Verifying TLS encryption with Exchange 2010

I use Microsoft Exchange Hosted Services (EHS) for Spam and Encryption.  I am trying to verify if my Hub server is communicating with EHS with TLS.  I know about enabling Domain Security for the send connector but I am using a smart  host instead of DNS.  I opened port 587 on the firewall and enabled  Exchange Server Authentication. but the emails sit in the Queue.  Below is an email I received and this header has detailed information about the sending server including TLS and Cipher.  The only information my server is reporting is the (TLS) id 14.1.355.2.

Received: from ( by
 Server.local.domain ( with Microsoft SMTP Server (TLS) id
 14.1.355.2; Thu, 30 Aug 2012 14:57:35 -0400
Received: from mail90-db3 (localhost [])      by
 (Postfix) with ESMTP id C659C1801BF      for <>; Thu, 30
 Aug 2012 18:57:34 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:;KIP:(null);UIP:(null);IPV:NLI;;;EFVD:NLI
X-SpamScore: -2
X-BigFish: vps-2(zz2130Ic85fh1415Izz1202hzz8275bh8275dhz2dh2a8h668h839hd24he5bh107ah1155h)
Received: from mail90-db3 (localhost.localdomain []) by mail90-db3
 (MessageSwitch) id 1346353051252582_9746; Thu, 30 Aug 2012 18:57:31 +0000
Received: from (unknown [])      by (Postfix) with ESMTP id 399CB320056      for
 <>; Thu, 30 Aug 2012 18:57:31 +0000 (UTC)
Received: from ( by
 ( with Microsoft SMTP Server (TLS) id; Thu, 30 Aug
 2012 18:57:28 +0000
Received: from ( [])      by
 (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q7UIvPcA018542      for
 <>; Thu, 30 Aug 2012 12:57:25 -0600
Received: from joycePC ([])      (authenticated bits=0)      by (8.14.4/8.14.3) with ESMTP id q7UIvKLK068715
      (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO)      for
<>; Thu, 30 Aug 2012 12:57:22 -0600 (MDT)
From: Joyce Crawshaw <>
To: <>
Subject: The Shared Assessments Program
Date: Thu, 30 Aug 2012 12:57:18 -0600
Message-ID: <000e01cd86e1$485a1840$d90e48c0$>
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac2G4TEDy+SWbesSQ+6fm+3PcrJBAA==
Content-Language: en-us
X-Scanned-By: MIMEDefang 2.67 on
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 ( []); Thu, 30 Aug 2012 12:57:22 -0600 (MDT)
X-Virus-Scanned: clamav-milter 0.97.4 at
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, hits=-0.0 tests=HTML_MESSAGE,NO_RECEIVED,NO_RELAYS
X-MS-Exchange-Organization-AuthSource: Server.local.domain
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EXCLAIMER-MD-CONFIG: fcccb080-1ed1-4eee-8900-9a01f09abeaf
X-EXCLAIMER-MD-CONFIG: 6372eefc-68b4-46e9-80bc-3807d1e77233

I sent this emai to myself and still just the same (TLS) ID.

