We help IT Professionals succeed at work.

Help Analyzing Email Header Information

jmerulla
jmerulla asked
on
2,142 Views
Last Modified: 2012-06-21
Help.  I'm looking for a reality check here and was hoping you can help.  

We are working with a vendor that swears the following emails are being set to us encrypted and secure (it's confidential information that cannot be sent via Normal smpt traffic).   But the way I'm reading the header information, it looks like it was sent via normal smtp.

We use Postini as our spam filter, and do have a TLS route between Postini & My Mail Server.

smtp2.VENDOR-NetworkID.com resolves to VENDOR-IP-ADDRESS

It looks like based on this line that the mail is traveling via SMTP from the vendor to Postini.  

Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;

It looks like maybe there are secured hops but that main one to our Postini is unencrypted.


------------------------------------------------------------------

Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([MY-INTERNAL-SERVER-IP] RDNS failed) by MY-SERVER-NAME over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
       Tue, 27 Jul 2010 09:02:41 -0400
Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;
      Tue, 27 Jul 2010 08:02:39 CDT
X-IronPort-AV: E=Sophos;i="4.55,267,1278302400";
   d="pdf'?scan'208";a="73036257"
Received: from unknown (HELO LLLLLL.corpads.local) ([10.xx.xx.xxx])
  by smtp2.VENDOR-NetworkID.com with ESMTP; 27 Jul 2010 09:01:01 -0400
Received: from 10.xx.x.xxx by LLLLLL.corpads.local with ESMTP (Secure
 Mail SMTP Relay (Email Firewall v6.3.0)); Tue, 27 Jul 2010 09:02:26
 -0400

X-Server-Uuid: Cmmmmmmm-mmmmmmm-mmmm-mmmmmmmmmm
To: reciepients
cc: Carbons
MIME-Version: 1.0
Subject: Subject
X-KeepSent: 000000:00000:000000; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 August 07, 2008
Message-ID: <Cmmmmmmm-mmmmmmm-mmmm-mmmmmmmmmm@VENDOR.com>
From: sENDER
Date: Tue, 27 Jul 2010 09:02:20 -0400
X-MIMETrack: S/MIME Sign by Notes Client on sENDER-NAME
 (Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:23
 AM, Serialize by Notes Client on MsENDER-NAME(Release
 8.0.2|August 07, 2008) at 07/27/2010 09:02:23 AM, Serialize complete at
 07/27/2010 09:02:23 AM, S/MIME Sign failed at 07/27/2010 09:02:23 AM:
 The cryptographic key was not found, Serialize by Router on
 VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36
 AM
X-WSS-ID: 605007680Z0364924-01-03
Content-Type: multipart/mixed;
 boundary="=_mixed 0047A1598525776D_="
X-CFilter-Loop: Reflected
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels:     (S:00.00000/00.00000 CV:99.9000 FC:00.0000 LC:00.0000 R:00.0000 P:00.0000 M:00.0000 C:00.0000 )
Return-Path: SENDER EMAIL
X-OriginalArrivalTime: 27 Jul 2010 13:02:41.0672 (UTC) FILETIME=[fffffff:000000]

--=_mixed 00000000000000000000_=
Content-Type: multipart/alternative;
 boundary="=_alternative 0047A1598525776D_="
Content-Transfer-Encoding: 7bit

--=_alternative 00000000000000000000_=
Content-Type: text/plain;
 charset=us-ascii
Content-Transfer-Encoding: 7bit

--=_alternative 00000000000000000000_=
Content-Type: text/html;
 charset=us-ascii
Content-Transfer-Encoding: 7bit


--=_alternative 00000000000000000000_=--
--=_mixed 000000000000000000000_=
Content-Type: application/octet-stream;
 name="ATTACHEMENTNAME.PDF"
Content-Disposition: attachment;
 filename="ATTACHEMENTNAME.PDF"
Content-Transfer-Encoding: base64


--=_mixed 00000000000000000000_=--
Comment
Watch Question

Commented:
i don't think you can always can see from headers if connections were encrypted or not.

to test that just download BLAT and send emails yourself thru postini with and without TLS

Author

Commented:
It's odd though.  No where in the email does it state that the email is encrypted like it was using Tumbleweek or Zix Corp.  

Plus it came into my user plan and open.  

Commented:
hm. looks like blat doesn't support TLS directly. it was a while since i used it, sorry. I forgot the name of small utility that I used for email tests like that. if you familiar with *nix you can use openssl

Author

Commented:
It's ok.  It's odd some of their encrypted items come through tumbleweed others don't.  

Commented:
I haven't been using postini for a while too, but i think you can configure it to enforce tls for domains you want

Author

Commented:
It's not on my end.  I'm concerned that the vendor set it to us unsecured.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I can't do that plus it's up to the vendor to make sure this information is encrypted.  
Sjef BosmanGroupware Consultant
CERTIFIED EXPERT

Commented:
> The cryptographic key was not found, Serialize by Router on
> VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36 AM

The lines above suggest to me that the original message wasn't encrypted by the originating server. I suppose it means that that server doesn't have or cannot find your public key.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.