Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
POP3, SMTP problem
- Thread starter atferraz
- Start date
I presume that when you say IP format gets through, you mean if the external mail servers are entered as ip as opposed to mail.isp.com.
If this is the case then you are not resolving DNS through ISA.
You need to create an access policy for DNS querys. Internet Explorer's DNS does not need this as you are using ISA web proxy service which resolves the DNS for you but mail will not use web proxy and therfore your internal DNS server will need to resolve this.
If ISA is your DNS server then you need to open a packet filter for DNS querries not a policy.
To confirm do an nslookup from the command prompt for the mail server, if you don't get an IP returned BINGO.
If this is the case then you are not resolving DNS through ISA.
You need to create an access policy for DNS querys. Internet Explorer's DNS does not need this as you are using ISA web proxy service which resolves the DNS for you but mail will not use web proxy and therfore your internal DNS server will need to resolve this.
If ISA is your DNS server then you need to open a packet filter for DNS querries not a policy.
To confirm do an nslookup from the command prompt for the mail server, if you don't get an IP returned BINGO.
- Thread starter
- #3
Hello Baxie
yes, can´t nslookup anything, but can ping every ip thing.
by ip I meen the numeric format.
I've a site and content rule that allows access to every destination, all day long from any request.
I've a protocol rule that allow all ip treffic, all day long, for internal clients.
I've a packet filter gor dns with DNS lookup(udp, send-receive, direction=all ports, remote por=fixed port, remote port nº=53).
How do I create an access policy for DNS querys?
I cant also access to ftp servers.
yes, can´t nslookup anything, but can ping every ip thing.
by ip I meen the numeric format.
I've a site and content rule that allows access to every destination, all day long from any request.
I've a protocol rule that allow all ip treffic, all day long, for internal clients.
I've a packet filter gor dns with DNS lookup(udp, send-receive, direction=all ports, remote por=fixed port, remote port nº=53).
How do I create an access policy for DNS querys?
I cant also access to ftp servers.
Is the ISA server your DNS server or is it another internal server?
Also have you configured forwarders on your DNS server?
From what you are saying DNS is definatly your problem but if all IP packets are allowed out from your network then i am starting to think that your DNS have no forwarders.
The ftp access could be the same problem but lets look at the DNS issue first.
Also have you configured forwarders on your DNS server?
From what you are saying DNS is definatly your problem but if all IP packets are allowed out from your network then i am starting to think that your DNS have no forwarders.
The ftp access could be the same problem but lets look at the DNS issue first.
- Thread starter
- #5
Delete the "." zone in your dns server setting and make sure your ISP's dns server are configured in fowarders settings. Make sure the client pc's have the isa server address as the primary dns, and also set the default gateway of your client pcs to the isa server's internal ip address.
Nick
Nick
- Thread starter
- #7
not so fast Nick, I don't know that much about Isa or DNS.
1) Delete the "." zone. From forward lookup zone? if yes a warning was made: it will delete it from active directory.
2)ISP DNS server. is it in forward lookup zone? if yes, I've no ISP. Do I create a new zone? if yes, what steps do I do?
3)the clients have the internal server address witch is the dns server, dhcp server, isa server and default gateway -
1) Delete the "." zone. From forward lookup zone? if yes a warning was made: it will delete it from active directory.
2)ISP DNS server. is it in forward lookup zone? if yes, I've no ISP. Do I create a new zone? if yes, what steps do I do?
3)the clients have the internal server address witch is the dns server, dhcp server, isa server and default gateway -
yes delete the "." zone. This is a root zone that is not needed. Your active directory should be listed in forward lookup zones. In dns manager right click on your server name and select properties. Click on forwarders and then enter the ip address of your isp's dns servers. the client pc's should have the isa server address as their Primary dns, and as their default gateway.
Nick
Nick
- Thread starter
- #9
- Thread starter
- #11
ok, now I can nslookup any ip name from any client. thanks so much.
but still have this massage when I do nslookup microsoft.com:
*** Can't find server name for address 192.168.10.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.10.1
Non-authoritative answer:
Name: microsoft.com
Addresses: 207.46.245.222, 207.46.245.214
Still can't send and receive mail from outlook or outlook express. pop3 and smtp protocols seem to be blocked some where. Isa has no blocking rules for these protocols.
but still have this massage when I do nslookup microsoft.com:
*** Can't find server name for address 192.168.10.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.10.1
Non-authoritative answer:
Name: microsoft.com
Addresses: 207.46.245.222, 207.46.245.214
Still can't send and receive mail from outlook or outlook express. pop3 and smtp protocols seem to be blocked some where. Isa has no blocking rules for these protocols.
The message is OK for now, at least you are resolving external DNS names.
You don't get the same error message from Outlook now do you?
There is no IP filtering on the network cards in ISA is thier? This is on the advanced options of the TCP/IP properties for the card.
You don't get the same error message from Outlook now do you?
There is no IP filtering on the network cards in ISA is thier? This is on the advanced options of the TCP/IP properties for the card.
- Thread starter
- #13
ok, pop3 and smtp problem solved,
I look in the post "Isa firewall and down load ..."
The problem was my client firewall. was not connected because it was configured to automatic detect ISA server and something was preventing it to succeed. When I disabled that option, pop3 and smtp as well as kazaa went ok.
Now I only have my DNS server problem. any idea?
Shouldn’t ISP dns servers be register automatically by my DHCP server to my internal network?
I look in the post "Isa firewall and down load ..."
The problem was my client firewall. was not connected because it was configured to automatic detect ISA server and something was preventing it to succeed. When I disabled that option, pop3 and smtp as well as kazaa went ok.
Now I only have my DNS server problem. any idea?
Shouldn’t ISP dns servers be register automatically by my DHCP server to my internal network?
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question