Message screening design

Message screening design (Full Version)

All Forums >> [ISA Server 2000 General] >> Server Publishing

Message

GregF -> Message screening design (15.Jul.2002 8:48:00 PM)
I have an environment that has several email domains behind an ISA firewall. I am currently publishing the mail servers through the firewall. I bind an external IP address and create an MX record for the domain that resolves to that IP address. Then I publish to the appropriate internal address. During the original implementation I did not implement message screening, as I did not know how it would impact the different mail systems. I now want to enable message screening. I have built a separate Windows 2000 server and installed the SMTP service and installed the message-screening component. I would like to test with a non-production domain. It appears to me that enabling the SMTP filter on the firewall will cause ALL SMTP traffic to be routed to the new server where the SMTP service/message screening component is installed, and that publishing the servers is no longer appropriate. Can anyone confirm that?

tshinder -> RE: Message screening design (15.Jul.2002 9:50:00 PM)
Hi Greg, The SMTP filter will examine all SMTP traffic for buffer overflows, but it will not expose all SMTP message traffic to the Message Screener unless you forward all that traffic to the same SMTP relay on the internal network on which you're running the Message Screener. HTH, Tom

GregF -> RE: Message screening design (15.Jul.2002 10:29:00 PM)
So I would leave the mail server publishing rules in place but change the internal destination (or not if so desired) to point to the intermediate box that has the message screener installed? It was not clear to me from the article on the web site or your book if there was some special communication between the ISA box and the box with the message screener component (that provided routing of the SMTP traffic). Also, all domains routed through the intemediate box will be subject to the same rules. I could forsee one domain wanting a more or less restrictive policy.

Page: [1]