• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion for Parts 1 and 2 of spam whacking SMTP Relay articles

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> RE: Discussion for Parts 1 and 2 of spam whacking SMTP Relay articles Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.Apr.2004 12:17:00 AM   
HBarker

 

Posts: 20
Joined: 10.Apr.2004
From: Las Vegas, NV
Status: offline
I just followed these steps exactly for exchange 5.5 it worked great for me.

Thanks Tom just the filtering of the .scr exe pifs etc will increase the performance of my exchange server. As an added by product my email gets scanned an extra time to boot.

(in reply to tshinder)
Post #: 21
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.Apr.2004 4:10:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Heath:
I just followed these steps exactly for exchange 5.5 it worked great for me.

Thanks Tom just the filtering of the .scr exe pifs etc will increase the performance of my exchange server. As an added by product my email gets scanned an extra time to boot.

Hi Heath,

Thanks! Hope to see you at TechEd.

Tom

(in reply to tshinder)
Post #: 22
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.Apr.2004 4:14:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by JosT DŖvalos:
Hello, Mr. Shinder. I write you from Per∑. I really thank you for your very useful and clear help.

I've tried to implement the solution of the two articles of the topic, and it didn't work.
My scenario is:
1. ISA over Win2000 (IIS 5).
2. Exchange Server 2000 on other server.
3. I have my email server published through the ISA (Server Publishing Rules -SPR-).
Then, for install and run the SMTP Service, I had to disable the SPR that publishes SMTP Server. Only when I did it, the SMTP Service ran.
When I type, at the Command Prompt (folder Inetpub\AdminScripts):
adsutil.vbs set /smtpsvc/1/DisableSocketPooling 1

it returns:
ErrNumber: -2147463162 (0x80005006)
Error Trying To SET the Property: DisableSocketPooling

Later, I did everything of the articles, and the result is that I don't receive emails, I only can send. Obviously, I changed my SPR of the SMTP Server to the internal IP of the ISA Server.

Could you help me, please? I really want to apply the solution on my network, it's very useful.

Thank you.

Hi Jose,

The problem is that you weren't able to disable socket pooling. I don't believe there is a space between set and the rest of the line, but I'll have to double check.

HTH,
Tom

(in reply to tshinder)
Post #: 23
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.Apr.2004 4:15:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by jdclipper:
All-

Here∆s my resolution to my own problem. I had to uninstall and reinstall the Win2003 ISA fix. It had been previously installed so I assumed there was no reason to reinstall. However, this was the change that caused the message screener to start working.

Now... having successfully enabled the filter, I cannot get an Outlook Express client to authenticate. I've installed SP1 and FP1 and the AUTH command in the SMTP commands... still no joy. If anyone has any experience with getting this to work I'd appreciate the insights. Thanks again.

Hi JD,

Is the SMTP server a member of the domain? What error do you see in the SMTP log and the client?

Thanks!
Tom

(in reply to tshinder)
Post #: 24
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 14.Apr.2004 10:16:00 PM   
HBarker

 

Posts: 20
Joined: 10.Apr.2004
From: Las Vegas, NV
Status: offline
I am noticing that the .pif .scr files I have in the smtp filter aren't actually getting blocked for some reason. They seem to be squeeking through and antigen is nailing them. I have tested the keyword filter and its working fine. Any ideas?

(in reply to tshinder)
Post #: 25
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 5.May2004 6:32:00 PM   
zerowolf

 

Posts: 2
Joined: 29.Apr.2004
Status: offline
Hi, I have an isa server acting as a firewall & caching engine. It is the only public thing on the network. The Web/Mail server sits behind it. The isa server has rules for forwarding mail and web to the internal mail server. Which works fine right now. I am trying to implement smtp content filtering for both attachments and keywords. It won't work. I have enabled it, I have followed the tutorials, still nothing. I have even enabled the smtp engine on the isa server, and then had it forward mail to the internal mail server. Still wouldn't work! Could someone help me??

(in reply to tshinder)
Post #: 26
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 10.May2004 10:27:00 AM   
BBQPM

 

Posts: 2
Joined: 10.May2004
Status: offline
quote:
Originally posted by zerowolf:
Hi, I have an isa server acting as a firewall & caching engine. It is the only public thing on the network. The Web/Mail server sits behind it. The isa server has rules for forwarding mail and web to the internal mail server. Which works fine right now. I am trying to implement smtp content filtering for both attachments and keywords. It won't work. I have enabled it, I have followed the tutorials, still nothing. I have even enabled the smtp engine on the isa server, and then had it forward mail to the internal mail server. Still wouldn't work! Could someone help me??

First of all, I would like to thank the author for his time, and in return, I hope I can help the forum.

You might want to confirm that this registry key registered.

HKEY_CLASSES_ROOT\CLSID\{4F2AC0A5-300F-4DE9-821F-4D5706DC5B32}

If you can't find it in the registry, you need to reinstall smtp screen even if the check box in the isa installation says it's installed.

(in reply to tshinder)
Post #: 27
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 10.May2004 1:01:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi BBQPM,

Thanks! Nice tip.

Tom

(in reply to tshinder)
Post #: 28
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 10.May2004 8:10:00 PM   
zerowolf

 

Posts: 2
Joined: 29.Apr.2004
Status: offline
If I have any isa service packs or feature packs installed? Do I need to uinstall them before I re-install the screener? My second question is , do I have to have the smtp engine on the isa server forwarding mail to the internal mail server, or if i have it sending all requests to the internal mail server with out running smtp on the isa server, will that work?

