No announcement yet.

ISA Server 2000 assistance

  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA Server 2000 assistance

    Hey Everyone,

    My workspace receives about 40 spam emails a day (per user and all appear different) and I am looking at different ways to do this without going to a 3rd party program.

    My network consists of:
    a) Windows Server 2000 for O/S on all servers
    b) Windows XP Pro on all workstations
    c) Microsoft ISA server 2000 Enterprise Edition for our Proxy
    d) Microsoft Exchange 2000 for our exchange
    e) >100 workstations and still expanding

    now using 'Google-fu' I was able to come across a lot of information on how there is filtering and firewall set-ups in ISA 2004 but not a lot of info on ISA 2000 itself. I have looked for online books and tutorials on ISA 2000 since but nothing has surfaced yet. I am now sending out this request for a joining of the minds to speed up the overall process. I am also sad to say I am a little lost in how I am going to do this, since I will need to set looser restrictions on management b/c of external needs, while General users will have internal emails only. I know I can do this will groups but I'm not sure how to properly tackle the situation.

    I have started to deny websites, or should I say allow websites as i am trying to configure it so only certain websites are accessible and ALL other websites are blocked. I am doing this VIA the ISA server 2000. I have so far set it up so that I have allow groups [User Test] and [management Test] so that management is allowed full access while our CSR's are locked to a select few sites.
    I am setting this up via Destination sets and Content Rules. I am wanting to know if the Active Directory Users & Computers mindset of "Deny overrides all" will apply in this scenario.

    Thank-you all in advance for whatever assistance you can provide,

    << Working together to prevent ID10T errors >>

  • #2
    Re: ISA Server 2000 assistance


    What you are doing is "using the Space Shuttle to herd cattle around the farm". It's not what ISA was meant to do and in fact I would be surprised if you even get it to work.

    With the amount of spam these days, you will need to hire a full-time monkey to keep putting web sites into your blocked sites lists. Your lists will then grow to the size of a zepplin and we all know what happens then....BOOM! Your ISA server slows down so much as it's checking EVERY packet in and out against it's policies.

    Then you have to consider the fact that you will receive, say, 50 spam emails with the same body only different FROM address- but still these emails most probably originated from the same source. The mass mailing software used to send the spam changes the FROM address for each email as such:

    And you want to add these manually to your ISA server????

    The general idea I'm trying to portray to you is that you NEED a 3rd party solution to do this efficiently. Such solutions are mostly automatic, they check originating domains for validity, use rules to quarantine or reject spam, log everything that happens, etc. In my last job I used PolicyPatrol which was awesome! 80% of the spam wasn't even downloaded to our servers coz it was checked by PP b4hand. And the rules used RegEx to catch similar spam content using only one line of code.

    Inform management of the costs saved in internet traffic, time which would have been used by you to manually block each site and finally the time spent by your users in going thru all their spam and deleting it.
    Last edited by JDMils; 10th January 2008, 01:08.
    +-- JDMils
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades


    • #3
      Re: ISA Server 2000 assistance

      I see what your saying...

      It makes sense, I understand how it could grow to a point where it is just impossible.

      Thanks for your help!

      P.S. I like the idea of herding cattle with a rocket ship, mmmmmm BBQ
      << Working together to prevent ID10T errors >>