Verifying TLS encryption with Exchange 2010

Posted on 2012-08-31
Medium Priority
Last Modified: 2017-02-03
I use Microsoft Exchange Hosted Services (EHS) for Spam and Encryption.  I am trying to verify if my Hub server is communicating with EHS with TLS.  I know about enabling Domain Security for the send connector but I am using a smart  host instead of DNS.  I opened port 587 on the firewall and enabled  Exchange Server Authentication. but the emails sit in the Queue.  Below is an email I received and this header has detailed information about the sending server including TLS and Cipher.  The only information my server is reporting is the (TLS) id 14.1.355.2.

Received: from mail90-db3-R.bigfish.com ( by
 Server.local.domain ( with Microsoft SMTP Server (TLS) id
 14.1.355.2; Thu, 30 Aug 2012 14:57:35 -0400
Received: from mail90-db3 (localhost [])      by mail90-db3-R.bigfish.com
 (Postfix) with ESMTP id C659C1801BF      for <gn@accuns.com>; Thu, 30
 Aug 2012 18:57:34 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:;KIP:(null);UIP:(null);IPV:NLI;H:mx1a.swcp.com;RD:mx1a.swcp.com;EFVD:NLI
X-SpamScore: -2
X-BigFish: vps-2(zz2130Ic85fh1415Izz1202hzz8275bh8275dhz2dh2a8h668h839hd24he5bh107ah1155h)
Received: from mail90-db3 (localhost.localdomain []) by mail90-db3
 (MessageSwitch) id 1346353051252582_9746; Thu, 30 Aug 2012 18:57:31 +0000
Received: from DB3EHSMHS017.bigfish.com (unknown [])      by
 mail90-db3.bigfish.com (Postfix) with ESMTP id 399CB320056      for
 <gg@accuate.com>; Thu, 30 Aug 2012 18:57:31 +0000 (UTC)
Received: from mx1a.swcp.com ( by DB3EHSMHS017.bigfish.com
 ( with Microsoft SMTP Server (TLS) id; Thu, 30 Aug
 2012 18:57:28 +0000
Received: from ame8.swcp.com (ame8.swcp.com [])      by mx1a.swcp.com
 (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q7UIvPcA018542      for
 <on@a.com>; Thu, 30 Aug 2012 12:57:25 -0600
Received: from joycePC ([])      (authenticated bits=0)      by
 ame8.swcp.com (8.14.4/8.14.3) with ESMTP id q7UIvKLK068715
      (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO)      for
<gdon@aces.com>; Thu, 30 Aug 2012 12:57:22 -0600 (MDT)
      (envelope-from joyce@santa-fe-group.com)
From: Joyce Crawshaw <joyce@santa-fe-group.com>
To: <ggoon@umes.com>
Subject: The Shared Assessments Program
Date: Thu, 30 Aug 2012 12:57:18 -0600
Message-ID: <000e01cd86e1$485a1840$d90e48c0$@santa-fe-group.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac2G4TEDy+SWbesSQ+6fm+3PcrJBAA==
Content-Language: en-us
X-Scanned-By: MIMEDefang 2.67 on
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (ame8.swcp.com []); Thu, 30 Aug 2012 12:57:22 -0600 (MDT)
X-Virus-Scanned: clamav-milter 0.97.4 at ame8.swcp.com
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ame8.swcp.com
X-Spam-Status: No, hits=-0.0 tests=HTML_MESSAGE,NO_RECEIVED,NO_RELAYS
Return-Path: joyce@santa-fe-group.com
X-MS-Exchange-Organization-AuthSource: Server.local.domain
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EXCLAIMER-MD-CONFIG: fcccb080-1ed1-4eee-8900-9a01f09abeaf
X-EXCLAIMER-MD-CONFIG: 6372eefc-68b4-46e9-80bc-3807d1e77233

I sent this emai to myself and still just the same (TLS) ID.