(in reply to tshinder)
Post #: 29
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 11.May2004 12:52:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi ZW,

The Message Screener requires the SMTP service; the SMTP filter works on all incoming SMTP connections moving through an SMTP Server Publishing Rule.

HTH,
Tom

(in reply to tshinder)
Post #: 30
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 11.May2004 9:01:00 PM   
matr8er

 

Posts: 16
Joined: 11.Jun.2003
Status: offline
I have published an Exchange 5.5 server behind ISA 2000 and have the smtp filter working. A lot of spam is sitting in the queue folder of the smtp server and it finally gives me a non delivery report. All of them or destined for our domain and the email addresses are correct. I thought it was because they were mime format, but some aren't mime. I have the ISA with SMTP setup just like what is in the articles. What is going on here? Any help would be appreciated. Thanks.

(in reply to tshinder)
Post #: 31
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 12.May2004 1:44:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi matr8er,

It sounds like the remote domains aren't quite right on the SMTP relay machine. Make sure they are pointing to the IP address of the SMTP server on the internal network.

HTH,
Tom

(in reply to tshinder)
Post #: 32
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 12.May2004 5:44:00 PM   
matr8er

 

Posts: 16
Joined: 11.Jun.2003
Status: offline
quote:
Originally posted by tshinder:
Hi matr8er,

It sounds like the remote domains aren't quite right on the SMTP relay machine. Make sure they are pointing to the IP address of the SMTP server on the internal network.

HTH,
Tom

I double checked the remote domain and it is set to forward all mail to smart host and there I have [123.123.123.12] (not actual address). The ip address is the internal address for the exchange server. Thanks for the help so far!

(in reply to tshinder)
Post #: 33
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.May2004 12:02:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi matr8er,

Are you sure the spam is destined to one of your remote domains? Check the SMTP log to see what the actual domains are that the messages are being sent to.

HTH,
Tom

(in reply to tshinder)
Post #: 34
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 13.May2004 3:26:00 PM   
matr8er

 

Posts: 16
Joined: 11.Jun.2003
Status: offline
I've found out that it actually is a problem with exchange. This is from the error text file in the NDR:

Diagnostic-Code: smtp;554 5.6.1 Body type not supported by Remote Host

The remote host being our Exchange 5.5 server. Is there a way around this? Correct me if I'm wrong but Exchange 5.5 doesn't support 8bit mime right? I think that is what is going on here. What do you think?

[ May 13, 2004, 10:39 PM: Message edited by: matr8er ]

(in reply to tshinder)
Post #: 35
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 15.May2004 3:40:00 PM   
costanza

 

Posts: 6
Joined: 30.Apr.2003
Status: offline
Hi there Tom,

Just a quick question... When adding in rejected domains for your SMTP Filter Properties can you use wildcards like *.ru or *.ch to block all email from russia and China?? Also can you use an IP addresses in there rather then the Domain name to block a spamming IP address?? Ok, that's 2 questions, sorry...

Thanks for your help!

(in reply to tshinder)
Post #: 36
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 16.May2004 9:19:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi costanza,

That's a good question. I haven't checked it out yet, but I suspect that wildcards aren't supported. [Frown]

HTH,
Tom

(in reply to tshinder)
Post #: 37
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 27.May2004 1:57:00 AM   
Rutger_Diehard

 

Posts: 4
Joined: 31.Jan.2004
From: Devon England
Status: offline
Hi Tom

Another quick question... When a mail is received by the relay and forwards it onto the internal Exchange box, the relay replies to the sending server:

code:
  
< 220 FQDN.of.relay.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at Thu, 27 May 2004 00:35:53 +0100
> HELO edit.dnsvr.com
< 250 FQDN.of.relay.com Hello [127.0.0.1]

The reply will always come from the loopback address 127.0.0.1 as I suppose we are server publishing the internal interface. Is there any way of showing the sending server's IP address in the reply from the relay? It would be nice for them to see we at least have their real address!

Thanks in advance

(in reply to tshinder)
Post #: 38
RE: Discussion for Parts 1 and 2 of spam whacking SMTP ... - 27.May2004 3:24:00 PM   
matr8er

 

Posts: 16
Joined: 11.Jun.2003
Status: offline
quote:
Originally posted by Rutger_Diehard:
Hi Tom

Another quick question... When a mail is received by the relay and forwards it onto the internal Exchange box, the relay replies to the sending server:

code:
  
< 220 FQDN.of.relay.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at Thu, 27 May 2004 00:35:53 +0100
> HELO edit.dnsvr.com
< 250 FQDN.of.relay.com Hello [127.0.0.1]

The reply will always come from the loopback address 127.0.0.1 as I suppose we are server publishing the internal interface. Is there any way of showing the sending server's IP address in the reply from the relay? It would be nice for them to see we at least have their real address!

Thanks in advance

I would also like to know if we can do this. I just started trying yesterday. I've tried reverse dns lookups, but they fail each time. In the past we have notified isps that they were sending us viruses, but now we will be unable to do that if the sending smtp server has a false Fully-Qualified Domain Name. [Mad] And also if it is a virus such as Netsky which modifies the domain name in the headers we can't tell where it came from at all. I think I'll be buying the book, but I would like to know if this is possible. Thanks.

(in reply to tshinder)
Post #: 39

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> RE: Discussion for Parts 1 and 2 of spam whacking SMTP Relay articles Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts