?
Solved

Help Analyzing Email Header Information

Posted on 2010-11-11
10
Medium Priority
?
1,895 Views
Last Modified: 2012-06-21
Help.  I'm looking for a reality check here and was hoping you can help.  

We are working with a vendor that swears the following emails are being set to us encrypted and secure (it's confidential information that cannot be sent via Normal smpt traffic).   But the way I'm reading the header information, it looks like it was sent via normal smtp.

We use Postini as our spam filter, and do have a TLS route between Postini & My Mail Server.

smtp2.VENDOR-NetworkID.com resolves to VENDOR-IP-ADDRESS

It looks like based on this line that the mail is traveling via SMTP from the vendor to Postini.  

Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;

It looks like maybe there are secured hops but that main one to our Postini is unencrypted.


------------------------------------------------------------------

Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([MY-INTERNAL-SERVER-IP] RDNS failed) by MY-SERVER-NAME over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
       Tue, 27 Jul 2010 09:02:41 -0400
Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;
      Tue, 27 Jul 2010 08:02:39 CDT
X-IronPort-AV: E=Sophos;i="4.55,267,1278302400";
   d="pdf'?scan'208";a="73036257"
Received: from unknown (HELO LLLLLL.corpads.local) ([10.xx.xx.xxx])
  by smtp2.VENDOR-NetworkID.com with ESMTP; 27 Jul 2010 09:01:01 -0400
Received: from 10.xx.x.xxx by LLLLLL.corpads.local with ESMTP (Secure
 Mail SMTP Relay (Email Firewall v6.3.0)); Tue, 27 Jul 2010 09:02:26
 -0400

X-Server-Uuid: Cmmmmmmm-mmmmmmm-mmmm-mmmmmmmmmm
To: reciepients
cc: Carbons
MIME-Version: 1.0
Subject: Subject
X-KeepSent: 000000:00000:000000; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 August 07, 2008
Message-ID: <Cmmmmmmm-mmmmmmm-mmmm-mmmmmmmmmm@VENDOR.com>
From: sENDER
Date: Tue, 27 Jul 2010 09:02:20 -0400
X-MIMETrack: S/MIME Sign by Notes Client on sENDER-NAME
 (Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:23
 AM, Serialize by Notes Client on MsENDER-NAME(Release
 8.0.2|August 07, 2008) at 07/27/2010 09:02:23 AM, Serialize complete at
 07/27/2010 09:02:23 AM, S/MIME Sign failed at 07/27/2010 09:02:23 AM:
 The cryptographic key was not found, Serialize by Router on
 VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36
 AM
X-WSS-ID: 605007680Z0364924-01-03
Content-Type: multipart/mixed;
 boundary="=_mixed 0047A1598525776D_="
X-CFilter-Loop: Reflected
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels:     (S:00.00000/00.00000 CV:99.9000 FC:00.0000 LC:00.0000 R:00.0000 P:00.0000 M:00.0000 C:00.0000 )
Return-Path: SENDER EMAIL
X-OriginalArrivalTime: 27 Jul 2010 13:02:41.0672 (UTC) FILETIME=[fffffff:000000]

--=_mixed 00000000000000000000_=
Content-Type: multipart/alternative;
 boundary="=_alternative 0047A1598525776D_="
Content-Transfer-Encoding: 7bit

--=_alternative 00000000000000000000_=
Content-Type: text/plain;
 charset=us-ascii
Content-Transfer-Encoding: 7bit

--=_alternative 00000000000000000000_=
Content-Type: text/html;
 charset=us-ascii
Content-Transfer-Encoding: 7bit


--=_alternative 00000000000000000000_=--
--=_mixed 000000000000000000000_=
Content-Type: application/octet-stream;
 name="ATTACHEMENTNAME.PDF"
Content-Disposition: attachment;
 filename="ATTACHEMENTNAME.PDF"
Content-Transfer-Encoding: base64


--=_mixed 00000000000000000000_=--
0
Comment
Question by:jmerulla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 9

Expert Comment

by:avilov
ID: 34115240
i don't think you can always can see from headers if connections were encrypted or not.

to test that just download BLAT and send emails yourself thru postini with and without TLS

0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115375
It's odd though.  No where in the email does it state that the email is encrypted like it was using Tumbleweek or Zix Corp.  

Plus it came into my user plan and open.  
0
 
LVL 9

Expert Comment

by:avilov
ID: 34115383
hm. looks like blat doesn't support TLS directly. it was a while since i used it, sorry. I forgot the name of small utility that I used for email tests like that. if you familiar with *nix you can use openssl
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:jmerulla
ID: 34115400
It's ok.  It's odd some of their encrypted items come through tumbleweed others don't.  
0
 
LVL 9

Expert Comment

by:avilov
ID: 34115429
I haven't been using postini for a while too, but i think you can configure it to enforce tls for domains you want
0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115491
It's not on my end.  I'm concerned that the vendor set it to us unsecured.
0
 
LVL 9

Assisted Solution

by:avilov
avilov earned 600 total points
ID: 34115529
i understand. i think you can configure postini to accept only TLS encrypted connection from domains of yuor choice. if that is true you will be sure that vendor sent it thru encrypted channel (at least to postini )) )
0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115561
I can't do that plus it's up to the vendor to make sure this information is encrypted.  
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 34116149
> The cryptographic key was not found, Serialize by Router on
> VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36 AM

The lines above suggest to me that the original message wasn't encrypted by the originating server. I suppose it means that that server doesn't have or cannot find your public key.
0
 
LVL 1

Accepted Solution

by:
KNolen earned 1400 total points
ID: 34121755
I would guess that the vendor is confusing Lotus Notes/Domino encryption and secure SMTP transport. The Notes client/Domino server connection uses a separate protocol unique to this client/server relationship, and this protocol can be (and usually is) secured via encryption. But configuring SMTP on the Domino server to send encrypted messages to non-domain servers is a different matter. So I would guess that this hasn't been done and the vendor is confusing the two.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There was an incident about the POP3 issue for the double read receipts and delivery receipts in Exchange 2013.  There was huge research been done and found solution for the duplicate mails. Especially when the user gets  duplicate mails.
We aren’t perfect, just like everyone else.  Check out the email errors our community caught and learn the top errors every email marketer should avoid.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question