Verifying TLS encryption with Exchange 2010

I use Microsoft Exchange Hosted Services (EHS) for Spam and Encryption.  I am trying to verify if my Hub server is communicating with EHS with TLS.  I know about enabling Domain Security for the send connector but I am using a smart  host instead of DNS.  I opened port 587 on the firewall and enabled  Exchange Server Authentication. but the emails sit in the Queue.  Below is an email I received and this header has detailed information about the sending server including TLS and Cipher.  The only information my server is reporting is the (TLS) id 14.1.355.2.

Received: from mail90-db3-R.bigfish.com (213.199.154.134) by
 Server.local.domain (192.168.65.39) with Microsoft SMTP Server (TLS) id
 14.1.355.2; Thu, 30 Aug 2012 14:57:35 -0400
Received: from mail90-db3 (localhost [127.0.0.1])      by mail90-db3-R.bigfish.com
 (Postfix) with ESMTP id C659C1801BF      for <gn@accuns.com>; Thu, 30
 Aug 2012 18:57:34 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:216.184.2.64;KIP:(null);UIP:(null);IPV:NLI;H:mx1a.swcp.com;RD:mx1a.swcp.com;EFVD:NLI
X-SpamScore: -2
X-BigFish: vps-2(zz2130Ic85fh1415Izz1202hzz8275bh8275dhz2dh2a8h668h839hd24he5bh107ah1155h)
Received: from mail90-db3 (localhost.localdomain [127.0.0.1]) by mail90-db3
 (MessageSwitch) id 1346353051252582_9746; Thu, 30 Aug 2012 18:57:31 +0000
 (UTC)
Received: from DB3EHSMHS017.bigfish.com (unknown [10.3.81.246])      by
 mail90-db3.bigfish.com (Postfix) with ESMTP id 399CB320056      for
 <gg@accuate.com>; Thu, 30 Aug 2012 18:57:31 +0000 (UTC)
Received: from mx1a.swcp.com (216.184.2.64) by DB3EHSMHS017.bigfish.com
 (10.3.87.117) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 30 Aug
 2012 18:57:28 +0000
Received: from ame8.swcp.com (ame8.swcp.com [216.184.2.163])      by mx1a.swcp.com
 (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q7UIvPcA018542      for
 <on@a.com>; Thu, 30 Aug 2012 12:57:25 -0600
Received: from joycePC ([71.39.183.14])      (authenticated bits=0)      by
 ame8.swcp.com (8.14.4/8.14.3) with ESMTP id q7UIvKLK068715
      (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO)      for
<gdon@aces.com>; Thu, 30 Aug 2012 12:57:22 -0600 (MDT)
      (envelope-from joyce@santa-fe-group.com)
From: Joyce Crawshaw <joyce@santa-fe-group.com>
To: <ggoon@umes.com>
Subject: The Shared Assessments Program
Date: Thu, 30 Aug 2012 12:57:18 -0600
Message-ID: <000e01cd86e1$485a1840$d90e48c0$@santa-fe-group.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="----=_NextPart_000_000F_01CD86AE.FDBFA840"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac2G4TEDy+SWbesSQ+6fm+3PcrJBAA==
Content-Language: en-us
X-Scanned-By: MIMEDefang 2.67 on 216.184.2.128
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (ame8.swcp.com [216.184.2.128]); Thu, 30 Aug 2012 12:57:22 -0600 (MDT)
X-Virus-Scanned: clamav-milter 0.97.4 at ame8.swcp.com
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ame8.swcp.com
X-Spam-Status: No, hits=-0.0 tests=HTML_MESSAGE,NO_RECEIVED,NO_RELAYS
      version=3.3.2
X-Spam-Level:
Return-Path: joyce@santa-fe-group.com
X-MS-Exchange-Organization-AuthSource: Server.local.domain
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EXCLAIMER-MD-CONFIG: fcccb080-1ed1-4eee-8900-9a01f09abeaf
X-EXCLAIMER-MD-CONFIG: 6372eefc-68b4-46e9-80bc-3807d1e77233


I sent this emai to myself and still just the same (TLS) ID.

