Video Screencast Help

How to find out total number of the emails delivered with TLS

Created: 29 Aug 2012 | 3 comments

How to find out total number of the emails delivered with TLS.

Is it possible to get statistics of what percentage of the emails are delivered with TLS.

I tried using Message Audit Logs with below filter, but it is not generating any result (0 Match found).

Host : All Scanners

Mandatory filter : sender

Mandatory filter value : @localdomain

Optional filter : Action taken

Optional filter value : Deliver Message with TLS encryption

Below is reason for not generating result for above given filter.

On closer inspection I see that the issue is that we are not querying everything that relates to TLS, which is arguably a problem or an oversight of design.

What we query is the specific action related to the content filtering rule level of TLS implementation and we don't query the MTA level setting at all.

This is why we get no results when we query on the actions field "Delivered with TLS encryption" because even though we did, we did it at the MTA level and didn't end up with a content filtering rule verdict which can actually be queried.

How to find out total number of the emails delivered with TLS ?? OR

Is it possible to get statistics of what percentage of the emails are delivered with TLS.

Discussion Filed Under:

Comments 3 CommentsJump to latest comment

EoinM's picture

It looks to me like something which could certainly be useful, presently it is only possible to get an accurate result when you have set the content filtering policy,but not if you have set the TLS at SMTP or domain levels, which looks like an oversight.

Bernhard Rohrer's picture

I would agree. TLs is an important if underestimated security feature and we need better methods for monitoring it.

toby's picture

EoinM but this will not help to get the real percentage as you only check based on the verdict.

Assuming you have 1000 emails that will based on the content filter apply the TLS as its applied to your policy groups for outbound, then the verdict is getting counted a 1000 times for the report, but probably not all mails will be deliverd with TLS as not everyone has TLS in place. So you have a wrong report. Or am I wrong?

 

I have heard of improvement in terms of logging in SMG 10. So maybe the TLS info is available in the mail.log, what gives then the possibility even not by the SMG interface to get stats for a report, that will show the real value of emails transmitted via TLS.

------------------------------------------------------------------

Best regards!

toby

CISSP / STS / MCP