locked
ISA Server 2006 and IMAP4 PUblishing Rule for Exchange 2007. RRS feed

  • Question

  • Hi,

    I have created a mail server publishing rule for IMAP4 on our ISA Server to our Exchange Server 2007 which is behind the ISA 2006 Server, but for some reason when you netstat -a on the ISA Server it is not listening on port 143. I can't telnet to the Exchange server on port 143 from the outside. FYI, IMAP4 works on the inside to the Exchange Server. I have created and delted the mail publishing rule several times.

    The rule reads:

    Action: Allow, Traffic: IMAP4 Server, From:Anywhere, To: Internal IP Address of the Exchange Server and request comes from original client, Networks:External, Schedule:Always.

     

    Thanks.

     

     

    Monday, October 25, 2010 10:37 PM

Answers

All replies

  • Does the Exchange server have a default gateway or routing configuration that will send return traffic back via the ISA Server? If not, you will need to configure the "Requests appear to come from ISA Server" setting as opposed to "from original client"...

    Also, you will not be able to achieve IMAP publishing if you have a single NIC deployment of ISA.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Monday, October 25, 2010 10:59 PM
    Moderator
  • Hi Jason,

    Thanks for responding.

    The answer to your queries is, the exchange server has a default gateway on it (192.168.0.1). Also the ISA Server is a two NIC card deployment (Edge Firewall). One NIC external (66.80.182.154) and the other Internal (192.168.0.1). I tried the IMAP rule both ways, "requests appear to come from ISA Server" and "From original client". I still haven't been able to get it to work. FYI, the ISA server doesn't appear to be listening because when I do a netstat on the ISA Server I don't see IMAP or port 143 on the list for listening.

    Internally IMAP works and I have other publishing rules that work fine on this ISA Server.

    Thanks.

     

    Teague Clement

    Tuesday, October 26, 2010 4:38 PM
  • Have you bound the publishing rule to a specific external IP address?
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, October 26, 2010 10:21 PM
    Moderator
  • Yes to the external NIC 66.80.182.154
    Tuesday, October 26, 2010 10:23 PM
  • Is this you only server publishing rule? As opposed to web publishing rules...

     


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Tuesday, October 26, 2010 10:25 PM
    Moderator
  • No I have several web publishing rules, OWA, RPC/HTTPS, SMTP. They all work, except for IMAP4. Internally IMAP4 works to the eschange server it's just externally. I can't telnet from the outside to the exchange server with port 143.
    Tuesday, October 26, 2010 10:28 PM
  • If you change the OWA publishing rule "use original client IP address" does this break it?

    What ISA network rules do you have?

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, October 26, 2010 10:34 PM
    Moderator
  • If I change the OWA publishing rule to "use original client ip address" it does break it.
    Tuesday, October 26, 2010 11:10 PM
  • Ok, so there must some problem with the Exchange server returning traffic when the source IP address is not the TMG server. This would imply the Exchange server has a routing configuration problem...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, October 26, 2010 11:19 PM
    Moderator
  • Does the Exchange Server need to have the firewall client installed on it for IMAP to route properly or just the default gateway of the ISA server's internal IP address?
    Tuesday, October 26, 2010 11:41 PM
  • Hi,

     

    Thank you for the update.

     

    “Does the Exchange Server need to have the firewall client installed on it for IMAP to route properly or just the default gateway of the ISA server's internal IP address?” – for the exchange server, you should just point to ISA server’s internal IP address as its default gateway.

     

    Regards,

     


    Nick Gu - MSFT
    Monday, November 1, 2010 2:20 AM
    Moderator