[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5531
  • Last Modified:

How can you test TLS encryption with Exchange 2010

Setup TLS encryption- sent email to client- got a message that it had been delievered but would retry over the next 19 hours.  Is there a better way to test?
0
funkyone60
Asked:
funkyone60
1 Solution
 
AkhaterCommented:
what do you mean by "to a client" to test TLS it should be setup on both servers, you cannot test TLS alone
0
 
endital1097Commented:
to setup tls
http://technet.microsoft.com/en-us/library/bb123543.aspx

the recipient then needs to look at the message headers to verify
0
 
Coast-ITCommented:
You just need to analyze the message that you have sent, details are at this link ;

http://luxsci.com/blog/how-you-can-tell-if-an-email-was-sent-using-tls-encryption.html

I would just set up a gmail account and then view the header for the above info :-

   1. Log in to Gmail.
   2. Open the message you'd like to view headers for.
   3. Click the down arrow next to Reply, at the top-right of the message pane.
   4. Select Show original.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
endital1097Commented:
if the recipient's mail server is not TLS ready it will not receive via TLS
telnet into the recipient's server and look for STARTTLS verb

telnet mail.domian.com 25
ehlo mydomain.com
0
 
funkyone60Author Commented:
the client is requiring us to send email to them via TLS- there servers are setup to accept TLS.  I sent a test email yesterday- response I got back was:

This message hasn't been delivered yet. Delivery will continue to be attempted.

The server will keep trying to deliver this message for the next 1 days, 19 hours and 55 minutes. You'll be notified if the message can't be delivered by that time.
 
I have 2 parts to this equation - one is the configuration on Exchange- the other is the config  with Postini.  The Postini config seemed pretty straight forward.

What I would like to be able to do is to setup a test environment so I can make sure its working on my end.
0
 
endital1097Commented:
this article tells you how to setup TLS with Exchange 2010
http://technet.microsoft.com/en-us/library/bb123543.aspx

if the message is no longer in your queue, then your system delivered it and the issue is on the other end
0
 
funkyone60Author Commented:
We did all this yesterday- what I need to do is test- I don't know if my tls mail is making it to the client- is there some other way to test this?
0
 
funkyone60Author Commented:
I am only trying to setup tls for this one client- not accross the board
0
 
endital1097Commented:
after you send the message you can use the message tracking tool and queue viewer to determine if the message has left your environment

if it has, there is nothing else you can do
the recipient then needs to verify by looking at the headers of the message
0
 
endital1097Commented:
they will look for the following

Received: from smtp.fabrikam.com ([121.107.115.212])  by smtp.contoso.com with
 ESMTP/TLS/RC4-MD5; 15 Sep 2010 09:54:17 -0400
0
 
endital1097Commented:
step 3 of the article i gave shows how to setup TLS with a domain
0
 
funkyone60Author Commented:
they are not getting emails at all now- what is the best way to undo the tls settings i setup from yesterday?
0
 
endital1097Commented:
Set-TransportConfig -TLSSendDomainSecureList $null
0
 
funkyone60Author Commented:
All of his suggestions are dead on- thanks for your assistance
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now