Received: from mail96-co1-R.bigfish.com ( by
 Server.local.domain ( with Microsoft SMTP Server (TLS) id
 14.1.355.2; Fri, 31 Aug 2012 09:16:24 -0400
Received: from mail96-co1 (localhost [])      by mail96-co1-R.bigfish.com
 (Postfix) with ESMTP id 805A9A4017C      for <ggdon@acceps.com>; Fri, 31
 Aug 2012 13:16:24 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:;KIP:(null);UIP:(null);IPV:NLI;H:qmta01.westchester.pa.mail.comcast.net;RD:qmta01.westchester.pa.mail.comcast.net;EFVD:NLI
X-SpamScore: -23
X-BigFish: vps-23(zz1077Rd9dOc857h12d5K113dKzz1202hzz8275bh8275dhz2dh2a8h683h839hd25h107ah1155h)
X-Forefront-Antispam-Report-Untrusted: CIP:;KIP:(null);UIP:(null);IPV:NLI;H:Server.local.domain;RD:74-95-176-68-Philadelphia.hfc.comcastbusiness.net;EFVD:NLI
Received: from mail96-co1 (localhost.localdomain []) by mail96-co1
 (MessageSwitch) id 1346418981868455_27620; Fri, 31 Aug 2012 13:16:21 +0000
Received: from CO1EHSMHS022.bigfish.com (unknown [])      by
 mail96-co1.bigfish.com (Postfix) with ESMTP id D0AFE8C0043      for
 <ggon@as.com>; Fri, 31 Aug 2012 13:16:21 +0000 (UTC)
Received: from qmta01.westchester.pa.mail.comcast.net ( by
 CO1EHSMHS022.bigfish.com ( with Microsoft SMTP Server id; Fri, 31 Aug 2012 13:16:19 +0000
Received: from imta11.westchester.pa.mail.comcast.net ([])      by
 qmta01.westchester.pa.mail.comcast.net with comcast      id
 tQYW1j0010UnixG51RGPhN; Fri, 31 Aug 2012 13:16:23 +0000
Received: from tr10n04.aset.psu.edu ([])      by
 imta11.westchester.pa.mail.comcast.net with comcast      id
 tRG61j0012GeovU0BRGJTx; Fri, 31 Aug 2012 13:16:18 +0000
Received: from co1outboundpool.messaging.microsoft.com
 (co1ehsobe002.messaging.microsoft.com [])      by
 tr10n04.aset.psu.edu (8.14.5/8.14.5) with ESMTP id q7VDFtpQ53281052      for
 <gmg@psu.edu>; Fri, 31 Aug 2012 09:15:56 -0400
Received: from mail191-co1-R.bigfish.com ( by
 CO1EHSOBE013.bigfish.com ( with Microsoft SMTP Server id; Fri, 31 Aug 2012 13:15:55 +0000
Received: from mail191-co1 (localhost [])      by
 mail191-co1-R.bigfish.com (Postfix) with ESMTP id A1246B80101      for
 <gmg@psu.edu>; Fri, 31 Aug 2012 13:15:55 +0000 (UTC)
Received: from mail191-co1 (localhost.localdomain []) by mail191-co1
 (MessageSwitch) id 1346418953172602_5735; Fri, 31 Aug 2012 13:15:53 +0000
Received: from CO1EHSMHS012.bigfish.com (unknown [])      by
 mail191-co1.bigfish.com (Postfix) with ESMTP id 2387180049      for
 <gm@psu.edu>; Fri, 31 Aug 2012 13:15:53 +0000 (UTC)
Received: from Server.local.domain( by CO1EHSMHS012.bigfish.com
 ( with Microsoft SMTP Server (TLS) id; Fri, 31 Aug
 2012 13:15:51 +0000
Received: from Server.local.domain([::1]) by Server.local.domain([::1])
 with mapi id 14.01.0355.002; Fri, 31 Aug 2012 09:15:49 -0400
From: Grant  <ggordon@.com>
To: "gmg@psu.edu" <gm@psu.edu
Subject: Hellp PSU
Thread-Topic: Hellp PSU
Thread-Index: Ac2HeyCDRtf7EIDZQPyI/A8Pmaa5Ug==
Date: Fri, 31 Aug 2012 13:15:27 +0000
Message-ID: <F1114F2C5AE09741BA301707B89236FC04B5F9B9@AP-MAIL01.opnt.local>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-exclaimer-md-config: 6372eefc-68b4-46e9-80bc-3807d1e77233
x-exclaimer-md-bifurcation-instance: 0
Content-Type: multipart/alternative;
MIME-Version: 1.0
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-3.1.8 (tr10n04.aset.psu.edu []); Fri, 31 Aug 2012 09:15:56 -0400 (EDT)
X-PSU-Spam-Hits: 0
X-PSU-Spam-Flag: NO
X-Virus-Scanned: amavisd-new at psu.edu
Return-Path: ggordon@as.com
X-MS-Exchange-Organization-AuthSource: AP-MAIL02.opnt.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EXCLAIMER-MD-CONFIG: fcccb080-1ed1-4eee-8900-9a01f09abeaf

I connected to the server via telnet and when I ran starttls I get the results below, is that normal?  

220 Server.local.domain Microsoft ESMTP MAIL Service ready at Fri, 31 Aug 2012
09:08:39 -0400
250-Server.local.domain Hello []
250-SIZE 20971520
220 2.0.0 SMTP server ready

I thought I was supposed to see this.
220 2.0.0 Ready to start TLS

Lastly I ran get-exchangecertificate and received the following output in the attachment.  Can you tell me what the letters under Services mean?

Results of get-exchangecertificate command
Question by:thelink12

Accepted Solution

page1985 earned 1000 total points
ID: 38355010
The letters "IP", "W", and "S" are for IP transport (like MAPI/RPC), Web (such as OWA and Outlook Anywhere), and SMTP.

Any status code starting with a 2 (like your 220 above) is a success code which indicates the operation requested was completed without error.
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1000 total points
ID: 38356053
The TLS is all you get in the headers. That indicates that TLS is being used.
Nothing else shoudl be changed, authentication settings etc because the Forefront service isn't a member of your domain.

The information you have highlighted isn't from an Exchange server. Different MTAs will put different information in to the headers. All Exchange puts is TLS. I have just checked with a client system I know uses TLS only and confirmed that is correct.


Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question