Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

inbound smtp port blocked

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Server Publishing >> inbound smtp port blocked Page: [1]
Login
Message << Older Topic   Newer Topic >>
inbound smtp port blocked - 15.Aug.2007 3:22:49 AM   
Nuz

 

Posts: 41
Joined: 9.Aug.2007
Status: offline 		My ISP blocks port 25 so I am getting my inbound smtp email via another port, however I have setup my exchange server to be published via ISA
but in the logs it is blocking my port 10024 and saying its unidentified. I can send emails perfectly but cant receive them because this port is being blocked.
How do I unblock it?

Thnks
Post #: 1
RE: inbound smtp port blocked - 16.Aug.2007 3:25:21 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Nuz,

open the SMTP server publishing rule, go to the tab Traffic and click on the Ports button. You can there override the default ports.

HTH,
Stefaan

(in reply to Nuz)
Post #: 2
RE: inbound smtp port blocked - 17.Aug.2007 7:30:40 AM   
Nuz

 

Posts: 41
Joined: 9.Aug.2007
Status: offline 		Hi I tried that but still not working.
it says in the log
Destination IP:192.168.1.200 <-- this is the external IP of my ISA
Destination Port:10025
Protocal : Unidentified IP traffic
Ation: Denied Connection
Rule: Default Rule
Client IP: 65.x.x.x <-- IP address of my mail ISP that is sending me inbound smtp mail on  different port because port 25 is blocked by my ISP.

I created a rule for a different smtp protocal instead of the smtp server and made it listen to port 10025,, but it fails ..
I also overrided the ports on the regular smtp server protocol but it blocked it also.

I am running out of things to try...it always seems to fall thru to the default rule which is the last rule.

Any help?

Thanks
Nuz

(in reply to spouseele)
Post #: 3
RE: inbound smtp port blocked - 17.Aug.2007 8:16:28 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Nuz,

verify with the 'fwengmon /C' command if a listener is effectively created by the ISA firewall engine. If not, check out the alerts and event viewer. There should be something in there indicating what is the cause. 

It might be necessary to restart the firewall service or even the ISA server if the TCP port 10025 is constantly occupied for outbound access.

HTH,
Stefaan

(in reply to Nuz)
Post #: 4
RE: inbound smtp port blocked - 17.Aug.2007 8:59:41 AM   
Nuz

 

Posts: 41
Joined: 9.Aug.2007
Status: offline 		i ran fwengmon and this is what it shows

ID          protocal        source            destination                                 one-shot
7078         tcp(6)           0.0.0.0:0         192.168.1.120:10025                NO
7079         tcp(6)           0.0.0.0:0        192.168..120:10025                  no
7075         udp(17)         0.0.0.0:0        192.168.1.120:10025               no
380           tcp(6)           192.168.1.61:0    192.168.1.50:10025              no

192.168.1.50 is my dns server
192.168.1.120   is my exchange server

The ip address of my exteral nic on my ISA server is 192.168.1.200 and I do not see a port being created for that. basically I do not see 192.168.1.200:10025

Could that be the problem?

Thanks

(in reply to spouseele)
Post #: 5
RE: inbound smtp port blocked - 17.Aug.2007 9:12:25 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Nuz,

quote:

192.168.1.50 is my dns server
192.168.1.120   is my exchange server

The ip address of my exteral nic on my ISA server is 192.168.1.200 and I do not see a port being created for that.

Wait a moment.. ISA should have at least two interfaces, an internal and an external one and they *must* be on different network ID's. That doesn't sound to be the case!

Can you post the result of the 'ipconfig /all' command on ISA and the exchange box?

HTH,
Stefaan

(in reply to Nuz)
Post #: 6
RE: inbound smtp port blocked - 17.Aug.2007 9:17:17 AM   
Nuz

 

Posts: 41
Joined: 9.Aug.2007
Status: offline 		I had an entry for my web server that works

id = 6
protocol = TCP(6)
source=0.0.0.0:0
destination = 192.168.1.200:80

so i tried to create another one just like the web but somehow it will not show up..
Can you tell me how to create one, I might be doing something wrong.

Thanks

(in reply to Nuz)
Post #: 7
RE: inbound smtp port blocked - 17.Aug.2007 9:24:14 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Nuz,

with the given info, it is very likely that your basic ISA networking setup is wrong. So, post the result of the 'ipconfig /all' command on ISA and the exchange box.

BTW --- take note there is a big difference between a web publishing and a server publishing rule.

HTH,
Stefaan

(in reply to Nuz)
Post #: 8
RE: inbound smtp port blocked - 17.Aug.2007 9:26:04 AM   
Nuz

 

Posts: 41
Joined: 9.Aug.2007
Status: offline 		here it is.


Windows IP Configuration
  Host Name . . . . . . . . . . . . : ZEUS
  Primary Dns Suffix  . . . . . . . : Denovo.local
  Node Type . . . . . . . . . . . . : Unknown
  IP Routing Enabled. . . . . . . . : Yes
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : Denovo.local

Ethernet adapter Internal:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Linksys EG1032 v3 Instant Gigabit Desktop
Network Adapter Driver
  Physical Address. . . . . . . . . : 00-18-F8-0F-2C-29
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.1.61
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :
  DNS Servers . . . . . . . . . . . : 192.168.1.50

Ethernet adapter External:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : 3Com 3C905TX-based Ethernet Adapter (Gene
ric)
  Physical Address. . . . . . . . . : 00-60-97-BA-70-9A
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.1.200
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  NetBIOS over Tcpip. . . . . . . . : Disabled

thanks

(in reply to spouseele)
Post #: 9
RE: inbound smtp port blocked - 17.Aug.2007 9:38:40 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Nuz,

aha... just what I was afraid of!

You must, I repeat *must* change your basic ISA networking configuration, otherwise it won't never work!

The network ID used on your internal network is 192.168.1.0/24. The network ID configured on your ISA external interface is also 192.168.1.0/24. So, I suggest you change the latter one. It's propably the easiest path to follow.

Your external interface also use private IPs, that means there is another NAT device in front of ISA. Correct? You'll have to change that box too so that it matches the *new* network ID of the ISA external interface.

HTH,
Stefaan

(in reply to Nuz)
Post #: 10
RE: inbound smtp port blocked - 17.Aug.2007 9:48:03 AM   
Nuz

 

Posts: 41
Joined: 9.Aug.2007
Status: offline 		ok, i have a cable modem router in front of the isa server

so i make the cable modem router ip 192.168.2.1
and then i change the external ip of my ISA to 192.168.2.200

Is that what u mean?

Thanks
Nuz

(in reply to spouseele)
Post #: 11
RE: inbound smtp port blocked - 17.Aug.2007 9:52:30 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Nuz,

yep, that would be a good solution because the new external network ID would be 192.168.2.0/24.

HTH,
Stefaan 

(in reply to Nuz)
Post #: 12
RE: inbound smtp port blocked - 17.Aug.2007 10:51:49 AM   
Nuz

 

Posts: 41
Joined: 9.Aug.2007
Status: offline 		Ok i will try that.

Are you going to be monitoring this forum on the weekend?
:)


thanks
Nuz

(in reply to spouseele)
Post #: 13
RE: inbound smtp port blocked - 18.Aug.2007 6:09:12 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Nuz,

maybe, maybe not...

After the reconfiguration I suggest you test first from a workstation connected to the ISA external subnet (192.168.2.0/24 in your case). You can use a simple 'telnet IP_address port' command for that.

HTH,
Stefaan

(in reply to Nuz)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Server Publishing >> inbound smtp port blocked Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts