Hi folks
I just enabled Encryption on my SOPHOS Email appliance, version 4.4
There is a 3 way architecture here. Internal Exchange sends to our Sophos which sends to a perimeter RELAY service which then sends to the outside world.
An email I send from the inside to the outside has the following in the SOPHOS logs:
1. I can verify that Exchange is sending and receiving using TLS 1.2 with the SOPHOS box. (The Exchange protocol logs evidence this AND the SOPHOS *log details* tab evidence this).
2. HOWEVER, I cannot see how I verify that a TLS session is in place onto the next hop (RELAYS)? The next hop definitely offers TLS, but how do I see that in the SOPHOS logs?
Below is an example of the SOPHOS log detail info I can see for an internal to external email:
2018-08-02 07:24:57 SOPHOS01 postfix/smtpd[12652]: setting up TLS connection from ExchangeCAS01 [10.x.x.x]
2018-08-02 07:24:57 SOPHOS01 postfix/smtpd[12652]: ExchangeCAS01 [10.x.x.x] Untrusted: subject_CN=ExchangeCAS01 [10.x.x.x], issuer=CWSS Enterprise Certificate Authority Sub2, fingerprint=09:EA:AD:3B:AF:35:71:C3:1D:69:F4:16:5A:F9:23:38
2018-08-02 07:24:57 SOPHOS01 postfix/smtpd[12652]: Untrusted TLS connection established from ExchangeCAS01 [10.x.x.x]
The above line tells me I have a TLS session in place from Internal to Sophos, but now I want to see the TLS session in place up to the next hop. This is what I see next in the log
2018-08-02 07:24:59 SOPHOS01 postfix/backend/smtp[16488]: 0735019CF01_B62A3BBB: enabling PIX workarounds: disable_esmtp delay_dotcrlf for RELAYSERVER [100.X.X.X]:25
2018-08-02 07:24:59 SOPHOS01 postfix/backend/smtp[16488]: 0735019CF01_B62A3BBB: to=<sarahTest@blah.external>, relay=RELAYSERVER[100.X.X.X]:25, delay=0.78, delays=0.02/0/0.05/0.71, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DC6D6B6082)
The above snippet isn't showing me any TLS info......should it?
Ta all
T
This thread was automatically locked due to age.
