Signed emails (not encrypted) sent with attachments from Outlook  are arriving with smime.p7m file

Posted on 2009-05-13
Medium Priority
Last Modified: 2012-05-06
Hello All,

I have scoured the internet in search of a solution but can't quite seem to find anyone coming across the same issue as I am.

1. All of my users are either using Outlook 2003 or Outlook 2007
2. We have Exchange 2007
3. Some users (not all) have a Verisign certificate for secure email communications which is used inside and outside of the company.
4. Outlook security/certificate settings are verified to be correct.  
       -"Add Digital Signature to outgoing messages" is checked
       -"Send clear text signed message when sending signed messages" is checked
       -"Encrypt contents and attachments for outgoing messages" is UNCHECKED
       -"Request S/MIME reciept for S/MIME signed messages" is UNCHECKED
       -Users Verisign certificate is selected for encrypting and decrypting messages.
5. Only one verisign certificate for the user is installed in Outlook and Internet Explorer and is the correct one.

NOTE: Not all digitally signed users are having this issue:
A user sends a SIGNED (not encrypted) email that will include an attachment (usually pdf or word doc).  The recipient recieves the email and can read the body of the email however the attachment originally sent is replaced with a file named smime.p7m (not .p7s which would imply that is was signed.)  These recipients are getting thier emails through different mail clients, mostly outlook or othe SMIME compatible clients.  Some recipients have signed certificates of thier own and other may not.  This should not stop them from recieving a simple signed email (not encrypted).

The email itself shows the Red Ribbon noting that the email is signed and verified.  

What outlook seems to be doing is sending a signed email with an encrypted attachment.

If i've left out any details, please ask.  Is there anyone who might have a clue to what's going on?

Just a side note, this all started when we recently took stand-alone desktops and joined them to our new domain, we then had to re-create the certificates from Verisign and re-install then om the machines because the original certificate would not work because of a difference in the machines ID causing the certificate to become invalid.
Question by:JBoslooper
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 31

Expert Comment

ID: 24377041

Do you have some kind of exchange plugin (antivirus, compliance software, etc.) that adds a 'scanned by...' message tag?

Author Comment

ID: 24377279
Thanks for the link Paranormastic.  I'm not sure that the problem listed in the kb article matches up either.

We are running Symantec Endpoint 11.0.4, however I am not sure if these machines have it installed just yet because we are in the rollout process of the program.  I will need to go over and take a look, but I do know that we are not enabling the email scanning portion of the program since our server runs Symantec Mail Security.  Do you think Mail Security could be stripping something?
LVL 31

Expert Comment

ID: 24452974
It might be... sorry I'm not more familiar with the nuances of that specific product and an issue just popped up so I can't do my normal digging around today.  Does it add a tag at the end of the message saying it was scanned before passing it to the user?  Might try contacting symantec to see if they might know one way or the other.  They may be stripping something or adding something - either way it woudl modify to break the sig.

Accepted Solution

JBoslooper earned 0 total points
ID: 24823917
I believe I have figured out the issue.  It goes back to a problem where these users had lost thier certificates and had to revoke the old ones and regenerate new ones.

Because the users on the other end have the old certificate stored in thier outlook (right-clicking on the contact and add to address book) the remote user is not able to open the attachment because the certificate is not matching and the users have not initially exchanged the new certificates yet.  

After tracing down all of the users that were having the problem it seems we have solved it by having both users update thier certificate information with each other.  

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question