RE: I'm trying to filter out email messages using ISA
From: Notorious (Notorious_at_discussions.microsoft.com)
Date: 06/30/04
- Next message: steve: "Re: Critical Updates - Are they necessary on clients behind firewall ?"
- Previous message: Notorious: "RE: unable to access servers remotely"
- In reply to: Hebba: "I'm trying to filter out email messages using ISA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jun 2004 19:42:02 -0700
I had the same problem. The filter feature in ISA is not that reliable. I recommending, purchasing an ANTI SPAM program. Lookup on Brighmail who just merged with Symantec and you can also take a look at GFI Mail Essentials.
Good luck.
"Hebba" wrote:
> I performed the following steps. However, keywords that I
> added to the SMTP
> application filter still go through.
>
>
> Enabling SMTP Filter on ISA using Message Screener:
>
>
>
> Our ISA server is called NHL. On this server the following
> is installed:
>
> a.. ISA + Message screener
> b.. IIS + SMTP
>
>
> Our application server is called APPS. On this server the
> following is
> installed:
>
> a.. Message screener only
> b.. IIS + SMTP
> c.. Exchange server
>
>
> Details of Configuration: (you do not have to read the
> text in gray)
>
> 1.. NHL (ISA server):
> 1.. Install IIS
> 2.. Install ISA in full which includes Message Screener
>
> i. If
> SMTP service fails to start:
>
> 1. IIS MetaEdit 2.2 Utility | LM and SmtpSvc |
> Right-click SmtpSvc,
> click New, and then click DWORD. In the Id list, click
> DisableSocketPooling.
> The field to the right should now read 1029. If
> DisableSocketPooling is not
> in the list, click (Other), and then type 1029 in the box.
> In the Data
> field, type 1. Click to select the Inherit attribute.
> Restart the Simple
> Mail Transport Protocol (SMTP) service.
>
> 1.. Enable SMTP application filter in ISA | Extensions
> | Application
> filters (added a keyword: "bom")
> 2.. Start | Run: dcomcnfg.exe (because SMTP message
> screener and ISA
> communicate through DCOM)
>
> i.
> Applications tab | VendorData class properties | Security
> tab |
>
> 1. Use custom launch permissions | Edit | Add |
> Everyone | Type of
> Access: allow launch
>
> 2. Use custom access permissions | Edit | Add |
> Everyone | Type of
> Access: allow access
>
> 3. Use custom configuration permissions | Edit | Add
> | Everyone | Type
> of Access: Full Control
>
>
>
> 1.. APPS (Application server):
> 1.. TCP/IP properties | Default Gateway = ISA IP
> address
> 2.. Install IIS in full which includes SMTP
> 3.. Install Exchange Server:
>
> i.
> CDROM\setup\i386\setup.exe /forestprep
>
>
> ii.
> CDROM\setup\i386\setup.exe /domainprep
>
>
> iii.
> CDROM\setup\i386\setup.exe
>
> 1.. IIS:
>
> i.
> Configure SMTP to use the internal IP address only
>
>
> ii. Create
> remote domain to accept mail from *.internal_domain
>
>
> iii.
> Configure remote domain to relay to Exchange server
>
> 1. select forward all mail to smart host: [IP_of_APPS
> (ExchangeServer)]
>
> 2. select allow incoming mail to be relayed to this
> domain
>
> 1.. Configure Exchange server to accept mail from
> message screener SMTP
> server
>
> i.
> System Manager | Servers | Protocols | SMTP | Default SMTP
> Virtual server
> Properties | General tab | Advanced | verify only internal
> IP address is
> used.
>
> 1.. Install message screener from ISA CD-ROM
> 2.. Run ISACD-ROM\isa\i386\SMTPCred.exe (to set
> authentication
> credentials to ISA server: I used the domain administrator
> account)
> 3.. Start | Run | dcomcnfg.exe: (because SMTP message
> screener and ISA
> communicate through DCOM)
>
> i.
> Applications tab | VendorData class properties | Security
> tab |
>
> 1. Use custom launch permissions | Edit | Add |
> Everyone | Type of
> Access: allow launch
>
> 2. Use custom access permissions | Edit | Add |
> Everyone | Type of
> Access: allow access
>
> 3. Use custom configuration permissions | Edit | Add
> | Everyone | Type
> of Access: Full Control
>
> 1.. Exchange System Manager | Server | Protocols |
> right-click Default
> SMTP Virtual Server properties | Access tab | Relay | I
> gave access to my
> own computer to test
>
>
> 1.. NHL (ISA server):
> 1.. Create a server publishing rule using the wizard
> and select SMTP
> 2.. Create a protocol rule to allow DNS queries for
> name resolution
> 3.. Create a new Protocol filter and enable it to
> allow: TCP port 135 as
> this port is used by outlook clients to access exchange
> server
>
>
> 1.. APPS (Application Server)
> If you attempt to start Exchange services that run in the
> Inetinfo.exe tool,
> you may receive the following error message:
>
> Error 1083: The executable program that this service is
> configured to run in
> does not implement the service.
>
> This issue occurs when you start the following services
> from within Exchange
> server:
>
> Simple Mail Transport Protocol (SMTP)
>
> Network News Transport Protocol (NNTP)
>
> Post Office Protocol version 3 (POP3)
>
> Internet Message Access Protocol version 4 (IMAP4)
>
> Microsoft Exchange Routing Engine
>
> CAUSE
> This issue can occur because these services have not been
> configured to run
> in the Inetinfo.exe tool. They have been either configured
> to run in the
> Dllhost.exe tool, or not configured to run in any tool.
>
> RESOLUTION
> 1. Start Registry Editor
> (Regedt32.exe).
>
> 2. Locate and click the following
> registry key:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetIn
> fo\Parameters\Dis
> patchEntries
>
> 3. Click the value for the service
> that you attempted
> to start.
>
> 4. On the Edit menu, click Multi
> String, and then add
> the following values:
>
> Ldapsvc
> Smtpsvc
> Nntpsvc
> Imap4svc
> Pop3svc
> Resvc
>
> 5. Click OK.
>
> 6. Quit Registry Editor.
>
> 7. Start Administrative Tools,
> click Services, and
> then restart the Internet Information Service (IIS)
> Administrator service.
>
> STATUS
> Microsoft has confirmed that this is a problem in
> Microsoft Exchange 2000
> Server.
>
>
>
>
> Hebba Hussain Rostom
> Facility Manager
> New Horizons (Jeddah, S.A.)
> E-mail: hebba@newhorizons.com.sa
>
>
>
>
>
- Next message: steve: "Re: Critical Updates - Are they necessary on clients behind firewall ?"
- Previous message: Notorious: "RE: unable to access servers remotely"
- In reply to: Hebba: "I'm trying to filter out email messages using ISA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
