Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion for Parts 1 and 2 of spam whacking SMTP Relay articles
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.Apr.2004 12:17:00 AM
|
|
|
HBarker
Posts: 20
Joined: 10.Apr.2004
From: Las Vegas, NV
Status: offline
|
I just followed these steps exactly for exchange 5.5 it worked great for me.
Thanks Tom just the filtering of the .scr exe pifs etc will increase the performance of my exchange server. As an added by product my email gets scanned an extra time to boot.
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.Apr.2004 4:10:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Heath:
I just followed these steps exactly for exchange 5.5 it worked great for me.
Thanks Tom just the filtering of the .scr exe pifs etc will increase the performance of my exchange server. As an added by product my email gets scanned an extra time to boot.
Hi Heath,
Thanks! Hope to see you at TechEd.
Tom
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.Apr.2004 4:14:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by JosT Dßvalos:
Hello, Mr. Shinder. I write you from Per·. I really thank you for your very useful and clear help.
I've tried to implement the solution of the two articles of the topic, and it didn't work.
My scenario is:
1. ISA over Win2000 (IIS 5).
2. Exchange Server 2000 on other server.
3. I have my email server published through the ISA (Server Publishing Rules -SPR-).
Then, for install and run the SMTP Service, I had to disable the SPR that publishes SMTP Server. Only when I did it, the SMTP Service ran.
When I type, at the Command Prompt (folder Inetpub\AdminScripts):
adsutil.vbs set /smtpsvc/1/DisableSocketPooling 1
it returns:
ErrNumber: -2147463162 (0x80005006)
Error Trying To SET the Property: DisableSocketPooling
Later, I did everything of the articles, and the result is that I don't receive emails, I only can send. Obviously, I changed my SPR of the SMTP Server to the internal IP of the ISA Server.
Could you help me, please? I really want to apply the solution on my network, it's very useful.
Thank you.
Hi Jose,
The problem is that you weren't able to disable socket pooling. I don't believe there is a space between set and the rest of the line, but I'll have to double check.
HTH,
Tom
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.Apr.2004 4:15:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by jdclipper:
All-
HereÆs my resolution to my own problem. I had to uninstall and reinstall the Win2003 ISA fix. It had been previously installed so I assumed there was no reason to reinstall. However, this was the change that caused the message screener to start working.
Now... having successfully enabled the filter, I cannot get an Outlook Express client to authenticate. I've installed SP1 and FP1 and the AUTH command in the SMTP commands... still no joy. If anyone has any experience with getting this to work I'd appreciate the insights. Thanks again.
Hi JD,
Is the SMTP server a member of the domain? What error do you see in the SMTP log and the client?
Thanks!
Tom
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 14.Apr.2004 10:16:00 PM
|
|
|
HBarker
Posts: 20
Joined: 10.Apr.2004
From: Las Vegas, NV
Status: offline
|
I am noticing that the .pif .scr files I have in the smtp filter aren't actually getting blocked for some reason. They seem to be squeeking through and antigen is nailing them. I have tested the keyword filter and its working fine. Any ideas?
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 5.May2004 6:32:00 PM
|
|
|
zerowolf
Posts: 2
Joined: 29.Apr.2004
Status: offline
|
Hi, I have an isa server acting as a firewall & caching engine. It is the only public thing on the network. The Web/Mail server sits behind it. The isa server has rules for forwarding mail and web to the internal mail server. Which works fine right now. I am trying to implement smtp content filtering for both attachments and keywords. It won't work. I have enabled it, I have followed the tutorials, still nothing. I have even enabled the smtp engine on the isa server, and then had it forward mail to the internal mail server. Still wouldn't work! Could someone help me??
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 10.May2004 10:27:00 AM
|
|
|
BBQPM
Posts: 2
Joined: 10.May2004
Status: offline
|
quote:
Originally posted by zerowolf:
Hi, I have an isa server acting as a firewall & caching engine. It is the only public thing on the network. The Web/Mail server sits behind it. The isa server has rules for forwarding mail and web to the internal mail server. Which works fine right now. I am trying to implement smtp content filtering for both attachments and keywords. It won't work. I have enabled it, I have followed the tutorials, still nothing. I have even enabled the smtp engine on the isa server, and then had it forward mail to the internal mail server. Still wouldn't work! Could someone help me??
First of all, I would like to thank the author for his time, and in return, I hope I can help the forum.
You might want to confirm that this registry key registered.