Received: from mail96-co1-R.bigfish.com (216.32.180.179) by
 Server.local.domain (192.168.65.59) with Microsoft SMTP Server (TLS) id
 14.1.355.2; Fri, 31 Aug 2012 09:16:24 -0400
Received: from mail96-co1 (localhost [127.0.0.1])      by mail96-co1-R.bigfish.com
 (Postfix) with ESMTP id 805A9A4017C      for <ggdon@acceps.com>; Fri, 31
 Aug 2012 13:16:24 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:76.96.62.16;KIP:(null);UIP:(null);IPV:NLI;H:qmta01.westchester.pa.mail.comcast.net;RD:qmta01.westchester.pa.mail.comcast.net;EFVD:NLI
X-SpamScore: -23
X-BigFish: vps-23(zz1077Rd9dOc857h12d5K113dKzz1202hzz8275bh8275dhz2dh2a8h683h839hd25h107ah1155h)
X-Forefront-Antispam-Report-Untrusted: CIP:74.95.176.68;KIP:(null);UIP:(null);IPV:NLI;H:Server.local.domain;RD:74-95-176-68-Philadelphia.hfc.comcastbusiness.net;EFVD:NLI
Received: from mail96-co1 (localhost.localdomain [127.0.0.1]) by mail96-co1
 (MessageSwitch) id 1346418981868455_27620; Fri, 31 Aug 2012 13:16:21 +0000
 (UTC)
Received: from CO1EHSMHS022.bigfish.com (unknown [10.243.78.250])      by
 mail96-co1.bigfish.com (Postfix) with ESMTP id D0AFE8C0043      for
 <ggon@as.com>; Fri, 31 Aug 2012 13:16:21 +0000 (UTC)
Received: from qmta01.westchester.pa.mail.comcast.net (76.96.62.16) by
 CO1EHSMHS022.bigfish.com (10.243.66.32) with Microsoft SMTP Server id
 14.1.225.23; Fri, 31 Aug 2012 13:16:19 +0000
Received: from imta11.westchester.pa.mail.comcast.net ([76.96.62.22])      by
 qmta01.westchester.pa.mail.comcast.net with comcast      id
 tQYW1j0010UnixG51RGPhN; Fri, 31 Aug 2012 13:16:23 +0000
Received: from tr10n04.aset.psu.edu ([128.118.142.105])      by
 imta11.westchester.pa.mail.comcast.net with comcast      id
 tRG61j0012GeovU0BRGJTx; Fri, 31 Aug 2012 13:16:18 +0000
Received: from co1outboundpool.messaging.microsoft.com
 (co1ehsobe002.messaging.microsoft.com [216.32.180.185])      by
 tr10n04.aset.psu.edu (8.14.5/8.14.5) with ESMTP id q7VDFtpQ53281052      for
 <gmg@psu.edu>; Fri, 31 Aug 2012 09:15:56 -0400
Received: from mail191-co1-R.bigfish.com (10.243.78.235) by
 CO1EHSOBE013.bigfish.com (10.243.66.76) with Microsoft SMTP Server id
 14.1.225.23; Fri, 31 Aug 2012 13:15:55 +0000
Received: from mail191-co1 (localhost [127.0.0.1])      by
 mail191-co1-R.bigfish.com (Postfix) with ESMTP id A1246B80101      for
 <gmg@psu.edu>; Fri, 31 Aug 2012 13:15:55 +0000 (UTC)
Received: from mail191-co1 (localhost.localdomain [127.0.0.1]) by mail191-co1
 (MessageSwitch) id 1346418953172602_5735; Fri, 31 Aug 2012 13:15:53 +0000
 (UTC)
Received: from CO1EHSMHS012.bigfish.com (unknown [10.243.78.234])      by
 mail191-co1.bigfish.com (Postfix) with ESMTP id 2387180049      for
 <gm@psu.edu>; Fri, 31 Aug 2012 13:15:53 +0000 (UTC)
Received: from Server.local.domain(74.65.176.68) by CO1EHSMHS012.bigfish.com
 (10.243.66.22) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 31 Aug
 2012 13:15:51 +0000
Received: from Server.local.domain([::1]) by Server.local.domain([::1])
 with mapi id 14.01.0355.002; Fri, 31 Aug 2012 09:15:49 -0400
From: Grant  <ggordon@.com>
To: "gmg@psu.edu" <gm@psu.edu
Subject: Hellp PSU
Thread-Topic: Hellp PSU
Thread-Index: Ac2HeyCDRtf7EIDZQPyI/A8Pmaa5Ug==
Date: Fri, 31 Aug 2012 13:15:27 +0000
Message-ID: <F1114F2C5AE09741BA301707B89236FC04B5F9B9@AP-MAIL01.opnt.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.65.64]
x-exclaimer-md-config: 6372eefc-68b4-46e9-80bc-3807d1e77233
x-exclaimer-md-bifurcation-instance: 0
Content-Type: multipart/alternative;
      boundary="_000_F1114F2C5AE09741BA301707B89236FC04B5F9B9APMAIL01opntloc_"
MIME-Version: 1.0
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-3.1.8 (tr10n04.aset.psu.edu [128.118.142.105]); Fri, 31 Aug 2012 09:15:56 -0400 (EDT)
X-PSU-Spam-Hits: 0
X-PSU-Spam-Flag: NO
X-Virus-Scanned: amavisd-new at psu.edu
Return-Path: ggordon@as.com
X-MS-Exchange-Organization-AuthSource: AP-MAIL02.opnt.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EXCLAIMER-MD-CONFIG: fcccb080-1ed1-4eee-8900-9a01f09abeaf
X-EXCLAIMER-MD-BIFURCATION-INSTANCE: 0


I connected to the server via telnet and when I ran starttls I get the results below, is that normal?  

220 Server.local.domain Microsoft ESMTP MAIL Service ready at Fri, 31 Aug 2012
09:08:39 -0400
ehlo
250-Server.local.domain Hello [192.168.65.64]
250-SIZE 20971520
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250 CHUNKING
starttls
220 2.0.0 SMTP server ready

I thought I was supposed to see this.
STARTTLS
220 2.0.0 Ready to start TLS


Lastly I ran get-exchangecertificate and received the following output in the attachment.  Can you tell me what the letters under Services mean?

Results of get-exchangecertificate command
thelink12Asked:
Who is Participating?
 
page1985Commented:
The letters "IP", "W", and "S" are for IP transport (like MAPI/RPC), Web (such as OWA and Outlook Anywhere), and SMTP.

Any status code starting with a 2 (like your 220 above) is a success code which indicates the operation requested was completed without error.
0
 
Simon Butler (Sembee)ConsultantCommented:
The TLS is all you get in the headers. That indicates that TLS is being used.
Nothing else shoudl be changed, authentication settings etc because the Forefront service isn't a member of your domain.

The information you have highlighted isn't from an Exchange server. Different MTAs will put different information in to the headers. All Exchange puts is TLS. I have just checked with a client system I know uses TLS only and confirmed that is correct.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.