Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. SMTP traffic between an Edge Transport server and an internal Hub Transport server is blocked if the Hub server is published by using ISA Server 2006 and if SMTP filtering is enabled

SMTP traffic between an Edge Transport server and an internal Hub Transport server is blocked if the Hub server is published by using ISA Server 2006 and if SMTP filtering is enabled

View products that this article applies to.

Symptoms

Consider the following scenario:
  • You use Microsoft Internet Security and Acceleration (ISA) Server 2006 to publish an internal Hub Transport server to a Microsoft Exchange 2007 Edge Transport server.
  • In ISA Server 2006, you enable Simple Mail Transfer Protocol (SMTP) filtering.
  • When the Edge Transport server tries to send e-mail messages through ISA Server 2006 to the internal Hub Transport server, the SMTP traffic may be blocked.
  • You configure ISA Server 2006 by using the method that is described on the following Microsoft TechNet Web site:
    How to Add SMTP Verb Commands to ISA Server 2006
    http://technet.microsoft.com/en-us/library/bb851508.aspx
In this scenario, the SMTP traffic between the Edge Transport server and the internal Hub Transport server may still be blocked even though you have added the X-AnonymousTLS verb and the X-EXPs verb to the SMTP filter settings in ISA Server.

↑ Back to the top

Cause

This problem occurs when Exchange 2007 uses the proprietary verb X-AnonymousTLS to switch to Transport Layer Security (TLS) encryption. The SMTP filter in ISA Server 2006 is not aware of the usage of this verb. Therefore, the SMTP filter inspects the traffic, even though it is encrypted. Intermittantly, the SMTP filter detects malformed traffic and ends the session.

↑ Back to the top

Resolution

To resolve this problem, apply the hotfix that is mentioned in the following Microsoft Knowledge Base article:
959357 Description of the ISA Server 2006 hotfix package: October 29, 2008

Note You must still manually add the X-AnonymousTLS verb and the X-EXPs verb to the SMTP filter settings in ISA Server. For more information, visit the following Microsoft TechNet Web site:
http://technet.microsoft.com/en-us/library/bb851508.aspx

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More information

After you apply this hotfix, the SMTP filter in ISA Server 2006 uses passthrough mode for the X-AnonymousTLS verb, and the filter does not inspect traffic. This is identical to how the TLS verb and the STARTTLS verb are treated.

↑ Back to the top

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: KB959311, kbqfe, kbsurveynew, kbfix, kbexpertiseinter

↑ Back to the top

Article Info
Article ID : 959311
Revision : 1
Created on : 2/26/2009
Published on : 2/26/2009
Exists online : False
Views : 281