HKEY_CLASSES_ROOT\CLSID\{4F2AC0A5-300F-4DE9-821F-4D5706DC5B32}
If you can't find it in the registry, you need to reinstall smtp screen even if the check box in the isa installation says it's installed.
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 10.May2004 1:01:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi BBQPM,
Thanks! Nice tip.
Tom
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 10.May2004 8:10:00 PM
|
|
|
zerowolf
Posts: 2
Joined: 29.Apr.2004
Status: offline
|
If I have any isa service packs or feature packs installed? Do I need to uinstall them before I re-install the screener? My second question is , do I have to have the smtp engine on the isa server forwarding mail to the internal mail server, or if i have it sending all requests to the internal mail server with out running smtp on the isa server, will that work?
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 11.May2004 12:52:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi ZW,
The Message Screener requires the SMTP service; the SMTP filter works on all incoming SMTP connections moving through an SMTP Server Publishing Rule.
HTH,
Tom
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 11.May2004 9:01:00 PM
|
|
|
matr8er
Posts: 16
Joined: 11.Jun.2003
Status: offline
|
I have published an Exchange 5.5 server behind ISA 2000 and have the smtp filter working. A lot of spam is sitting in the queue folder of the smtp server and it finally gives me a non delivery report. All of them or destined for our domain and the email addresses are correct. I thought it was because they were mime format, but some aren't mime. I have the ISA with SMTP setup just like what is in the articles. What is going on here? Any help would be appreciated. Thanks.
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 12.May2004 1:44:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi matr8er,
It sounds like the remote domains aren't quite right on the SMTP relay machine. Make sure they are pointing to the IP address of the SMTP server on the internal network.
HTH,
Tom
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 12.May2004 5:44:00 PM
|
|
|
matr8er
Posts: 16
Joined: 11.Jun.2003
Status: offline
|
quote:
Originally posted by tshinder:
Hi matr8er,
It sounds like the remote domains aren't quite right on the SMTP relay machine. Make sure they are pointing to the IP address of the SMTP server on the internal network.
HTH,
Tom
I double checked the remote domain and it is set to forward all mail to smart host and there I have [123.123.123.12] (not actual address). The ip address is the internal address for the exchange server. Thanks for the help so far!
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.May2004 12:02:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi matr8er,
Are you sure the spam is destined to one of your remote domains? Check the SMTP log to see what the actual domains are that the messages are being sent to.
HTH,
Tom
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.May2004 3:26:00 PM
|
|
|
matr8er
Posts: 16
Joined: 11.Jun.2003
Status: offline
|
I've found out that it actually is a problem with exchange. This is from the error text file in the NDR:
Diagnostic-Code: smtp;554 5.6.1 Body type not supported by Remote Host
The remote host being our Exchange 5.5 server. Is there a way around this? Correct me if I'm wrong but Exchange 5.5 doesn't support 8bit mime right? I think that is what is going on here. What do you think?
[ May 13, 2004, 10:39 PM: Message edited by: matr8er ]
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 15.May2004 3:40:00 PM
|
|
|
costanza
Posts: 6
Joined: 30.Apr.2003
Status: offline
|
Hi there Tom,
Just a quick question... When adding in rejected domains for your SMTP Filter Properties can you use wildcards like *.ru or *.ch to block all email from russia and China?? Also can you use an IP addresses in there rather then the Domain name to block a spamming IP address?? Ok, that's 2 questions, sorry...
Thanks for your help!
|
|
|
|
|
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 27.May2004 1:57:00 AM
|
|
|
Rutger_Diehard
Posts: 4
Joined: 31.Jan.2004
From: Devon England
Status: offline
|
Hi Tom
Another quick question... When a mail is received by the relay and forwards it onto the internal Exchange box, the relay replies to the sending server:
code:
< 220 FQDN.of.relay.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at Thu, 27 May 2004 00:35:53 +0100
> HELO edit.dnsvr.com
< 250 FQDN.of.relay.com Hello [127.0.0.1]
The reply will always come from the loopback address 127.0.0.1 as I suppose we are server publishing the internal interface. Is there any way of showing the sending server's IP address in the reply from the relay? It would be nice for them to see we at least have their real address!
Thanks in advance
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Frown]](/image/smiles/frown.gif)
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - ![[Mad]](/image/smiles/mad.gif)
And also if it is a virus such as Netsky which modifies the domain name in the headers we can't tell where it came from at all. I think I'll be buying the book, but I would like to know if this is possible. Thanks.
