 11:19:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Xuser,
aha... that's indeed the proxy 2.0 type of publishing. So, the firewall or msproxy client is running on the Exchange server. Correct?
OK, do a 'netstat -an' on ISA and you should find a listener on TCP port 25 on the IP-address of the external interface of ISA. Correct?
Next, you'll have to decide what you want to do. The simplest thing is 'converting' the proxy 2.0 type of publishing to the new ISA type of publishing. Is that what you first want to do?
BTW --- just deleted my previous post because it crossed yours and made mine obsoleted.
HTH,
Stefaan
|
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 30.Apr.2002 3:32:00 AM
|
|
|
Xuser
Posts: 205
Joined: 29.Jan.2002
From: Canada
Status: offline
|
Yes Stefaan. That was the Proxy 2.0 type of publishing. I was able to get my IIS 5 SMTP virtual server to accept mail from the outside world for my Exchange 5.5 server. I renamed the two "wspcfg.ini" files and rebooted the Exchange server. Mail server publishing was also enabled on the ISA Server. So sending/receiving internet mail is working. However, I'm not able to filter out my attachments ;-(( with the SMTP filter enabled. I wonder what is wrong now??? ;-((
quote:
Originally posted by spouseele:
Hi Xuser,
aha... that's indeed the proxy 2.0 type of publishing. So, the firewall or msproxy client is running on the Exchange server. Correct?
OK, do a 'netstat -an' on ISA and you should find a listener on TCP port 25 on the IP-address of the external interface of ISA. Correct?
Next, you'll have to decide what you want to do. The simplest thing is 'converting' the proxy 2.0 type of publishing to the new ISA type of publishing. Is that what you first want to do?
BTW --- just deleted my previous post because it crossed yours and made mine obsoleted.
HTH,
Stefaan
|
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 30.Apr.2002 6:05:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Xuser,
I strongly advice to de-install the MS Proxy or Firewall client. In general, an internal server should be setup as a SecureNAT client only.
I see you are already active into another thread about the SMTP filter / Message screener. That's good because I have not much experience with this. I use always a Secure MailRelay from NAI in a DMZ scenario.
HTH,
Stefaan
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 30.Apr.2002 6:15:00 PM
|
|
|
Xuser
Posts: 205
Joined: 29.Jan.2002
From: Canada
Status: offline
|
Thanks Stefaan. We are implementing a DMZ zone soon with our Linux Firewall in front of our ISA Server firewall. I just want to get this Msg Screener to work soon because of so many of those unwanted attachments that comes in as well as those pesky W32/Klez@mm worms. Why not use a virus scan for mail servers? No budget ;-(( Only have desktop security for now.
If I don't get this working soon, I might try and install IIS 5 SMTP with Msg Screener onto our ISA Server instead. I know it is not a good idea but if I have to get it working this way, why not?
|
|
|
|
RE: Server Publishing my Exchange 2000 Server - 1.May2002 4:52:00 PM
|
|
|
Xuser
Posts: 205
Joined: 29.Jan.2002
From: Canada
Status: offline
|
Well Tom and Stefaan. I finally got the Msg Screener to work. I did several things but not sure exactly what was the culprit.
I ran dcomcnfg.exe on the ISA Server and also reinstalled ISA Server SP1.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Big Grin]](/image/smiles/biggrin.gif)
![[Wink]](/image/smiles/wink.gif)
