SMTP/POP3 ausgehend nicht möglich
Die Informationen in diesem Artikel beziehen sich auf:
Microsoft ISA Server 2004
In der Newsgroup und im Rahmen meiner täglichen Arbeit wird häufig gefragt, warum ein
Mailclient nach der ISA Installation keine Mails mehr senden bzw. empfangen kann. Was
dafür am ISA Server zu konfigurieren ist habe ich im Artikel Mailzugriff ausführlich
beschrieben.
An dieser Stelle möchte ich Möglichkeiten aufzeigen, wie ein Konfigurationsfehler gesucht
und ggfs. gefunden werden kann.
Problem: Interner Mailclient (z.B. Outlook) kann keine Mails versenden und empfangen
Lösungsvorschläge:
1. Überprüfen, ob eine Firewallrichtlinie für SMTP- und POP3-Verkehr erstellt ist und
ob ggfs. Zugriffs-Einschränkungen existieren (vgl. den o.g. msisafaq-Artikel)
2. Überprüfen, ob der ISA Server eine Verbindung zum Internet hat (speziell bei
Anbindungen über DFÜ)
3. Sicherstellen, dass der interne Client ein SecureNAT-Client oder ein Firewall-Client
ist.
4. Mittels des DOS-Kommandos telnet einen Verbindungsaufbau testen:
telnet mail.msisafaq.de 25 Bitte diesen Befehl in einer
Kommandozeile eingeben. Verwenden Sie statt mail.msisafaq.de den
Mailserver Ihres Providers; der msisafaq-Mailserver ist in dieser
Form von aussen nicht erreichbar. Port 25 ist für SMTP zuständig,
testen Sie ggfs. auch Port 110 für POP3.
220 mail.msisafaq.de msisafaq ESMTP Mailserver Version
7.0.0.2002 Sat, 13 Jul 2002 20:34:52 +0200 Wenn eine
Verbindung zum Mailserver hergestellt werden kann erhalten Sie
abhängig vom Zielmailserver eine ähnliche Meldung.
quit Beenden Sie die Verbindung zum Mailserver; weitere Tests sind
nicht notwendig.
221 2.0.0 mail.msisafaq.de Service closing transmission
channel
5. Bekommen Sie keine Verbindung UND haben Sie die ersten drei Punkte kontrolliert,
verwenden Sie statt dem FQDN die IP-Adresse des Mailservers.
6. Hat der Verbindungsaufbau geklappt? Wenn ja, gehen Sie zu 8.
7. Verwenden Sie testweise einen anderen Mailserver
8. Sicherstellen, dass die Namensauflösung per DNS funktioniert
Interessante Knowledge Base Artikel
Auswahl einiger Artikel aus der Microsoft Knowledge Base zu häufigen Problemen und
Themen rund um den ISA Server 2004:
890306 - You receive event ID 14192, and the Internet Security and Acceleration
Server (ISA) 2004 Control service does not start
888642 - Programs and services on a Firewall Client computer may not be able to
access remote resources in ISA Server 2004
888647 - Users are repeatedly prompted for credentials and authentication is not
successful when a downstream computer that is running ISA Server 2004 uses
Integrated Windows authentication to authenticate to an upstream computer that is
running ISA Server 2004
887000 - You receive a "The remote procedure call failed" error message and RPC
route publishing is not permitted in ISA Server 2004
888927 - Host headers and URLs are considered to be encoded by UTF8 encoding in
Internet Security and Acceleration Server 2004
888652 - Some 16-bit files may be installed when you install ISA Server 2004
888646 - Changes that you make by using the Firewall Client are not applied to all
users
885351 - You cannot browse Web servers on a remote site when you use IPsec tunnels
to connect sites on a Windows Server 2003-based computer that is running Internet
Security and Acceleration Server 2004
888709 - When to use the ISA Server 2004 SMTP filter and Message Screener
888715 - Export, import, and backup functionality in Internet Security and
Acceleration Server 2004
888644 - You may not be able to connect to a Proxy Server 2.0 server or to an ISA
2004 server or ISA 2000 server that requires a UDP-only control channel by using an
ISA Server 2004 Firewall client
888708 - List of common scenarios that the "VPN Roaming Clients and Quarantine
Control in ISA Server 2004" document provides solutions for
888710 - Using ISA Server 2004 with Exchange Server 2003
888712 - Remote administration of Internet Security and Acceleration Server 2004
888714 - Outlook Web Access Server Publishing in ISA Server 2004
888716 - Digital Certificates for Internet Security and Acceleration Server 2004
