ISA Firewalls and MDaemon — Outbound SMTP Problems
QUESTION:
Dear Dr. Shinder,
First, I would like be sorry for inconvenient to you. But I hope you could share your great experience to me.
My name, Bong Benly (Mr.). Benly is my first name. I live and work in Cambodia. At my institution, we use MDaemon (9.0.6) as mail server. Since I installed ISA server 2004, we could not send email to outside, and could not receive email from outside too. All email to outsiders, were get stuck in MDaemon.
I checked for solution from MDaemon website, the answer is as below:
There is an application filter for SMTP in ISA that needs to be disabled. Visit www.isaserver.org for more configuration information.
I still have no idea to get it work. I hope to hear from you. Thank you for your time.
With my best regards,
Benly
ANSWER:
It seems strange that that the recommendation would be to disable the SMTP filter, since the SMTP filter provide vital security for published SMTP server. Keep in mind that the SMTP filter work only for Server Publishing Rules, not for outbound SMTP messages. So, for the techs at the MDaemon Web site to tell you to disable the SMTP filter to fix an outbound SMTP problem sounds ridiculous and indicates that they don’t understand how the ISA Firewall works, and they’re just guessing as to the nature of the problem.
The most common reasons for outbound mail to get “stuck” at the SMTP MTA include:
- DNS problems. The SMTP server can’t resolve the name of the destination SMTP servers
- Access Rule problems. You haven’t created a DNS server rule that allows outbound DNS, or you haven’t created a rule that allows outbound SMTP for the SMTP server
- ISP problems. The ISP doesn’t allow you to send outbound SMTP. They might require that you use their SMTP relay
Bottom line: The probability that a correctly configured ISA Firewall is blocking outbound SMTP messages from going through is infinitesimally small.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
ZAHID HASEEB Says:
November 25th, 2006 at 2:06 am
Sir you have to publish your mdaemon at ISA 2004 thn make a rule with POP and SMTP protocol,source should be your ISA firewall and destination should be mdaemon because of this your outside traffic will come in Mdaemon.
and for your internal traffic to go outside you make a rule with the same protocol(SMTP and POP) with a source mdaemon and destination ISA firewall2004 this rule will make your all emails outside.
this solution is for: if your mdaemon is behind ISA 2004 firewall.
feel free to email me at z_haseeb@hotmail.com
KAMRAN Says:
November 29th, 2006 at 2:24 am
I have same Problem in my Organization and i have found too many solution about this problem but problem is still exit.
-I have Disable the STMP Filtring from ISA.
-I have Publish MDaemon Server on ISA Server and aslo create a Access Rule for SMTP.
I am trying to find out the solution of that problem if got some solution then i will send to solution for that solution but if you have some solution so please Reply Me.
Thanks and Regard
KAMRAN
kamworldpresi@yahoo.com.com
Alejandri Says:
November 7th, 2007 at 10:33 am
I live in Cuba, and my problem is that I have the Mdaemon server in the same machine that ISA Server is, then I can recieve Email form the outside, but I still can’t send emails to the outside, I was using Kerio Winroute Firewall, but the license has expired. I have done the folowwing rules and nothing:
1-From Localhost to External. Allow all outbound traffic
2-Form External to localhost, Allow pop3 and SMTP protocols only, //With this rule, I recieve Emails form the outside.
I don’t know what else could I do please can uds help me???
Thanks and Regard
Alejandro
Imran Bashir Says:
August 21st, 2008 at 9:21 pm
dear sir i am from pakistan. i have facing recently very bad problem with ISA 2000 and MDaemen 5.0, my server is stop recieving outside mails. but we can send or recieve inside office mails. so please give me your kind reply.
thank you very much
Imran Bashir
Thomas Shinder Says:
August 22nd, 2008 at 6:46 am
Hi Imran,
ISA 2000 is outside of it’s support lifecycle, IIRC. Also, ISA 2000 was built on a different threat model than what we see today. You need to upgrade to ISA 2006.
HTH,
Tom
Bercha Says:
October 10th, 2008 at 4:28 am
Dear Sir
I have problem with MDaemon mail server , run with ISA server 2004
Hi , I have problem woth MDaemon mail server that i setup it in the computer with ISA server 2004 under windows 2003. the problem is i cannot send to email out side .please help me.
how to properly configure isa server2004 with MDeamon.
irshadali_ali@hotmail.com
irshadbaba2002@yahoo.com
Thanks
Thomas Shinder Says:
October 10th, 2008 at 7:15 am
Hi Bercha,
Please post your question on the message boards.
Thanks!
Tom
sudhir Says:
February 18th, 2009 at 7:28 am
Dear sir,
I have a setup like this ,we are using isa2006 as a web proxy server,now the outlook users who connect their servers through smtp and pop3 setup not able to recieve or send mails . Please help me out on this
Sudhir
Thomas Shinder Says:
February 18th, 2009 at 7:39 am
If you’re using the Firewall as a Web proxy only, you won’t be able to support SMTP and POP3. Get the firewall fully deployed and you can support all protocols.
HTH,
Tom
sudhir Says:
February 19th, 2009 at 4:33 am
Dear sir,
We have lan where isa2006 connected ans single nic and in the internal lan the users are there who want to see the mails through outlook.They connect the exchange servers through smtp for incoming and pop3s for outgoing mails.
Now in isa2006 we allowed these protocols like smtp and pop3s but when we check the log it shows like allowed traffic but “traffic allowed by firewall policy may be blocked by smtp or weapplication filters.
Sudhir
Thomas Shinder Says:
February 19th, 2009 at 7:41 am
Yes, — you need to fully deploy the firewall before you can get complete functionality. Do some research on “hork mode” and you’ll see that your hork mode ISA firewall is incompletely configured.
javed Says:
July 4th, 2011 at 5:54 am
Dear Sir
I have problem with MDaemon mail server , run with ISA server 2004
Hi , I have problem woth MDaemon mail server that i setup it in the computer with ISA server 2004 under windows 2003. the problem is i cannot send to email out side .please help me.
how to properly configure isa server2004 with MDeamon