Received: from ( by
 Server.local.domain ( with Microsoft SMTP Server (TLS) id
 14.1.355.2; Fri, 31 Aug 2012 09:16:24 -0400
Received: from mail96-co1 (localhost [])      by
 (Postfix) with ESMTP id 805A9A4017C      for <>; Fri, 31
 Aug 2012 13:16:24 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:;KIP:(null);UIP:(null);IPV:NLI;;;EFVD:NLI
X-SpamScore: -23
X-BigFish: vps-23(zz1077Rd9dOc857h12d5K113dKzz1202hzz8275bh8275dhz2dh2a8h683h839hd25h107ah1155h)
X-Forefront-Antispam-Report-Untrusted: CIP:;KIP:(null);UIP:(null);IPV:NLI;H:Server.local.domain;;EFVD:NLI
Received: from mail96-co1 (localhost.localdomain []) by mail96-co1
 (MessageSwitch) id 1346418981868455_27620; Fri, 31 Aug 2012 13:16:21 +0000
Received: from (unknown [])      by (Postfix) with ESMTP id D0AFE8C0043      for
 <>; Fri, 31 Aug 2012 13:16:21 +0000 (UTC)
Received: from ( by ( with Microsoft SMTP Server id; Fri, 31 Aug 2012 13:16:19 +0000
Received: from ([])      by with comcast      id
 tQYW1j0010UnixG51RGPhN; Fri, 31 Aug 2012 13:16:23 +0000
Received: from ([])      by with comcast      id
 tRG61j0012GeovU0BRGJTx; Fri, 31 Aug 2012 13:16:18 +0000
Received: from
 ( [])      by (8.14.5/8.14.5) with ESMTP id q7VDFtpQ53281052      for
 <>; Fri, 31 Aug 2012 09:15:56 -0400
Received: from ( by ( with Microsoft SMTP Server id; Fri, 31 Aug 2012 13:15:55 +0000
Received: from mail191-co1 (localhost [])      by (Postfix) with ESMTP id A1246B80101      for
 <>; Fri, 31 Aug 2012 13:15:55 +0000 (UTC)
Received: from mail191-co1 (localhost.localdomain []) by mail191-co1
 (MessageSwitch) id 1346418953172602_5735; Fri, 31 Aug 2012 13:15:53 +0000
Received: from (unknown [])      by (Postfix) with ESMTP id 2387180049      for
 <>; Fri, 31 Aug 2012 13:15:53 +0000 (UTC)
Received: from Server.local.domain( by
 ( with Microsoft SMTP Server (TLS) id; Fri, 31 Aug
 2012 13:15:51 +0000
Received: from Server.local.domain([::1]) by Server.local.domain([::1])
 with mapi id 14.01.0355.002; Fri, 31 Aug 2012 09:15:49 -0400
From: Grant  <>
To: "" <
Subject: Hellp PSU
Thread-Topic: Hellp PSU
Thread-Index: Ac2HeyCDRtf7EIDZQPyI/A8Pmaa5Ug==
Date: Fri, 31 Aug 2012 13:15:27 +0000
Message-ID: <F1114F2C5AE09741BA301707B89236FC04B5F9B9@AP-MAIL01.opnt.local>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-exclaimer-md-config: 6372eefc-68b4-46e9-80bc-3807d1e77233
x-exclaimer-md-bifurcation-instance: 0
Content-Type: multipart/alternative;
MIME-Version: 1.0
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-3.1.8 ( []); Fri, 31 Aug 2012 09:15:56 -0400 (EDT)
X-PSU-Spam-Hits: 0
X-PSU-Spam-Flag: NO
X-Virus-Scanned: amavisd-new at
X-MS-Exchange-Organization-AuthSource: AP-MAIL02.opnt.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EXCLAIMER-MD-CONFIG: fcccb080-1ed1-4eee-8900-9a01f09abeaf

I connected to the server via telnet and when I ran starttls I get the results below, is that normal?  

220 Server.local.domain Microsoft ESMTP MAIL Service ready at Fri, 31 Aug 2012
09:08:39 -0400
250-Server.local.domain Hello []
250-SIZE 20971520
220 2.0.0 SMTP server ready

I thought I was supposed to see this.
220 2.0.0 Ready to start TLS

Lastly I ran get-exchangecertificate and received the following output in the attachment.  Can you tell me what the letters under Services mean?

Results of get-exchangecertificate command
Who is Participating?
The letters "IP", "W", and "S" are for IP transport (like MAPI/RPC), Web (such as OWA and Outlook Anywhere), and SMTP.

Any status code starting with a 2 (like your 220 above) is a success code which indicates the operation requested was completed without error.
Simon Butler (Sembee)ConsultantCommented:
The TLS is all you get in the headers. That indicates that TLS is being used.
Nothing else shoudl be changed, authentication settings etc because the Forefront service isn't a member of your domain.

The information you have highlighted isn't from an Exchange server. Different MTAs will put different information in to the headers. All Exchange puts is TLS. I have just checked with a client system I know uses TLS only and confirmed that is correct.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.