Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Help Analyzing Email Header Information

Posted on 2010-11-11
10
Medium Priority
?
1,909 Views
Last Modified: 2012-06-21
Help.  I'm looking for a reality check here and was hoping you can help.  

We are working with a vendor that swears the following emails are being set to us encrypted and secure (it's confidential information that cannot be sent via Normal smpt traffic).   But the way I'm reading the header information, it looks like it was sent via normal smtp.

We use Postini as our spam filter, and do have a TLS route between Postini & My Mail Server.

smtp2.VENDOR-NetworkID.com resolves to VENDOR-IP-ADDRESS

It looks like based on this line that the mail is traveling via SMTP from the vendor to Postini.  

Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;

It looks like maybe there are secured hops but that main one to our Postini is unencrypted.


------------------------------------------------------------------

Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([MY-INTERNAL-SERVER-IP] RDNS failed) by MY-SERVER-NAME over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
       Tue, 27 Jul 2010 09:02:41 -0400
Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;
      Tue, 27 Jul 2010 08:02:39 CDT
X-IronPort-AV: E=Sophos;i="4.55,267,1278302400";
   d="pdf'?scan'208";a="73036257"
Received: from unknown (HELO LLLLLL.corpads.local) ([10.xx.xx.xxx])
  by smtp2.VENDOR-NetworkID.com with ESMTP; 27 Jul 2010 09:01:01 -0400
Received: from 10.xx.x.xxx by LLLLLL.corpads.local with ESMTP (Secure
 Mail SMTP Relay (Email Firewall v6.3.0)); Tue, 27 Jul 2010 09:02:26
 -0400

X-Server-Uuid: Cmmmmmmm-mmmmmmm-mmmm-mmmmmmmmmm
To: reciepients
cc: Carbons
MIME-Version: 1.0
Subject: Subject
X-KeepSent: 000000:00000:000000; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 August 07, 2008
Message-ID: <Cmmmmmmm-mmmmmmm-mmmm-mmmmmmmmmm@VENDOR.com>
From: sENDER
Date: Tue, 27 Jul 2010 09:02:20 -0400
X-MIMETrack: S/MIME Sign by Notes Client on sENDER-NAME
 (Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:23
 AM, Serialize by Notes Client on MsENDER-NAME(Release
 8.0.2|August 07, 2008) at 07/27/2010 09:02:23 AM, Serialize complete at
 07/27/2010 09:02:23 AM, S/MIME Sign failed at 07/27/2010 09:02:23 AM:
 The cryptographic key was not found, Serialize by Router on
 VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36
 AM
X-WSS-ID: 605007680Z0364924-01-03
Content-Type: multipart/mixed;
 boundary="=_mixed 0047A1598525776D_="
X-CFilter-Loop: Reflected
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels:     (S:00.00000/00.00000 CV:99.9000 FC:00.0000 LC:00.0000 R:00.0000 P:00.0000 M:00.0000 C:00.0000 )
Return-Path: SENDER EMAIL
X-OriginalArrivalTime: 27 Jul 2010 13:02:41.0672 (UTC) FILETIME=[fffffff:000000]

--=_mixed 00000000000000000000_=
Content-Type: multipart/alternative;
 boundary="=_alternative 0047A1598525776D_="
Content-Transfer-Encoding: 7bit

--=_alternative 00000000000000000000_=
Content-Type: text/plain;
 charset=us-ascii
Content-Transfer-Encoding: 7bit

--=_alternative 00000000000000000000_=
Content-Type: text/html;
 charset=us-ascii
Content-Transfer-Encoding: 7bit


--=_alternative 00000000000000000000_=--
--=_mixed 000000000000000000000_=
Content-Type: application/octet-stream;
 name="ATTACHEMENTNAME.PDF"
Content-Disposition: attachment;
 filename="ATTACHEMENTNAME.PDF"
Content-Transfer-Encoding: base64


--=_mixed 00000000000000000000_=--
0
Comment
Question by:jmerulla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 9

Expert Comment

by:avilov
ID: 34115240
i don't think you can always can see from headers if connections were encrypted or not.

to test that just download BLAT and send emails yourself thru postini with and without TLS

0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115375
It's odd though.  No where in the email does it state that the email is encrypted like it was using Tumbleweek or Zix Corp.  

Plus it came into my user plan and open.  
0
 
LVL 9

Expert Comment

by:avilov
ID: 34115383
hm. looks like blat doesn't support TLS directly. it was a while since i used it, sorry. I forgot the name of small utility that I used for email tests like that. if you familiar with *nix you can use openssl
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 2

Author Comment

by:jmerulla
ID: 34115400
It's ok.  It's odd some of their encrypted items come through tumbleweed others don't.  
0
 
LVL 9

Expert Comment

by:avilov
ID: 34115429
I haven't been using postini for a while too, but i think you can configure it to enforce tls for domains you want
0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115491
It's not on my end.  I'm concerned that the vendor set it to us unsecured.
0
 
LVL 9

Assisted Solution

by:avilov
avilov earned 600 total points
ID: 34115529
i understand. i think you can configure postini to accept only TLS encrypted connection from domains of yuor choice. if that is true you will be sure that vendor sent it thru encrypted channel (at least to postini )) )
0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115561
I can't do that plus it's up to the vendor to make sure this information is encrypted.  
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 34116149
> The cryptographic key was not found, Serialize by Router on
> VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36 AM

The lines above suggest to me that the original message wasn't encrypted by the originating server. I suppose it means that that server doesn't have or cannot find your public key.
0
 
LVL 1

Accepted Solution

by:
KNolen earned 1400 total points
ID: 34121755
I would guess that the vendor is confusing Lotus Notes/Domino encryption and secure SMTP transport. The Notes client/Domino server connection uses a separate protocol unique to this client/server relationship, and this protocol can be (and usually is) secured via encryption. But configuring SMTP on the Domino server to send encrypted messages to non-domain servers is a different matter. So I would guess that this hasn't been done and the vendor is confusing the two.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The most common mistakes I hear or read about email usually begin with people talking about POP3 and IMAP, so let's clear those off the table: POP3 and IMAP have absolutely nothing to do with sending or receiving email, so get that notion out of you…
We aren’t perfect, just like everyone else.  Check out the email errors our community caught and learn the top errors every email marketer should avoid.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question