Verifying TLS encryption with Exchange 2010

Posted on 2012-08-31
Last Modified: 2012-09-04
I use Microsoft Exchange Hosted Services (EHS) for Spam and Encryption.  I am trying to verify if my Hub server is communicating with EHS with TLS.  I know about enabling Domain Security for the send connector but I am using a smart  host instead of DNS.  I opened port 587 on the firewall and enabled  Exchange Server Authentication. but the emails sit in the Queue.  Below is an email I received and this header has detailed information about the sending server including TLS and Cipher.  The only information my server is reporting is the (TLS) id 14.1.355.2.

Received: from ( by
 Server.local.domain ( with Microsoft SMTP Server (TLS) id
 14.1.355.2; Thu, 30 Aug 2012 14:57:35 -0400
Received: from mail90-db3 (localhost [])      by
 (Postfix) with ESMTP id C659C1801BF      for <>; Thu, 30
 Aug 2012 18:57:34 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:;KIP:(null);UIP:(null);IPV:NLI;;;EFVD:NLI
X-SpamScore: -2
X-BigFish: vps-2(zz2130Ic85fh1415Izz1202hzz8275bh8275dhz2dh2a8h668h839hd24he5bh107ah1155h)
Received: from mail90-db3 (localhost.localdomain []) by mail90-db3
 (MessageSwitch) id 1346353051252582_9746; Thu, 30 Aug 2012 18:57:31 +0000
Received: from (unknown [])      by (Postfix) with ESMTP id 399CB320056      for
 <>; Thu, 30 Aug 2012 18:57:31 +0000 (UTC)
Received: from ( by
 ( with Microsoft SMTP Server (TLS) id; Thu, 30 Aug
 2012 18:57:28 +0000
Received: from ( [])      by
 (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q7UIvPcA018542      for
 <>; Thu, 30 Aug 2012 12:57:25 -0600
Received: from joycePC ([])      (authenticated bits=0)      by (8.14.4/8.14.3) with ESMTP id q7UIvKLK068715
      (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO)      for
<>; Thu, 30 Aug 2012 12:57:22 -0600 (MDT)
From: Joyce Crawshaw <>
To: <>
Subject: The Shared Assessments Program
Date: Thu, 30 Aug 2012 12:57:18 -0600
Message-ID: <000e01cd86e1$485a1840$d90e48c0$>
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac2G4TEDy+SWbesSQ+6fm+3PcrJBAA==
Content-Language: en-us
X-Scanned-By: MIMEDefang 2.67 on
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 ( []); Thu, 30 Aug 2012 12:57:22 -0600 (MDT)
X-Virus-Scanned: clamav-milter 0.97.4 at
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, hits=-0.0 tests=HTML_MESSAGE,NO_RECEIVED,NO_RELAYS
X-MS-Exchange-Organization-AuthSource: Server.local.domain
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EXCLAIMER-MD-CONFIG: fcccb080-1ed1-4eee-8900-9a01f09abeaf
X-EXCLAIMER-MD-CONFIG: 6372eefc-68b4-46e9-80bc-3807d1e77233

I sent this emai to myself and still just the same (TLS) ID.

