Help Analyzing Email Header Information
Help. I'm looking for a reality check here and was hoping you can help.
We are working with a vendor that swears the following emails are being set to us encrypted and secure (it's confidential information that cannot be sent via Normal smpt traffic). But the way I'm reading the header information, it looks like it was sent via normal smtp.
We use Postini as our spam filter, and do have a TLS route between Postini & My Mail Server.
smtp2.VENDOR-NetworkID.com
It looks like based on this line that the mail is traveling via SMTP from the vendor to Postini.
Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;
It looks like maybe there are secured hops but that main one to our Postini is unencrypted.
--------------------------
Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([MY-INTERNAL-SERVER-IP] RDNS failed) by MY-SERVER-NAME over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 27 Jul 2010 09:02:41 -0400
Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;
Tue, 27 Jul 2010 08:02:39 CDT
X-IronPort-AV: E=Sophos;i="4.55,267,12783
d="pdf'?scan'208";a="73036
Received: from unknown (HELO LLLLLL.corpads.local) ([10.xx.xx.xxx])
by smtp2.VENDOR-NetworkID.com
Received: from 10.xx.x.xxx by LLLLLL.corpads.local with ESMTP (Secure
Mail SMTP Relay (Email Firewall v6.3.0)); Tue, 27 Jul 2010 09:02:26
-0400
X-Server-Uuid: Cmmmmmmm-mmmmmmm-mmmm-mmmm
To: reciepients
cc: Carbons
MIME-Version: 1.0
Subject: Subject
X-KeepSent: 000000:00000:000000; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 August 07, 2008
Message-ID: <Cmmmmmmm-mmmmmmm-mmmm-mmm
From: sENDER
Date: Tue, 27 Jul 2010 09:02:20 -0400
X-MIMETrack: S/MIME Sign by Notes Client on sENDER-NAME
(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:23
AM, Serialize by Notes Client on MsENDER-NAME(Release
8.0.2|August 07, 2008) at 07/27/2010 09:02:23 AM, Serialize complete at
07/27/2010 09:02:23 AM, S/MIME Sign failed at 07/27/2010 09:02:23 AM:
The cryptographic key was not found, Serialize by Router on
VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36
AM
X-WSS-ID: 605007680Z0364924-01-03
Content-Type: multipart/mixed;
boundary="=_mixed 0047A1598525776D_="
X-CFilter-Loop: Reflected
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:00.00000/00.00000 CV:99.9000 FC:00.0000 LC:00.0000 R:00.0000 P:00.0000 M:00.0000 C:00.0000 )
Return-Path: SENDER EMAIL
X-OriginalArrivalTime: 27 Jul 2010 13:02:41.0672 (UTC) FILETIME=[fffffff:000000]
--=_mixed 00000000000000000000_=
Content-Type: multipart/alternative;
boundary="=_alternative 0047A1598525776D_="
Content-Transfer-Encoding:
--=_alternative 00000000000000000000_=
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding:
--=_alternative 00000000000000000000_=
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding:
--=_alternative 00000000000000000000_=--
--=_mixed 000000000000000000000_=
Content-Type: application/octet-stream;
name="ATTACHEMENTNAME.PDF"
Content-Disposition: attachment;
filename="ATTACHEMENTNAME.
Content-Transfer-Encoding:
--=_mixed 00000000000000000000_=--
We are working with a vendor that swears the following emails are being set to us encrypted and secure (it's confidential information that cannot be sent via Normal smpt traffic). But the way I'm reading the header information, it looks like it was sent via normal smtp.
We use Postini as our spam filter, and do have a TLS route between Postini & My Mail Server.
smtp2.VENDOR-NetworkID.com
It looks like based on this line that the mail is traveling via SMTP from the vendor to Postini.
Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;
It looks like maybe there are secured hops but that main one to our Postini is unencrypted.
--------------------------
Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([MY-INTERNAL-SERVER-IP] RDNS failed) by MY-SERVER-NAME over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 27 Jul 2010 09:02:41 -0400
Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;
Tue, 27 Jul 2010 08:02:39 CDT
X-IronPort-AV: E=Sophos;i="4.55,267,12783
d="pdf'?scan'208";a="73036
Received: from unknown (HELO LLLLLL.corpads.local) ([10.xx.xx.xxx])
by smtp2.VENDOR-NetworkID.com
Received: from 10.xx.x.xxx by LLLLLL.corpads.local with ESMTP (Secure
Mail SMTP Relay (Email Firewall v6.3.0)); Tue, 27 Jul 2010 09:02:26
-0400
X-Server-Uuid: Cmmmmmmm-mmmmmmm-mmmm-mmmm
To: reciepients
cc: Carbons
MIME-Version: 1.0
Subject: Subject
X-KeepSent: 000000:00000:000000; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 August 07, 2008
Message-ID: <Cmmmmmmm-mmmmmmm-mmmm-mmm
From: sENDER
Date: Tue, 27 Jul 2010 09:02:20 -0400
X-MIMETrack: S/MIME Sign by Notes Client on sENDER-NAME
(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:23
AM, Serialize by Notes Client on MsENDER-NAME(Release
8.0.2|August 07, 2008) at 07/27/2010 09:02:23 AM, Serialize complete at
07/27/2010 09:02:23 AM, S/MIME Sign failed at 07/27/2010 09:02:23 AM:
The cryptographic key was not found, Serialize by Router on
VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36
AM
X-WSS-ID: 605007680Z0364924-01-03
Content-Type: multipart/mixed;
boundary="=_mixed 0047A1598525776D_="
X-CFilter-Loop: Reflected
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:00.00000/00.00000 CV:99.9000 FC:00.0000 LC:00.0000 R:00.0000 P:00.0000 M:00.0000 C:00.0000 )
Return-Path: SENDER EMAIL
X-OriginalArrivalTime: 27 Jul 2010 13:02:41.0672 (UTC) FILETIME=[fffffff:000000]
--=_mixed 00000000000000000000_=
Content-Type: multipart/alternative;
boundary="=_alternative 0047A1598525776D_="
Content-Transfer-Encoding:
--=_alternative 00000000000000000000_=
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding:
--=_alternative 00000000000000000000_=
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding:
--=_alternative 00000000000000000000_=--
--=_mixed 000000000000000000000_=
Content-Type: application/octet-stream;
name="ATTACHEMENTNAME.PDF"
Content-Disposition: attachment;
filename="ATTACHEMENTNAME.
Content-Transfer-Encoding:
--=_mixed 00000000000000000000_=--
ASKER
It's odd though. No where in the email does it state that the email is encrypted like it was using Tumbleweek or Zix Corp.
Plus it came into my user plan and open.
Plus it came into my user plan and open.
hm. looks like blat doesn't support TLS directly. it was a while since i used it, sorry. I forgot the name of small utility that I used for email tests like that. if you familiar with *nix you can use openssl
ASKER
It's ok. It's odd some of their encrypted items come through tumbleweed others don't.
I haven't been using postini for a while too, but i think you can configure it to enforce tls for domains you want
ASKER
It's not on my end. I'm concerned that the vendor set it to us unsecured.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I can't do that plus it's up to the vendor to make sure this information is encrypted.
> The cryptographic key was not found, Serialize by Router on
> VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36 AM
The lines above suggest to me that the original message wasn't encrypted by the originating server. I suppose it means that that server doesn't have or cannot find your public key.
> VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36 AM
The lines above suggest to me that the original message wasn't encrypted by the originating server. I suppose it means that that server doesn't have or cannot find your public key.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
to test that just download BLAT and send emails yourself thru postini with and without TLS