Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - ISA Server Can't Redirect Ports - Help
  FAQ FAQ  Forum Search   Register Register  Login Login

ISA Server Can't Redirect Ports - Help
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
NJTackle View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote NJTackle Quote  Post ReplyReply Direct Link To This Post Topic: ISA Server Can't Redirect Ports - Help
    Posted: 07 January 2004 at 8:20am

I'm running Exchange 2000 behind ISA Server (Firewall).  Exchange is being published as a internal server on ISA.  All SMTP mail comes in through the ISA server and gets forwarded to the Exchange server.  Problem is ISA does not have the ability to redirect traffic to another port (i.e. port 26).  So, the scenario of having SPAMFilter listening on port 26 and then forwarding to port 25 of the mail server isn't possible.

Currently, I've gotten this setup to work with changing my server to port 26 and then SPAMFilter to port 25, but my forum boards that automatically send SMTP traffic to port 25 get stuck going through SPAMFilter, which you don't want (SPAMFilter shouldn't control outgoing mail).  The result - an error message saying RELAY e-mail not permitted (or something like that).  I guess this is because I have relay turned off on Exchange which I do NOT want to enable.

Any ideas on how to permit SPAMFilter to relay outgoing e-mail through itself?

Thanks in advance!

NJT
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 08 January 2004 at 12:10am

NJT,

SpamFilter is designed purposely not to being able to relay anywhere except to your own destination SMTP server. This was to avoid having it become an open relay and thus a source of Spam. It is also designed to handle incoming traffic only, not outgoing. Outgoing email should still be processed by your SMTP server.

This said, there are a couple of options that should work in your environment. 1st, if ISA can't perform port translation, you can configure SpamFilter to listen on port 25 of a different IP than your server. ISA forwards emails to SpamFilter on port 25, SpamFilter then forwards traffic to your Exchange also on port 25. I believe this is the simplest option since you do not need to change your Exchange IP or port, you're simply configuring ISA to forward to SpamFilter's IP rather than Exchange's. Furthermore all your outgoing traffic will still be handled by Exchage, rather than by SpamFilter.

If somehow that is not an option, you can add to SpamFilter's IP whitelist your internal class C of IPs, so that all your internal users will be able to bypass all blocking rules and will be able to relay.

Roberto F.
LogSat Software
Back to Top
eric View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote eric Quote  Post ReplyReply Direct Link To This Post Posted: 09 January 2004 at 5:39am

//you can add to SpamFilter's IP whitelist your internal class C of IPs, so that all your internal users will be able to bypass all blocking rules and will be able to relay//

don`t !

 

we had some lame isa server also. just buy a router, isa isn`t good.

if you put your whole cnet inplace in logsat, some annoying spambot will try to :

mailfrom: nobody@yourip or nobody@[yourip]  because logsat will bypass all rules,

and you have two way traffic in place... this will case the listme@yourip also to work,

causing a possible blacklist.

logsat and isa is dangerous, isa rewrites packets, and always does nat on the internal interface... (we name that the infernal interface from isa)

 

however, if you set the gateway from your exchange server to the isa server, it can sent mail trough the nat-table of the isa server.

it is also possible to run logsat ON the isa server itself, and bind the socket to 127.0.0.1,

and publish the interface with isa

 

 
Back to Top
Richard View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Richard Quote  Post ReplyReply Direct Link To This Post Posted: 12 January 2004 at 1:00pm
What I've done, is use a second NIC (with a second IP address).  All email traffic coming in is pointed to that IP, the SF is only bound to that IP.  Then if it is an acceptable email, it forwards to the first NIC/IP.  No changing of ports involved.  The only gotcha, is that I have to bind SF before I bind my regular email services, otherwise it (sendmail NT) will bind to all IPs and not allow SF to bind to any.
Back to Top
Josh Garrett View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Josh Garrett Quote  Post ReplyReply Direct Link To This Post Posted: 25 February 2004 at 10:46pm

The problem is not that isa cant forward the port....it is that your default smtp connector within exchange is listening on both ethernet interfaces.  You need to do these things.

1.  Create a protocol rule in ISA to enable all 25 traffic.

2.  In exchange manager go to the the smtp connectors properties.  Set the smtp connector to only listen on the INSIDE interface.  That will stop it from picking up 25 traffic on the outside interface.

3.  Create a server publishing rule in ISA to redirect all 25 traffic to the ip address of the spamfilter

4.  Stop and Restart the smtp connector.  Stop and Restart ISA services.

 

Let me know if you have any problems.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.158 seconds.

Copyright (c)2002-2025 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us