888717 - Controlling secure Internet access by using ISA Server 2004
888042 - ISA Server 2004 does not support traffic redirection
888643 - The migration stops responding when you try to migrate configuration
settings from an ISA Server 2000-based computer that uses SSL certificates to an ISA
Server 2004-based computer
888711 - Site-to-site VPN in ISA Server 2004
888713 - VPN roaming clients and quarantine control in ISA Server 2004
841661 - You cannot install the Remote Access Quarantine Agent tool on your
Windows 2000 Server-based computer
884506 - How to configure ISA Server 2004 to allow for RPC over HTTP client
connections from Office Outlook 2003 to Exchange Server 2003
884580 - Active mode FTP client programs cannot access an FTP server from behind
Internet Security and Acceleration Server 2004
886998 - Best practices when you publish two or more internal Web sites that use
authentication on an Internet Security and Acceleration Server 2004-based computer
887002 - You experience a one-minute delay in the passage of ICMP ping traffic after
you change the network relationship type for an IPSec site-to-site network rule in ISA
Server 2004
887005 - Description of the time formats that are used in Internet Security and
Acceleration Server 2004 log files and reports.
888649 - Core services that must be enabled for your Internet Security and
Acceleration (ISA) Server 2004 computer to function correctly.
884496 - Client computers cannot access external resources and event ID 14147
appears in the Application log in ISA Server 2004
884560 - You cannot use the RADIUS authentication protocol when you use the
OWA Forms-Based Authentication on a Web publishing rule to publish an internal
Web site such as OWA in ISA Server 2004
885186 - How to publish a Web site directly on your Internet Security and
Acceleration Server 2004 computer
884496 - Client computers cannot access external resources and event ID 14147
appears in the Application log in ISA Server 2004:
839509 - How to configure connectivity verifiers to monitor selected computers and
networks in ISA Server 2004
884109 - How to enable VPN access for users in a front-end or back-end scenario in
ISA Server 2004
884505 - How to use an ISA Server 2004 computer to block transparent HTTP clients
without requiring authentication
885957 - How to install ISA Server 2004 hotfixes
884203 - VPN clients are disconnected when you restart the IPSec Policy Agent
service on a computer that is running ISA Server 2004
884492 - The RADIUS authentication process in ISA Server 2004
884493 - A log query may not return all the results that you expect in Internet Security
and Acceleration Server 2004
841665 - A network address translation IP address may be used for all outgoing
network traffic on an ISA Server 2004 computer
884569 - The ISACTRL and WSPSRV services do not start when you install ISA
Server 2004 on a multiprocessor computer
884495 - Event ID 7000 appears in the System log and the ISA Server Storage service
does not start when you start a computer that is running ISA Server 2004
884494 - You receive a "Setup failed while registering Wspadmin.dll" error message
when you try to install ISA Server 2004
883285 - Users are repeatedly prompted for their credentials when they try to access
the Internet after you configure a firewall chain between ISA Server computers
884319 - ISA Server 2004 Standard Edition does not support NLB functionality
840472 - Internal DNS requests and internal LDAP requests may be sent to the
external network adapter on a computer that is running ISA Server 2004
841664 - Clients may receive an "Error Code 500 Internal Server Error" error message
if you use ISA Server 2004 to publish a Web site to a server that is on the internal
network
838709 - How to use the ISA Server 2004 migration tool to migrate from ISA Server
2000 to ISA Server 2004
838378 - You cannot install ISA Server 2004 Administration Tools alongside ISA
Server 2000 Administration Tools
837454 - How to configure access auditing for storage and for configuration in ISA
Server 2000 and in ISA Server 2004