IPSec Policy Agent Closes SMTP Ports - Network

This is a discussion on IPSec Policy Agent Closes SMTP Ports - Network ; OK, here's one for the books. I'm running a windows 2000 advanced server as a DC. It also has on a mail server called Mailtraq. After painstaking detective work, I found that periodically IPCSec begins closing the port 25 connections ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: IPSec Policy Agent Closes SMTP Ports

  1. IPSec Policy Agent Closes SMTP Ports

    OK, here's one for the books. I'm running a windows 2000 advanced server as a
    DC. It also has on a mail server called Mailtraq. After painstaking detective
    work, I found that periodically IPCSec begins closing the port 25 connections
    that Mailtraq establishes to send mail. When I disable IPSec stuck outgoing
    mail flies on its way. Ofcourse, Incoming is not affected, but clients in the
    domain can't pickup mail from the server. With IPSec disabled, all is fine.
    How can I manage IPsec or can I just leave it disabled?
    Thanks for your help

  2. Re: IPSec Policy Agent Closes SMTP Ports

    Apparently you need to modify your ipsec policy to allow the necessary
    traffic for SMTP port 25 TCP. If your ipsec policy seems to be changing then
    you probably have ipsec policy assigned/configured at a higher priority
    level such as the domain or domain controller container that is overriding
    any ipsec policy set in Local Security Policy. You can use the support tool
    gpresult to find what Group Policies are applying to the computer and for
    Windows 2000 you can use netdiag to find out more about the effective ipsec
    policy assigned to a computer. You can run the full netdiag tool or use
    netdiag /test:ipsec and netdiag /test:ipsec /debug for very detailed info.
    You could unassign the ipsec policy but first you could try to make it work
    for you by modifying it to that port 25 TCP has a permit filter action for
    the appropriate IP addresses. The link below shows the basics of an ipsec
    filtering policy. --- Steve

    http://www.securityfocus.com/infocus/1559


    "PCGenieLA" wrote in message
    news:E0414773-0E36-48DF-A19B-E58B8E6DC1EB@microsoft.com...
    > OK, here's one for the books. I'm running a windows 2000 advanced server
    > as a
    > DC. It also has on a mail server called Mailtraq. After painstaking
    > detective
    > work, I found that periodically IPCSec begins closing the port 25
    > connections
    > that Mailtraq establishes to send mail. When I disable IPSec stuck
    > outgoing
    > mail flies on its way. Ofcourse, Incoming is not affected, but clients in
    > the
    > domain can't pickup mail from the server. With IPSec disabled, all is
    > fine.
    > How can I manage IPsec or can I just leave it disabled?
    > Thanks for your help




  3. Re: IPSec Policy Agent Closes SMTP Ports

    In a simplistic sense, IPsec can block, permit or require security on an
    any, subnet, IP, port or protocol basis and it's pretty rare to encounter
    seemingly random failures with it e.g. it either works, or it doesn't. So
    when you say that IPsec is periodically closing the Mailtraq port, do you
    mean that IPsec is preventing SMTP traffic from being sent / received on
    that port, or is the implication that Mailtraq is no longer listening?

    What is the exact symptom of the failure? Is the port no longer listening?
    Is traffic simply blocked etc.?
    Where do you see this behavior and what tools did you use to verify it?
    What is the extent of the IPsec policy on the machine? Is it a
    subnet/IP/port Block, Permit or Require security policy?

    Did you verify that Mailtraq still has a listener open on that port w/
    'netstat -aon'
    Did you use security event audit entries?
    -->Assuming your domain policy has enabled success/failure for account
    and account logon options, IPsec will generate 541/547 events in the sec
    log.
    Did you use oakley to see if there is a negotiation failure (if you have a
    require security policy in place?)

    jason


    "Steven L Umbach" wrote in message
    news:uF3UMgiiFHA.576@TK2MSFTNGP15.phx.gbl...
    > Apparently you need to modify your ipsec policy to allow the necessary
    > traffic for SMTP port 25 TCP. If your ipsec policy seems to be changing
    > then you probably have ipsec policy assigned/configured at a higher
    > priority level such as the domain or domain controller container that is
    > overriding any ipsec policy set in Local Security Policy. You can use the
    > support tool gpresult to find what Group Policies are applying to the
    > computer and for Windows 2000 you can use netdiag to find out more about
    > the effective ipsec policy assigned to a computer. You can run the full
    > netdiag tool or use netdiag /test:ipsec and netdiag /test:ipsec /debug for
    > very detailed info. You could unassign the ipsec policy but first you
    > could try to make it work for you by modifying it to that port 25 TCP has
    > a permit filter action for the appropriate IP addresses. The link below
    > shows the basics of an ipsec filtering policy. --- Steve
    >
    > http://www.securityfocus.com/infocus/1559
    >
    >
    > "PCGenieLA" wrote in message
    > news:E0414773-0E36-48DF-A19B-E58B8E6DC1EB@microsoft.com...
    >> OK, here's one for the books. I'm running a windows 2000 advanced server
    >> as a
    >> DC. It also has on a mail server called Mailtraq. After painstaking
    >> detective
    >> work, I found that periodically IPCSec begins closing the port 25
    >> connections
    >> that Mailtraq establishes to send mail. When I disable IPSec stuck
    >> outgoing
    >> mail flies on its way. Ofcourse, Incoming is not affected, but clients in
    >> the
    >> domain can't pickup mail from the server. With IPSec disabled, all is
    >> fine.
    >> How can I manage IPsec or can I just leave it disabled?
    >> Thanks for your help

    >
    >




+ Reply to Thread