Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Verify e-mail delivered to SMG is encrypted using TLS.

Created: 08 Nov 2012 | 3 comments

Hello all,

I'm receiving encrypted e-mails as confirmed by the header:

Received: from mail-relay1.muc.blabla.com (mail-relay1.muc.blabla.com [11.22.33.44])
 (using TLS with cipher AES256-SHA (256/256 bits))
 (Client CN "mail-relay1.muc.blabla.com", Issuer "Thawte SSL CA" (verified OK))

When I check the SMG audit logs, it shows "No" under "Delivered with TLS".

I'm assuming this is telling me that delivery to my Exchange server is not encrypted (which is fine).  Is there a way I can tell the message was delivered to the SMG with encryption?

In other words, can I look at the headers of the e-mails delivered to the SMG from the management console?

Thanks in advance.

Discussion Filed Under:

Comments 3 CommentsJump to latest comment

BenDC's picture

What version of SMG?

You are on the right track by reviewing your message headers. If are seeing received by your SMGIP/Host via TLS it was received via TLS. Unless you have TLS configured on your exchange server and have the SMG attempting TLS on devlivery of all messages that would be why it shows as not delivered via TLS.

BerkMFP's picture

BenDC,

I'm running 10.0.0-7 with Exchange 2003.

So, it sounds like I can only tell if inbound messages are incrypted by looking at the headers in the Outlook client.

It sure would be convenient if there was a way to tell at the SMG.  Maybe in a future release....

Thanks.

TSE-JDavis's picture

The next major release is schedule to have a feature to be able to enforce inbound TLS from a sender. This may change, but it is something we are pushing for since it is a requirement for many companies.