HCLSoftware Digital Solutions Community

Tls

HCL Domino Domino Forum

hcl-bot January 28, 2010, 5:31pm 1

I have enabled TLS on my server. I see the log starting tls (STARTTLS). And another domain that we email has enabled TLS on their side. But how do I know that an email I have sent was sent (and received) encrypted using TLS? Here is some of the log written when I send an email to this person.

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: Attempting to Connect: Host MAIL.HUMANSERVICEAGENCY.ORG, Port 25, SSL Port 0, Connecting Domain ntdomino.humanserviceagency.org

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: Connection successful

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 220 mail01.icdn.net ESMTP Postfix (Ubuntu)

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: CommandEHLO: EHLO ntdomino.humanserviceagency.org

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-mail01.icdn.net

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-PIPELINING

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-SIZE 104857600

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-VRFY

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-ETRN

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-STARTTLS

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-AUTH PLAIN LOGIN

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-AUTH=PLAIN LOGIN

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-ENHANCEDSTATUSCODES

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-8BITMIME

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250 DSN

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: CommandSTARTTLS: STARTTLS

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 220 2.0.0 Ready to start TLS

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: CommandEHLO: EHLO ntdomino.humanserviceagency.org

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-mail01.icdn.net

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-PIPELINING

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-SIZE 104857600

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-VRFY

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-ETRN

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-AUTH PLAIN LOGIN

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-AUTH=PLAIN LOGIN

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-ENHANCEDSTATUSCODES

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250-8BITMIME

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250 DSN

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: SMTP Authentication is not required by local server. Username: -blank-

[0A60:0027-0D78] 01/28/2010 01:22:32 PM Router: Transferring mail to domain MAIL.HUMANSERVICEAGENCY.ORG (host MAIL.HUMANSERVICEAGENCY.ORG [63.78.250.11]) via SMTP

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: Attempting to SubmitMessage:

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: Pipelined commands:

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: MAIL FROM:willn@humanserviceagency.org SIZE=9564

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: RCPT TO:Jon.Bonner@k12.sd.us

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: DATA

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: End of pipelined commands

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250 2.1.0 Ok

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250 2.1.5 Ok

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 354 End data with .

[0A60:0027-0D78] 01/28/2010 01:22:32 PM [0A60:0027-0D78] SMTPClient: Data Send Succeeded 9110 bytes

[0A60:0027-0D78] 01/28/2010 01:22:33 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 250 2.0.0 Ok: queued as CB54F2D60C7

[0A60:0027-0D78] 01/28/2010 01:22:33 PM [0A60:0027-0D78] SMTPClient: Attempting to Disconnect:

[0A60:0027-0D78] 01/28/2010 01:22:33 PM [0A60:0027-0D78] SMTPClient: CommandQUIT:

[0A60:0015-0E2C] 01/28/2010 01:22:33 PM Router: Message 006A61E2 transferred to MAIL.HUMANSERVICEAGENCY.ORG for Jon.Bonner@k12.sd.us via SMTP

[0A60:0027-0D78] 01/28/2010 01:22:33 PM [0A60:0027-0D78] SMTPClient: ReceiveResponse: 221 2.0.0 Bye

[0A60:0027-0D78] 01/28/2010 01:22:33 PM [0A60:0027-0D78] SMTPClient: Connection terminated successfully

[0A60:0027-0D78] 01/28/2010 01:22:33 PM Router: Transferred 1 messages to MAIL.HUMANSERVICEAGENCY.ORG (host MAIL.HUMANSERVICEAGENCY.ORG) via SMTP

hcl-bot January 29, 2010, 8:12am 2

Subject: TLS does not encrypt messages

It provides SSL security for SMTP transfers over TCP/IP. This is how you know that a secure connection/session was established:

SMTPClient: ReceiveResponse: 220 2.0.0 Ready to start TLS

You could use Ethereal (Wireshark) or some other Network-sniffer to verify that SSL is in-use.