Solved

Wireshark SSL and SurgeMail

Posted on 2010-11-29
4
651 Views
Last Modified: 2012-05-10
Hi,

I've enabled SSL in SurgeMail for a certain domain that i wan't to send to only using SSL.
When sniffing the packets i can read every packet both ways.  I'm guessing this means that my mail server is sending everything in clear-text (and my SSL setup is wrong)?  

The reason im asking is because there could be that possibility that Wireshark can read the packets unencrypted because im sniffing directly on the mail interface?



0
Comment
Question by:olemrefv
  • 3
4 Comments
 
LVL 39

Accepted Solution

by:
noci earned 125 total points
ID: 34235035

Do the packets resemble something from the below page (the top level being Secure Socket Layer)
http://wiki.wireshark.org/SSL

Did you configure certificates in Wireshark, if not then it can't decode.

0
 

Author Comment

by:olemrefv
ID: 34246273
Ok, so my packets are not being sent using SSL.  I've added 2 cluster domains, and the IP's to these clusters under: "Other machines we only send to using SSL ip or domain" (SurgeMail).

When using smtpdiag.exe i send an email to a recipient being handled by the clusters, and my packets are still unencrypted. Here is the process:
SOA serial number match: Passed
Both TCP and UP queries succeeded. Local DNS test passed.
Both TCP and UP queries succeeded. Remote DNS test passed.
Successfully connected to cluter.xx.xxxxxxx.com (8 times)
Error: Expected "250". Server Rejected the recipient address.
Failed to submit mail to cluster.xx.xxxxxx.com


The recipient require SSL, so is this the reason for the error?  I can't see any "evidence" of my mail server and the receiving end having some kind of negotiation of SSL.
My SSL certificate in SurgeMail is valid.
0
 
LVL 39

Expert Comment

by:noci
ID: 34248220
This is not an SSL issue per se..
250 is the status returned when an address is acceptable. So that value is expected.

The message received is: Server Rejected address, so the target host clearly doesn't like the receipient address.
0
 
LVL 39

Expert Comment

by:noci
ID: 34248258
It only is an SSL issue if you can tell the mail receiver that this account can only come from SSL protected links.
and the connection isn't SSL secured.

Also what port do you connect to, 25 is normaly not encrypted but can be encrypted using TLS if needed,
port 465 is the SSL encrypted port.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Is banking over coffee-shop wifi SAFE? 16 113
exchange , certificates 9 36
SSL certificate pack 6 113
Encryption of server 7 68
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now