netcmh
asked on
Verify TLS Exchange communication
Hello,
I would like to know a fool proof way to verify if my exchange server 2007 is communicating with another domain over TLS.
If anyone in my LAN sends an email using my exchange to xyz.com, how can I verify if the mail was sent over TLS?
Thank you.
I would like to know a fool proof way to verify if my exchange server 2007 is communicating with another domain over TLS.
If anyone in my LAN sends an email using my exchange to xyz.com, how can I verify if the mail was sent over TLS?
Thank you.
You can look at the SMTP Send logs and search for the xyz.com domain. If TLS is being used, you'll see the related communication in those logs.
ASKER
Can you give me a step by step? I'm not the mail admin. He's out and I'm tasked with the work.
ASKER
I dug around a bit. So, in the Exchange Management Console, I chose Message Tracking under Toolbox.
Then, I put in the recipient, the eventid as send and chose the start and end dates; and hit next.
I see a whole bunch of email logs and I'm going to go out on a limb and say that the recipientStat is the column I'm supposed to look at, as it has the 250 2.1.5 ok status. I think the 250 is the indicator that TLS is being used.
Please let me know if I'm way off base, and where else I can check to see if this domain is actually configured as a TLS communicator.
Then, I put in the recipient, the eventid as send and chose the start and end dates; and hit next.
I see a whole bunch of email logs and I'm going to go out on a limb and say that the recipientStat is the column I'm supposed to look at, as it has the 250 2.1.5 ok status. I think the 250 is the indicator that TLS is being used.
Please let me know if I'm way off base, and where else I can check to see if this domain is actually configured as a TLS communicator.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No, the 250 only indicates that the communication was successful.
ASKER
Thank you. Where else I can check to see if this domain is actually configured as a TLS communicator?
By default, on the sending side Exchange 2007 will use what is termed "opportunistic TLS." This means that if an external server requests that the communication be encrypted, the Exchange 2007 server will respond by sending the SSL certificate information and encrypting the communication. You set the options for receiving email in the properties of your Receive Connector(s), on the Authentication tab, or by using the Exchange management shell. In both cases, you have the option to select to use TLS opportunistically (the default) or MutualAuth TLS, which requires TLS to be enabled on both ends and will reject email that is not encrypted.
Here's a link to some Technet info on TLS if you want more info:
http://technet.microsoft.com/en-us/library/ee428172(v=EXCHG.80).aspx
Here's a link to some Technet info on TLS if you want more info:
http://technet.microsoft.com/en-us/library/ee428172(v=EXCHG.80).aspx