Received: from ( by
 Server.local.domain ( with Microsoft SMTP Server (TLS) id
 14.1.355.2; Fri, 31 Aug 2012 09:16:24 -0400
Received: from mail96-co1 (localhost [])      by
 (Postfix) with ESMTP id 805A9A4017C      for <>; Fri, 31
 Aug 2012 13:16:24 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:;KIP:(null);UIP:(null);IPV:NLI;;;EFVD:NLI
X-SpamScore: -23
X-BigFish: vps-23(zz1077Rd9dOc857h12d5K113dKzz1202hzz8275bh8275dhz2dh2a8h683h839hd25h107ah1155h)
X-Forefront-Antispam-Report-Untrusted: CIP:;KIP:(null);UIP:(null);IPV:NLI;H:Server.local.domain;;EFVD:NLI
Received: from mail96-co1 (localhost.localdomain []) by mail96-co1
 (MessageSwitch) id 1346418981868455_27620; Fri, 31 Aug 2012 13:16:21 +0000
Received: from (unknown [])      by (Postfix) with ESMTP id D0AFE8C0043      for
 <>; Fri, 31 Aug 2012 13:16:21 +0000 (UTC)
Received: from ( by ( with Microsoft SMTP Server id; Fri, 31 Aug 2012 13:16:19 +0000
Received: from ([])      by with comcast      id
 tQYW1j0010UnixG51RGPhN; Fri, 31 Aug 2012 13:16:23 +0000
Received: from ([])      by with comcast      id
 tRG61j0012GeovU0BRGJTx; Fri, 31 Aug 2012 13:16:18 +0000
Received: from
 ( [])      by (8.14.5/8.14.5) with ESMTP id q7VDFtpQ53281052      for
 <>; Fri, 31 Aug 2012 09:15:56 -0400
Received: from ( by ( with Microsoft SMTP Server id; Fri, 31 Aug 2012 13:15:55 +0000
Received: from mail191-co1 (localhost [])      by (Postfix) with ESMTP id A1246B80101      for
 <>; Fri, 31 Aug 2012 13:15:55 +0000 (UTC)
Received: from mail191-co1 (localhost.localdomain []) by mail191-co1
 (MessageSwitch) id 1346418953172602_5735; Fri, 31 Aug 2012 13:15:53 +0000
Received: from (unknown [])      by (Postfix) with ESMTP id 2387180049      for
 <>; Fri, 31 Aug 2012 13:15:53 +0000 (UTC)
Received: from Server.local.domain( by
 ( with Microsoft SMTP Server (TLS) id; Fri, 31 Aug
 2012 13:15:51 +0000
Received: from Server.local.domain([::1]) by Server.local.domain([::1])
 with mapi id 14.01.0355.002; Fri, 31 Aug 2012 09:15:49 -0400
From: Grant  <>
To: "" <
Subject: Hellp PSU
Thread-Topic: Hellp PSU
Thread-Index: Ac2HeyCDRtf7EIDZQPyI/A8Pmaa5Ug==
Date: Fri, 31 Aug 2012 13:15:27 +0000
Message-ID: <F1114F2C5AE09741BA301707B89236FC04B5F9B9@AP-MAIL01.opnt.local>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-exclaimer-md-config: 6372eefc-68b4-46e9-80bc-3807d1e77233
x-exclaimer-md-bifurcation-instance: 0
Content-Type: multipart/alternative;
MIME-Version: 1.0
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-3.1.8 ( []); Fri, 31 Aug 2012 09:15:56 -0400 (EDT)
X-PSU-Spam-Hits: 0
X-PSU-Spam-Flag: NO
X-Virus-Scanned: amavisd-new at
X-MS-Exchange-Organization-AuthSource: AP-MAIL02.opnt.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EXCLAIMER-MD-CONFIG: fcccb080-1ed1-4eee-8900-9a01f09abeaf

I connected to the server via telnet and when I ran starttls I get the results below, is that normal?  

220 Server.local.domain Microsoft ESMTP MAIL Service ready at Fri, 31 Aug 2012
09:08:39 -0400
250-Server.local.domain Hello []
250-SIZE 20971520
220 2.0.0 SMTP server ready

I thought I was supposed to see this.
220 2.0.0 Ready to start TLS

Lastly I ran get-exchangecertificate and received the following output in the attachment.  Can you tell me what the letters under Services mean?

Results of get-exchangecertificate command
Question by:thelink12
    LVL 6

    Accepted Solution

    The letters "IP", "W", and "S" are for IP transport (like MAPI/RPC), Web (such as OWA and Outlook Anywhere), and SMTP.

    Any status code starting with a 2 (like your 220 above) is a success code which indicates the operation requested was completed without error.
    LVL 63

    Assisted Solution

    by:Simon Butler (Sembee)
    The TLS is all you get in the headers. That indicates that TLS is being used.
    Nothing else shoudl be changed, authentication settings etc because the Forefront service isn't a member of your domain.

    The information you have highlighted isn't from an Exchange server. Different MTAs will put different information in to the headers. All Exchange puts is TLS. I have just checked with a client system I know uses TLS only and confirmed that is correct.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    The problems with reply email signatures

    Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

    Suggested Solutions

    Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
    In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now