3 Replies Latest reply on Sep 13, 2010 9:48 AM by ijahnke

    TLS

      What's the best way to check to see if a domain you are sending to is using TLS or not?  Or even better, is there a report that can be generated that shows domains that were communicated with that TLS was used?

        • 1. Re: TLS

          The best answer I could find from the old support forum is to contact support and have them install the tlsin and tlsout agents.  They are supposed to enable the reports you're looking for.

          • 2. Re: TLS

            The top domain destination with TLS are displayed on the outgoing report. You will find Top by message or by volume...

            • 3. Re: TLS
              ijahnke

              Correct, we do have two agents called TLSIN and TLSOUT, these can be installed by contacting tech support via phone or web and requesting thier installation. These agents will report which domains connected to the Ironmail via TLS (TLSIN) and which domains recieved TLS from the ironmail (TLSOUT)

               

              One of our techs here has written a quick how-to on determining whether or not a message went via TLS:

               

               

              TLS Encryption - How to Verify

               

                  The lines of interest in 'show events' logging is the entry "LOG_STAT" - Should be two (2) "LOG_STAT" entries per message (SMTPI & SMTPO).

               

                  Make sure the log level is set to 'DETAILED'.

               

              INBOUND:
                  The value of interest is the second-to-last entry in the LOG_STAT line.
                 
                  Encrypted:
                      20090318:16:25:50|22660653246220|9284|LOG_STAT -|pwatkins@webroot.com|{(0, 0L): ['jreynolds@tcv.com']}|8670|2009/03/18 16:25:51|1|0|
                                       |CONNECTION  ID|
                                       |CONNECTION  ID|
                                       |CONNECTION  ID|

                      
                          NOTE: The SMTPI 'LOG_STAT' will come first in the events log and will have a long/random number after the timestamp - that is the Connection ID

               

                      The number one (1) that is the second to last value in this log line indicates it was TLS Encrypted.
                     
                      To see the difference look at the next example.

               

                 Non-Encrypted:
                      20090318:10:16:41|22660562520543|9284|LOG_STAT -|3eczbsrqkck8vddvatpatgih-cdgteanvddvat.rdbewpgsxcvirk.rdb@alerts.bounces.googl e.com|{(0, 0L): ['pharding@tcv.com']}|13133|2009/03/18 10:16:41|0|0|


              OUTBOUND:
                  For Outbound TLS check the 'show events' log.  The difference is the SMTPO log is the last entry in the LOG_STAT line.

               

                  Encrypted:
                      20090318:13:25:36|399|9524|LOG_STAT <mail from>, <rcpt fix>, <size>, <date>, <secure Conn>.  -|jacban@cwclab.com:['jacob.bancroft@thecreek.com']:1063:2009/03/18 13:25:36:1|
                 
                  Non-Encrypted:
                      20090318:11:35:38|391|9524|LOG_STAT <mail from>, <rcpt fix>, <size>, <date>, <secure Conn>.  -|jacban@cwclab.com:['evilution13b@gmail.com']:979:2009/03/18 11:35:38:0|
                     
                      On the LOG_STAT line for the SMTPO event (Outbound) in SMTPO, see the following values in the last data field:
                              0 = Sent in the Clear
                              1 = Sent using TLS
                              2 = Sent Using S/MIME
                              3 = Sent using PGP
                              4 = Sent to Secure Web Delivery Server
                              5 = Sent in the Clear due to Admin Enforced TLS/SSL Deny

               

              NOTE: Summary Log will also indicate method of delivery - to locate this line in the Summary Log run:

               

                  show log summary |grep "|30|" |grep <msg_id>
                  or
                  show log summary |grep "|30|" |grep <destination_domain>

               

                      Need to replace <msg_id> and <destination_domain> with actual values

               

               

              Message was edited by: Ivan Jahnke on 9/13/10 9:48:18 AM CDT