• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 897
  • Last Modified:

ISA 2004 denies port even though rule created

I was trying to troubleshoot why my iPhone was unable to send email through smpt ssl. I read that you have to forward port 587 to the exchange server. I saw that this was being blocked. I tried all possible options and created the Allow Rule as I did hundreds of times, but for some reason it keeps denying the connection when I look at it in the logging screen. same message keeps popping up.

Just a note: Exchange Activesync works just fine, without problems. I am trying to make the IMAP account work because iPhone only allows one Exchange account, and I want to use it for the google new sync services. IMAP SSL over port 993 works fine, and I am able to receive emails. The problem is with sending email, as it never seems to connect.

I am not sure what I am doing wrong. Thanks for all the help. This is rule 1 so its not the rule order that is causing this.
Log Time	Client IP	Destination IP	Destination Port	Protocol	Client Username	Action	Rule	Source Network	Destination Network	HTTP Method	URL	Original Client IP	Client Agent	Authenticated Client	Service	Server Name	Referring Server	Destination Host Name	Transport	MIME Type	Object Source	Source Proxy	Destination Proxy	Bidirectional	Client Host Name	Filter Information	Network Interface	Raw IP Header	Raw Payload	Source Port	Processing Time	Bytes Sent	Bytes Received	Result Code	HTTP Status Code	Cache Information	Error Information	Log Record Type
2/22/2009 11:34:22 AM	173.68.*.**	192.168.111.4	587	Unidentified IP Traffic (TCP:587)		Denied Connection	Default rule	External	Local Host	-	-	173.68.*.*				MYSBS	-		TCP	-				No		-				49752	0	0	0	0xc004000d FWX_E_POLICY_RULES_DENIED		0x0	0x0	Firewall

Open in new window

0
surge1
Asked:
surge1
  • 3
  • 3
2 Solutions
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
You should be configuring your IMAP SSL for the ISP's servers not your SBS. Since the Google service is an outside service incoming, your outgoing must be connected to an outside service too.

Philip
0
 
surge1Author Commented:
Perhaps I wasn't clear enough and my apologies for that. Exchange is my work out, while google is another email(personal one).  I am trying to do this for my work account so I can connect directly.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
The FROM IP address is an external one in the above ISA screenshot. Your iPhone is using the wireless Internet to try and access your internal Exchange server.

You can pull e-mail and such via POP3 into your Exchange based mailbox. You still need to have the outgoing server pointing to your wireless carrier's SMTP servers.

Philip
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
surge1Author Commented:
i think we're getting a bit away from the subject matter. why is isa blocking port 587 when I clearly allowed it. the rule for some reason does not get triggered.

again, as a side noet, from what i've ready, port 587 will be used instead of 25 to authenticate with the SMTP server over a secure connection.

maybe this is another question, but how would you secure your connection when sending out email. can't the smtp virtual server use ssl on port 25 to properly and securely authenticate? on the iPhone I have SSL: ON, can this be done over port 25?
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
SSL tunnels are a very particular setup in ISA.
Make sure your rule is a pass through SSL publishing rule and that port 587 is in ISA's SSL allowed port list. That would stop the SSL connection in its tracks.
SSL tunnel tool: http://www.isatools.org/tools.asp?Context=ISA2004
It is called ISA TPRE. Download it and use it to verify and/or add the right port.
Philip
0
 
surge1Author Commented:
I was thinking and maybe i about this all wrong. What ports services would I need to configre the SMTP services to Authenticate to any device SECURELY (no password / username in clear text being sent out) . can this all be done via port 25?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now