cancel
Showing results for 
Search instead for 
Did you mean: 

TLS

What's the best way to check to see if a domain you are sending to is using TLS or not?  Or even better, is there a report that can be generated that shows domains that were communicated with that TLS was used?

3 Replies
wecsoc
Level 7
Report Inappropriate Content
Message 2 of 4

Re: TLS

The best answer I could find from the old support forum is to contact support and have them install the tlsin and tlsout agents.  They are supposed to enable the reports you're looking for.

psi
Level 7
Report Inappropriate Content
Message 3 of 4

Re: TLS

The top domain destination with TLS are displayed on the outgoing report. You will find Top by message or by volume...

ijahnke
Level 11
Report Inappropriate Content
Message 4 of 4

Re: TLS

Correct, we do have two agents called TLSIN and TLSOUT, these can be installed by contacting tech support via phone or web and requesting thier installation. These agents will report which domains connected to the Ironmail via TLS (TLSIN) and which domains recieved TLS from the ironmail (TLSOUT)

One of our techs here has written a quick how-to on determining whether or not a message went via TLS:

TLS Encryption - How to Verify

    The lines of interest in 'show events' logging is the entry "LOG_STAT" - Should be two (2) "LOG_STAT" entries per message (SMTPI & SMTPO).

    Make sure the log level is set to 'DETAILED'.

INBOUND:
    The value of interest is the second-to-last entry in the LOG_STAT line.
   
    Encrypted:
        20090318:16:25:50|22660653246220|9284|LOG_STAT -|pwatkins@webroot.com|{(0, 0L): ['jreynolds@tcv.com']}|8670|2009/03/18 16:25:51|1|0|
                         |CONNECTION  ID|
                         |CONNECTION  ID|
                         |CONNECTION  ID|

        
            NOTE: The SMTPI 'LOG_STAT' will come first in the events log and will have a long/random number after the timestamp - that is the Connection ID

        The number one (1) that is the second to last value in this log line indicates it was TLS Encrypted.
       
        To see the difference look at the next example.

   Non-Encrypted:
        20090318:10:16:41|22660562520543|9284|LOG_STAT -|3eczbsrqkck8vddvatpatgih-cdgteanvddvat.rdbewpgsxcvirk.rdb@alerts.bounces.google.com|{(0, 0L): ['pharding@tcv.com']}|13133|2009/03/18 10:16:41|0|0|


OUTBOUND:
    For Outbound TLS check the 'show events' log.  The difference is the SMTPO log is the last entry in the LOG_STAT line.

    Encrypted:
        20090318:13:25:36|399|9524|LOG_STAT <mail from>, <rcpt fix>, <size>, <date>, <secure Conn>.  -|jacban@cwclab.com:['jacob.bancroft@thecreek.com']:1063:2009/03/18 13:25:36:1|
   
    Non-Encrypted:
        20090318:11:35:38|391|9524|LOG_STAT <mail from>, <rcpt fix>, <size>, <date>, <secure Conn>.  -|jacban@cwclab.com:['evilution13b@gmail.com']:979:2009/03/18 11:35:38:0|
       
        On the LOG_STAT line for the SMTPO event (Outbound) in SMTPO, see the following values in the last data field:
                0 = Sent in the Clear
                1 = Sent using TLS
                2 = Sent Using S/MIME
                3 = Sent using PGP
                4 = Sent to Secure Web Delivery Server
                5 = Sent in the Clear due to Admin Enforced TLS/SSL Deny

NOTE: Summary Log will also indicate method of delivery - to locate this line in the Summary Log run:

    show log summary |grep "|30|" |grep <msg_id>
    or
    show log summary |grep "|30|" |grep <destination_domain>

        Need to replace <msg_id> and <destination_domain> with actual values

Message was edited by: Ivan Jahnke on 9/13/10 9:48:18 AM CDT