Signed emails (not encrypted) sent with attachments from Outlook are arriving with smime.p7m file
Hello All,
I have scoured the internet in search of a solution but can't quite seem to find anyone coming across the same issue as I am.
Scenario:
1. All of my users are either using Outlook 2003 or Outlook 2007
2. We have Exchange 2007
3. Some users (not all) have a Verisign certificate for secure email communications which is used inside and outside of the company.
4. Outlook security/certificate settings are verified to be correct.
-"Add Digital Signature to outgoing messages" is checked
-"Send clear text signed message when sending signed messages" is checked
-"Encrypt contents and attachments for outgoing messages" is UNCHECKED
-"Request S/MIME reciept for S/MIME signed messages" is UNCHECKED
-Users Verisign certificate is selected for encrypting and decrypting messages.
5. Only one verisign certificate for the user is installed in Outlook and Internet Explorer and is the correct one.
NOTE: Not all digitally signed users are having this issue:
A user sends a SIGNED (not encrypted) email that will include an attachment (usually pdf or word doc). The recipient recieves the email and can read the body of the email however the attachment originally sent is replaced with a file named smime.p7m (not .p7s which would imply that is was signed.) These recipients are getting thier emails through different mail clients, mostly outlook or othe SMIME compatible clients. Some recipients have signed certificates of thier own and other may not. This should not stop them from recieving a simple signed email (not encrypted).
The email itself shows the Red Ribbon noting that the email is signed and verified.
What outlook seems to be doing is sending a signed email with an encrypted attachment.
If i've left out any details, please ask. Is there anyone who might have a clue to what's going on?
Just a side note, this all started when we recently took stand-alone desktops and joined them to our new domain, we then had to re-create the certificates from Verisign and re-install then om the machines because the original certificate would not work because of a difference in the machines ID causing the certificate to become invalid.
I have scoured the internet in search of a solution but can't quite seem to find anyone coming across the same issue as I am.
Scenario:
1. All of my users are either using Outlook 2003 or Outlook 2007
2. We have Exchange 2007
3. Some users (not all) have a Verisign certificate for secure email communications which is used inside and outside of the company.
4. Outlook security/certificate settings are verified to be correct.
-"Add Digital Signature to outgoing messages" is checked
-"Send clear text signed message when sending signed messages" is checked
-"Encrypt contents and attachments for outgoing messages" is UNCHECKED
-"Request S/MIME reciept for S/MIME signed messages" is UNCHECKED
-Users Verisign certificate is selected for encrypting and decrypting messages.
5. Only one verisign certificate for the user is installed in Outlook and Internet Explorer and is the correct one.
NOTE: Not all digitally signed users are having this issue:
A user sends a SIGNED (not encrypted) email that will include an attachment (usually pdf or word doc). The recipient recieves the email and can read the body of the email however the attachment originally sent is replaced with a file named smime.p7m (not .p7s which would imply that is was signed.) These recipients are getting thier emails through different mail clients, mostly outlook or othe SMIME compatible clients. Some recipients have signed certificates of thier own and other may not. This should not stop them from recieving a simple signed email (not encrypted).
The email itself shows the Red Ribbon noting that the email is signed and verified.
What outlook seems to be doing is sending a signed email with an encrypted attachment.
If i've left out any details, please ask. Is there anyone who might have a clue to what's going on?
Just a side note, this all started when we recently took stand-alone desktops and joined them to our new domain, we then had to re-create the certificates from Verisign and re-install then om the machines because the original certificate would not work because of a difference in the machines ID causing the certificate to become invalid.
ASKER
Thanks for the link Paranormastic. I'm not sure that the problem listed in the kb article matches up either.
We are running Symantec Endpoint 11.0.4, however I am not sure if these machines have it installed just yet because we are in the rollout process of the program. I will need to go over and take a look, but I do know that we are not enabling the email scanning portion of the program since our server runs Symantec Mail Security. Do you think Mail Security could be stripping something?
We are running Symantec Endpoint 11.0.4, however I am not sure if these machines have it installed just yet because we are in the rollout process of the program. I will need to go over and take a look, but I do know that we are not enabling the email scanning portion of the program since our server runs Symantec Mail Security. Do you think Mail Security could be stripping something?
It might be... sorry I'm not more familiar with the nuances of that specific product and an issue just popped up so I can't do my normal digging around today. Does it add a tag at the end of the message saying it was scanned before passing it to the user? Might try contacting symantec to see if they might know one way or the other. They may be stripping something or adding something - either way it woudl modify to break the sig.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you have some kind of exchange plugin (antivirus, compliance software, etc.) that adds a 'scanned by...' message tag?