Sam
Wed Sep 03 04:38:08 CDT 2003
Mariette, Thankyou for your help.
I shall look at this today, i have a few questions though, I am running
Backoffice rather than SBS. Does this make a difference? The applcations are
installed on the same server at present.
also i intend to research the steps you mentioned, but do any of them have
any possible knock on effects as we dont have any test servers here, so i
would be making the changes on the production server(!)
Thanks again
Sam
"Mariette Knap [SBS MVP]" <mariette@smallbizserver.net> wrote in message
news:%232XmkfXcDHA.620@TK2MSFTNGP11.phx.gbl...
> In news:ufUWi6WcDHA.1492@TK2MSFTNGP12.phx.gbl,
> Sam Richardson" <sam@"no_spam_thanks <sam@"no_spam_thanks"genetix.com>
> wrote:
>
> > I'm having difficulty getting the SMTP filter to work on ISA with
> > feature pack 1 installed.
>
> There are some things to review on your server:
>
> 1. Did you disable socketpooling for the SMTP service?
>
> This is extremely important because SBS has socketpooling for SMTP by
> default not disabled and thus is the Exchange listening on all IP
addresses
> and because of this ISA SMTP filter does not work. You can check if socket
> pooling is disabled ny typing from the command prompt:
>
> netstat -an | find ":25"
>
> If the output is something like "TCP 0.0.0.0:25 0.0.0.0:0 LISTENING" this
> means that socketpooling is enabled. The output must something like "TCP
> 192.168.16.2:25 0.0.0.0 LISTENING". If the first is the case run the
mdutil
> tool to disable socketpooling.
>
> Use the Mdutil.exe file utility that is included on the Windows 2000 CD
ROM.
> NOTE: The Mdutil.exe file utility is not installed with the Windows 2000
by
> default. It is located in the \i386 directory as MDUTIL.EX_. Copy this
file
> to your local disk and run the following command to extract the utility:
> EXTRACT MDUTIL.EX_
>
> a. Put the Mdutil.exe executable in the \Inetpub\Adminscripts folder.
> b. Open a command prompt window and type the following command:
>
> mdutil set -path smtpsvc/1 -value 1 -dtype 1 -prop 1029 -attrib 1
>
> 2. Did you set the Default SMTP Virtual Server to listen only on the
> internal IP address of the server?
>
> Go to the Internet Information Services console, right click on the SMTP
> service, and click Properties. Change the listening address to the
internal
> interface of the ISA Server.
>
> 3. Did you create a Server Publishing Rule for SMTP in ISA? You must
disable
> any Packet Filters that allow inbound traffic on port 25 too. Do NOT run
the
> Secure Mail Server Wizard.
>
> After this has been done create a rule in the SMTP filter that forwards
the
> message to a mailbox of your choice. This way you can check if thing work.
>
> Related KB articles:
>
> 315132 - HOW TO: Configure SMTP Message Screener in ISA Server 2000:
>
http://support.microsoft.com/default.aspx?scid=kb;EN-US;315132
>
> 320703 - HOW TO: Configure the SMTP Filter in ISA Server to Block SMTP
> E-mail Attachments by File Name Extension in SBS:
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;320703
>
> After you have got the SMTP filter working you probably will see some
> SmtpEvt errors in the event log.
>
> When another exchange server connects to deliver mail it sends several
> commands to the internal mail server. If the ISA SMTP filter is enabled
the
> above error is logged because the default filter does not contain the
> commands used by the exchange server. To work around the problem add the
> following commands to the SMTP Filter and give them all 1024 as the
Maximum
> Length.
>
> X-EXPS GSSAPI NTLM LOGIN
> X-EXPS GSSAPI NTLM
> X-EXPS=LOGIN
> X-LINK2STATE
> XEXCH50
>
> and others if you see one.
>
> Please, follow steps 1,2 and 3 carefully and reboot the server after all
of
> the steps. Create a rule in the SMTP filter and wait for some time....it
can
> take a while for the SMTP filter to start working
>
> --
> Mariette Knap [SBS MVP]
> www.smallbizserver.net
>
>