Any problems allowing SMTP in ISA?
Hi,
As i mentioned in a previous post a few days ago, i've configured an ISA 2004 Server and allowed Internet access as well as the fundamental services.
Now im looking at opening up other services that may be required on the network (specifically SMTP) but im worried about any problems that we may encounter... like SPAM for example.
If i create a firewall access rule to allow SMTP from internal to external - could this foreseeably cause any problems?
The reason i ask, is that a few years back - before i had ever used ISA, i made the mistake of creating an access rule in ISA and within a couple of days, almost every DNS server had blacklisted our domain because it was sending SPAM... the problem is, i dont remember what exactly what it was that i had allowed - it was SMTP related.... perhaps it was the SMTP protocal itself, or the SMTP Server protocol......
Anyways, im a little apprehensive and thought i would get your opinions.
Thanks,
O
p.s - i should clarify, we're only using SMTP for several users who have mail hosted with other ISP's and are using SMTP protocol to download their emails.... we dont have an SMTP server internally. Any advice would be greatly appreciated.
As i mentioned in a previous post a few days ago, i've configured an ISA 2004 Server and allowed Internet access as well as the fundamental services.
Now im looking at opening up other services that may be required on the network (specifically SMTP) but im worried about any problems that we may encounter... like SPAM for example.
If i create a firewall access rule to allow SMTP from internal to external - could this foreseeably cause any problems?
The reason i ask, is that a few years back - before i had ever used ISA, i made the mistake of creating an access rule in ISA and within a couple of days, almost every DNS server had blacklisted our domain because it was sending SPAM... the problem is, i dont remember what exactly what it was that i had allowed - it was SMTP related.... perhaps it was the SMTP protocal itself, or the SMTP Server protocol......
Anyways, im a little apprehensive and thought i would get your opinions.
Thanks,
O
p.s - i should clarify, we're only using SMTP for several users who have mail hosted with other ISP's and are using SMTP protocol to download their emails.... we dont have an SMTP server internally. Any advice would be greatly appreciated.
Comments
-
royal
Member Posts: 3,352 ■■■■□□□□□□
I haven't done this scenario in production, but I have read an ISAServer.org article that talked about ensuring the SMTP service on ISA is configured to not allow unauthenticated users to prevent open relaying SPAM.“For success, attitude is equally as important as ability.” - Harry F. Banks -
Khattab
Member Posts: 97 ■■□□□□□□□□
Hi,
When you say authenticated users... do you mean authenticated within AD, or authenticated with the SMTP Server?
We dont have an SMTP server, i just have a few users who have their mail hosted with various ISP's and are trying to access their email through SMTP in outlook. Would that apply to this scenario?
Thanks,
O -
HeroPsycho
Inactive Imported Users Posts: 1,940
He means authenticated users with the ISA server, whether that may be AD or local accounts.
And yes, the biggest problem of allowing outbound SMTP is if internal machines are sending out spam. If that's the case, your internet IP could get blacklisted and most other email servers may declare mail coming from your internet IP address as spam, legit or not. If you have a mail server, or should you get one in the future, this could greatly impact your mail service.Good luck to all! -
Khattab
Member Posts: 97 ■■□□□□□□□□
Is there anything i can do to minimize this?
I dont have an AD domain.... so that rules out authenticated users within AD.... how can i get the users to be 'authenticate'?
How do most other networks allow outbound SMTP without having to promote a server to a DC? -
HeroPsycho
Inactive Imported Users Posts: 1,940
Have mirrored accounts on your ISA server for all users within the workgroup.
How do most other networks allow outbound SMTP?
A. They usually don't. If users in your network use email systems that don't support webmail or some other form of remote email capability, shame on them. In fact, most email systems won't allow their SMTP servers to relay mail for their mail system from outside their internal network anyway, forcing their users to use alternative means that are safer, such as webmail, requiring users to VPN in to the home network, etc.
B. The business allowing outbound SMTP mail will install their own SMTP gateway product loaded with anti-spam software to force email they send out to be inspected for spam before leaving, and force users to set this as their SMTP mail server, and allow outbound mail only from that server. In this case, admins for the domains your users send mail from also need to add the public IP address of this SMTP server to their domain's SPF records if they have these records.Good luck to all! -
d4nmf
Member Posts: 56 ■■□□□□□□□□
As above, if you have invested in ISA surely some extra cash into investing in exchange would be the way forward?
Then relay all the mail through your ISP's smtp relay.
