When an incoming Email is received by the Server, MailWarden initiates a connection to an Internet Realtime Spam Checking Service by HTTP (on Port 80) and checks whether or not the Email is Spam or not.
This is where the problem lies.
The Email is coming in fine, however, ISA is denying access to the required site.
The logs show that this connection is being denied, however, no Rule is being shown as the reason why.
The only thing I can think of is that ISA listens for requests on Port 8080 and MailWarden uses Port 80 (which is not configurable).
Is there an easy and quick way to change ISA over to Port 80?
ISA also broadcasts Automatic Discovery information on Port 80. Would I need to change the Port here too to avoid conflicts?
Also, would I need to change the settings for the Firewall Client installed on my Internal Network.
RE: ISA listens on Port 8080 but program uses Port 80 - 1.Jun.2005 8:27:00 AM
What web browser port settings do your user's have on their workstations and are there are other systems that can access the Internet successfully via port 8080?
Depending on the answer to the above question you could try one of the two things, the first is probably the safer out of the two
1) Create a user defined HTTP Protocol (e.g. HTTP-KC) with port parametes set to 80. Also create a Server/Workstation with the IP address of Server that is getting Access Denied.
Then setup a new Firewall rule using the above parameters going to your external source.
2) ONLY DO THIS IF ALL YOUR HTTP TRAFFIC is to use the same port. Amend your proxy settings for the internal network so that port 80 is used instead of 8080. This is done by going to configuration, networks and properties of the internal network and then the Web Proxy tab. AMENDING this will change the port for the HTTP protocol for anything that goes through the FW using HTTP
You mentioned that you have an ALL open rule configured on your ISA BOX ... Does that rule have authentication configured ? if yes... create a HTTP rule with the ALL users group (instead of ALL authenticated group) .. place this rule above your ALL open rule.