Publishing Your Email Server (ie. Exchange) Through ISA Server.
While the "ISA Server Basic Setup" document can give you some pointers on how to gain access to the internet through Internet Security and Acceleration Server, such a configuration allows very little functionality other than web browsing.
Most companies view their email infrastructure as their most valuable information technology tool. As such, the below document will walkthrough publishing your email server (allowing it to send and receive email) through ISA Server.
As an email server, we used Exchange to create this example.
If the ISA machine is a separate machine from the Email Server.
Create a Server Publishing Rule using the "Secure Mail Server..." wizard.
Expand: Internet Security and Acceleration Server > Servers and Arrays > <servername> > Publishing
Right Click "Server Publishing Rules". Click Secure Mail Server. Click Next.
Check the boxes next to the services that you would like to allow. A basic setup would simply have the Incoming and Outgoing SMTP with Default Authentication boxes checked. Click Next. (Fig. 1)
To enter the external IP address of the ISA Server, click "Browse". Select the external ISA interface, and Click OK. (Fig. 2). Click Next.
Input the IP of the internal mail server by Clicking Find, then Browse. Highlight the mail server from the list of computers, and Click OK. Click the "Find" button to find the server's IP, and click OK. Click Next. Click Finish.
Note on the above configuration: We have found, in some cases, that it is necessary to disable the "Simple Mail Transport Protocol" service on the ISA server before it would pass SMTP traffic on to an internal mail server.
Fig. 1
Fig. 2
Suggested Resources
Increase Your Skills. Decrease Your Book Prices.
Title
Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition
Publisher
Addison
Description
Addresses security problems, weaknesses, and the process of deploying an effective firewall.
ISBN
020163466X
Price Discount
20%
Title
Security Complete
Publisher
Sybex
Description
Spectrum-wide supply of knowledge on keeping secure and
up to date.
ISBN
0782141447
Price Discount
50%
If the ISA machine is the same machine as the Email Server.
Microsoft ® recommends publishing an Exchange server running on the same machine as an ISA server through the "Secure Mail Server" wizard. To complete this task, you would simply choose (in step #5 above) "On the local host" instead of inputting the remote server's IP address.
That being said, we have found it to be somewhat more reliable to instead manually create IP Packet Filters to allow Inbound and Outbound SMTP traffic. The steps to manually create these rules are outlined below.
Expand: Internet Security and Acceleration Server > Servers and Arrays > <servername> > Access Policy
Highlight "IP Packet Filters". Right Click New > Filter...
Type a suitable name for the Filter, such as "Allow Inbound SMTP" (refer to the table below)
Ensure "Allow packet transmission" is selected. Click Next.
Under "Use this filter:", select "Custom". Click Next.
Set up the specs for the IP Packet Filter (refer to the table below). Click Next.
Leave "Default IP addresses for each external interface on the ISA Server computer" selected. Click Next.
Leave "All remote computers" selected. Click Next. Click Finish.
Repeat Steps 2 through 8, to create the "Allow Outbound SMTP" Filter.
Filter Type:
Incoming SMTP
Outgoing SMTP
Name:
Allow Inbound SMTP
Allow Outbound SMTP
IP protocol:
TCP
TCP
Direction:
Inbound
Outbound
Local port:
Fixed Port
All ports
Local port number:
25
N/A
Remote port:
All ports
Fixed port
Remote port number:
N/A
25
Inbound SMTP Packet Filter
Outbound SMTP Packet Filter
Recommended Reading
Great Books. Great Prices.
Title
Inside the Security Mind: Making the Tough Decisions
Publisher
Prentice Hall
Description
Learn how the top gurus approach security. Enlighten yourself and rest your mind.
ISBN
0321174070
Price Discount
20%
Title
Internet and EMail Security Kit: Defeat Hackers and Viruses and Increase Network Security
Publisher
Syngress
Description
How to use security features, configurations, and methods. W2K, UNIX, Cisco, and more.
Fusion 13 has taken painstaking effort to ensure the validity of its data;
however, the information contained in this document is provided without warranty.
The data presented is offered simply as a suggestion.
Fusion 13 can in no way be held responsible for how these suggestions are implemented in any environment.
