From: | Schaf |
---|---|
Date: | 3/20/24 1:02 PM |
Topic: | log certificate used for outbound email? |
Type: | General Discussions |
Post a follow up |
I'm troubleshooting an issue with email delivery to Exchange Online. I've setup an inbound connector in Exchange Online (Your org to O365) and set to verify the subject name on the certificate. The email is getting delivered to Exchange Online but not using this inbound connector. I have a valid certificate installed on the server with Xeams. I can see the certificate is used when sending an email form a workstation to the server. However, I can't validate the certificate used when the message is sent from Xeams to Exchange Online. I could not find the certificate in the Wireshark capture from Xeams to Exchange Online. Any suggestions? |
|
Top |
From: | Synametrics Support |
---|---|
Date: | 3/20/24 1:21 PM |
Topic: | log certificate used for outbound email? |
Type: | General Discussions |
Post a follow up |
When two SMTP servers communicate, the certificate on the receiving end is used. Therefore, the certificate on Xeams does not play any role. It will be the certificate on O365 that is used. Therefore, the reason for getting an incorrect inbound connector used is unrelated to the certificate on Xeams. Check SMTPOutboundConversation.log. For every email, you should see two connections. The first connection is before STARTTLS is issued. The second connection (after STARTTLS) should have the word "secure" in the connection line, confirming encryption was used. Here is an example log snippet. 2024-03-20 13:04:49,137 - [ 6996042] ************ New connection to: 104.47.18.97 2024-03-20 13:04:49,253 - [ 6996042] C --> 220 AM6EUR05FT037.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Wed, 20 Mar 2024 17:04:48 +0000 2024-03-20 13:04:49,253 - [ 6996042] S <-- EHLO mail.synametrics.com 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-AM6EUR05FT037.mail.protection.outlook.com Hello [162.255.85.54] 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-SIZE 49283072 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-PIPELINING 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-DSN 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-ENHANCEDSTATUSCODES 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-STARTTLS 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-8BITMIME 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-BINARYMIME 2024-03-20 13:04:49,368 - [ 6996042] C --> 250-CHUNKING 2024-03-20 13:04:49,368 - [ 6996042] C --> 250 SMTPUTF8 2024-03-20 13:04:49,368 - [ 6996042] S <-- STARTTLS 2024-03-20 13:04:49,482 - [ 6996042] C --> 220 2.0.0 SMTP server ready 2024-03-20 13:04:49,482 - [ 6996042] ************ New (secure) connection to: 104.47.18.97 2024-03-20 13:04:49,482 - [ 6996042] S <-- EHLO mail.synametrics.com 2024-03-20 13:04:50,101 - [ 6996042] C --> 250-AM6EUR05FT037.mail.protection.outlook.com Hello [162.255.85.54] 2024-03-20 13:04:50,101 - [ 6996042] C --> 250-SIZE 49283072 2024-03-20 13:04:50,101 - [ 6996042] C --> 250-PIPELINING 2024-03-20 13:04:50,101 - [ 6996042] C --> 250-DSN 2024-03-20 13:04:50,101 - [ 6996042] C --> 250-ENHANCEDSTATUSCODES 2024-03-20 13:04:50,101 - [ 6996042] C --> 250-8BITMIME 2024-03-20 13:04:50,101 - [ 6996042] C --> 250-BINARYMIME 2024-03-20 13:04:50,101 - [ 6996042] C --> 250-CHUNKING 2024-03-20 13:04:50,101 - [ 6996042] C --> 250 SMTPUTF8 2024-03-20 13:04:50,101 - [ 6996042] S <-- MAIL FROM:<qh@xxxx.com> 2024-03-20 13:04:50,216 - [ 6996042] C --> 250 2.1.0 Sender OK 2024-03-20 13:04:50,217 - [ 6996042] S <-- RCPT TO:<xxxxx@hotmail.com> 2024-03-20 13:04:50,334 - [ 6996042] C --> 250 2.1.5 Recipient OK 2024-03-20 13:04:50,335 - [ 6996042] S <-- DATA 2024-03-20 13:04:50,449 - [ 6996042] C --> 354 Start mail input; end with <CRLF>.<CRLF> 2024-03-20 13:04:51,817 - [ 6996042] C --> 250 2.6.0 <020b01da7ae8$b7268fd0$2573af70$@angelstarventures.com> [InternalId=140793322933157, Hostname=BLAPR19MB4420.namprd19.prod.outlook.com] 35864 bytes in 0.299, 117.124 KB/sec Queued mail for delivery -> 250 2.1.5 2024-03-20 13:04:51,819 - [ 6996042] S <-- QUIT 2024-03-20 13:04:51,932 - [ 6996042] C --> 221 2.0.0 Service closing transmission channel 2024-03-20 13:04:51,933 - [ 6996042] ~~~~~~~~~~~~ Connection Terminated ( 2451) The green lines were sent after an encrypted channel was established. Do you see one or two connections? Another suggestion is to use the Email Sender (https://www.xeams.com/Email-Sender.htm), which can display SSL certificate information. Run it on the same machine where Xeams is installed. |
|
Top |
From: | Schaf |
---|---|
Date: | 3/20/24 6:13 PM |
Topic: | log certificate used for outbound email? |
Type: | General Discussions |
Post a follow up |
Your comment about only the receiving server certificate being used is interesting. We're following the Microsoft article linked below for setting up a certificate-based connector. To answer your question, I do see to connections in the log. The message is absolutely using TLS 1.2 (verified in message headers and from Exchange Online message trace). The Email Sender App shows the third party certificate is being used when relaying to the Xeams server. Thank you. |
|
Top |
From: | Synametrics Support |
---|---|
Date: | 3/21/24 8:23 AM |
Topic: | log certificate used for outbound email? |
Type: | General Discussions |
Post a follow up |
Schaf, The article you linked talks about Two-way SSL authentication. Check https://cheapsslsecurity.com/p/what-is-2-way-ssl-and-how-does-it-work/ for details. Xeams currently does not support two-way SSL. Therefore, the only way to accomplish this is by specifying Xeams's public IP address in O365.
|
|
Top |
From: | Schaf |
---|---|
Date: | 3/21/24 2:03 PM |
Topic: | log certificate used for outbound email? |
Type: | General Discussions |
Post a follow up |
Synametrics Support - thank you for the feedback on the Microsoft Article. I'm confirming with Microsoft Support and will post an update (if they can answer the question, 'nuf said). Thanks for the link to the 2 Way SSL’/TLS article. Very Helpful. |
|
Top |