• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Message screening design

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Message screening design Page: [1]
Login
Message << Older Topic   Newer Topic >>
Message screening design - 15.Jul.2002 8:48:00 PM   
GregF

 

Posts: 11
Joined: 17.Jul.2001
From: Battle Creek, MI
Status: offline 		I have an environment that has several email domains behind an ISA firewall. I am currently publishing the mail servers through the firewall. I bind an external IP address and create an MX record for the domain that resolves to that IP address. Then I publish to the appropriate internal address.

During the original implementation I did not implement message screening, as I did not know how it would impact the different mail systems.

I now want to enable message screening. I have built a separate Windows 2000 server and installed the SMTP service and installed the message-screening component. I would like to test with a non-production domain. It appears to me that enabling the SMTP filter on the firewall will cause ALL SMTP traffic to be routed to the new server where the SMTP service/message screening component is installed, and that publishing the servers is no longer appropriate.

Can anyone confirm that?
Post #: 1
RE: Message screening design - 15.Jul.2002 9:50:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Greg,

The SMTP filter will examine all SMTP traffic for buffer overflows, but it will not expose all SMTP message traffic to the Message Screener unless you forward all that traffic to the same SMTP relay on the internal network on which you're running the Message Screener.

HTH,
Tom

(in reply to GregF)
Post #: 2
RE: Message screening design - 15.Jul.2002 10:29:00 PM   
GregF

 

Posts: 11
Joined: 17.Jul.2001
From: Battle Creek, MI
Status: offline 		So I would leave the mail server publishing rules in place but change the internal destination (or not if so desired) to point to the intermediate box that has the message screener installed?

It was not clear to me from the article on the web site or your book if there was some special communication between the ISA box and the box with the message screener component (that provided routing of the SMTP traffic).

Also, all domains routed through the intemediate box will be subject to the same rules. I could forsee one domain wanting a more or less restrictive policy.

(in reply to GregF)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Message screening design Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts