Cannot Send SMTP Outbound Mail Through ISA Server (811084)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2000
  • Microsoft BackOffice Server 2000
  • Microsoft Small Business Server 2000

SYMPTOMS

After you run the Mail Server Security Wizard to publish your Microsoft Exchange 2000 Server, you can successfully receive e-mail through the ISA Server 2000 firewall, but outbound Simple Mail Transfer Protocol (SMTP) messages are not passed through the firewall.

Outbound messages remain in the Exchange Server queue with a status of "Retry."

CAUSE

This issue may occur in the following situation:
  • Exchange Server is installed on the same computer as ISA Server 2000.

    -and-
  • The ISA Server is not configured with a packet filter to allow outbound packets destined to port 25 on remote computers.

RESOLUTION

To resolve this issue, configure the following packet filter on the ISA Server:

Protocol: TCP
Protocol ID: 6
Direction: Outbound
Local port: All ports
Remote port: Fixed port 25

To do this, follow these steps:
  1. Start the ISA Management snap-in: click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. Expand Servers and Arrays, expand your server, expand Access Policy, right-click IP Packet Filters, point to New, and then click Filter.
  3. In the IP packet filter name box, type a descriptive name for the packet filter (for example, type Allow SMTP outbound), and then click Next.
  4. Click Allow packet transmission if it is not already selected, and then click Next.
  5. Click Custom, and then click Next.
  6. In the IP protocol list, click TCP.
  7. In the Direction list, click Outbound.
  8. In the Local port list, click All ports if it is not already selected, click Fixed port in the Remote port list, type 25 in the Port number box that corresponds to the remote port, and then click Next.
  9. Under Apply this packet filter to, keep the default selection of Default IP addresses for each external interface on the ISA Server computer unless you have more than one IP address or external interface on the ISA Server. If you have more than one IP address assigned or more than one external interface, you may want to specify the ISA Server's external IP address. To do this, click This ISA server's external IP address, and then type the IP address.
  10. Click Next.
  11. Under Apply this packet filter to, keep the default selection of All remote computers if your Exchange Server is configured to send mail directly to foreign messaging systems, or if you want to specify a particular smart host, click Only this remote computer, and then type the public IP address of the destination computer.
  12. Click Next, and then click Finish.

MORE INFORMATION

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

297700 XFOR: How to Test Outbound Mail Flow With a File in the Pickup Folder

Modification Type:MinorLast Reviewed:8/4/2003
Keywords:kbprb KB811084
©2003 Microsoft Corporation. All rights reserved.