Solved

Help Analyzing Email Header Information

Posted on 2010-11-11
10
1,864 Views
Last Modified: 2012-06-21
Help.  I'm looking for a reality check here and was hoping you can help.  

We are working with a vendor that swears the following emails are being set to us encrypted and secure (it's confidential information that cannot be sent via Normal smpt traffic).   But the way I'm reading the header information, it looks like it was sent via normal smtp.

We use Postini as our spam filter, and do have a TLS route between Postini & My Mail Server.

smtp2.VENDOR-NetworkID.com resolves to VENDOR-IP-ADDRESS

It looks like based on this line that the mail is traveling via SMTP from the vendor to Postini.  

Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;

It looks like maybe there are secured hops but that main one to our Postini is unencrypted.


------------------------------------------------------------------

Microsoft Mail Internet Headers Version 2.0
Received: from psmtp.com ([MY-INTERNAL-SERVER-IP] RDNS failed) by MY-SERVER-NAME over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
       Tue, 27 Jul 2010 09:02:41 -0400
Received: from source ([VENDOR-IP-ADDRESS]) by exprodXXX.postini.com ([POSTINI-IP-ADDRESS]) with SMTP;
      Tue, 27 Jul 2010 08:02:39 CDT
X-IronPort-AV: E=Sophos;i="4.55,267,1278302400";
   d="pdf'?scan'208";a="73036257"
Received: from unknown (HELO LLLLLL.corpads.local) ([10.xx.xx.xxx])
  by smtp2.VENDOR-NetworkID.com with ESMTP; 27 Jul 2010 09:01:01 -0400
Received: from 10.xx.x.xxx by LLLLLL.corpads.local with ESMTP (Secure
 Mail SMTP Relay (Email Firewall v6.3.0)); Tue, 27 Jul 2010 09:02:26
 -0400

X-Server-Uuid: Cmmmmmmm-mmmmmmm-mmmm-mmmmmmmmmm
To: reciepients
cc: Carbons
MIME-Version: 1.0
Subject: Subject
X-KeepSent: 000000:00000:000000; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 August 07, 2008
Message-ID: <Cmmmmmmm-mmmmmmm-mmmm-mmmmmmmmmm@VENDOR.com>
From: sENDER
Date: Tue, 27 Jul 2010 09:02:20 -0400
X-MIMETrack: S/MIME Sign by Notes Client on sENDER-NAME
 (Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:23
 AM, Serialize by Notes Client on MsENDER-NAME(Release
 8.0.2|August 07, 2008) at 07/27/2010 09:02:23 AM, Serialize complete at
 07/27/2010 09:02:23 AM, S/MIME Sign failed at 07/27/2010 09:02:23 AM:
 The cryptographic key was not found, Serialize by Router on
 VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36
 AM
X-WSS-ID: 605007680Z0364924-01-03
Content-Type: multipart/mixed;
 boundary="=_mixed 0047A1598525776D_="
X-CFilter-Loop: Reflected
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels:     (S:00.00000/00.00000 CV:99.9000 FC:00.0000 LC:00.0000 R:00.0000 P:00.0000 M:00.0000 C:00.0000 )
Return-Path: SENDER EMAIL
X-OriginalArrivalTime: 27 Jul 2010 13:02:41.0672 (UTC) FILETIME=[fffffff:000000]

--=_mixed 00000000000000000000_=
Content-Type: multipart/alternative;
 boundary="=_alternative 0047A1598525776D_="
Content-Transfer-Encoding: 7bit

--=_alternative 00000000000000000000_=
Content-Type: text/plain;
 charset=us-ascii
Content-Transfer-Encoding: 7bit

--=_alternative 00000000000000000000_=
Content-Type: text/html;
 charset=us-ascii
Content-Transfer-Encoding: 7bit


--=_alternative 00000000000000000000_=--
--=_mixed 000000000000000000000_=
Content-Type: application/octet-stream;
 name="ATTACHEMENTNAME.PDF"
Content-Disposition: attachment;
 filename="ATTACHEMENTNAME.PDF"
Content-Transfer-Encoding: base64


--=_mixed 00000000000000000000_=--
0
Comment
Question by:jmerulla
10 Comments
 
LVL 9

Expert Comment

by:avilov
ID: 34115240
i don't think you can always can see from headers if connections were encrypted or not.

to test that just download BLAT and send emails yourself thru postini with and without TLS

0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115375
It's odd though.  No where in the email does it state that the email is encrypted like it was using Tumbleweek or Zix Corp.  

Plus it came into my user plan and open.  
0
 
LVL 9

Expert Comment

by:avilov
ID: 34115383
hm. looks like blat doesn't support TLS directly. it was a while since i used it, sorry. I forgot the name of small utility that I used for email tests like that. if you familiar with *nix you can use openssl
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 2

Author Comment

by:jmerulla
ID: 34115400
It's ok.  It's odd some of their encrypted items come through tumbleweed others don't.  
0
 
LVL 9

Expert Comment

by:avilov
ID: 34115429
I haven't been using postini for a while too, but i think you can configure it to enforce tls for domains you want
0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115491
It's not on my end.  I'm concerned that the vendor set it to us unsecured.
0
 
LVL 9

Assisted Solution

by:avilov
avilov earned 150 total points
ID: 34115529
i understand. i think you can configure postini to accept only TLS encrypted connection from domains of yuor choice. if that is true you will be sure that vendor sent it thru encrypted channel (at least to postini )) )
0
 
LVL 2

Author Comment

by:jmerulla
ID: 34115561
I can't do that plus it's up to the vendor to make sure this information is encrypted.  
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 34116149
> The cryptographic key was not found, Serialize by Router on
> VENDORM09/VENDOR(Release 8.0.2|August 07, 2008) at 07/27/2010 09:02:36 AM

The lines above suggest to me that the original message wasn't encrypted by the originating server. I suppose it means that that server doesn't have or cannot find your public key.
0
 
LVL 1

Accepted Solution

by:
KNolen earned 350 total points
ID: 34121755
I would guess that the vendor is confusing Lotus Notes/Domino encryption and secure SMTP transport. The Notes client/Domino server connection uses a separate protocol unique to this client/server relationship, and this protocol can be (and usually is) secured via encryption. But configuring SMTP on the Domino server to send encrypted messages to non-domain servers is a different matter. So I would guess that this hasn't been done and the vendor is confusing the two.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question