none
How can you tell if an mail was transmitted using TLS encryption (or not)?

    Question

  • Is there a way to check the log's and audit if messages where send with a specific version of TLS or is transferd as clear text in Exchange 2013?
    • Edited by Nieckb Monday, July 4, 2016 2:46 PM
    Monday, July 4, 2016 2:22 PM

Answers

  • Hi,

    You can check e-mail message information by MRCA with Message Header Analyzer.

    Note that mailbox audit is used to track who logs on to the mailboxes in your organization and what actions are taken, and administrator audit log is used to record actions taken by a user or administrator that make changes in your organization.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Wednesday, July 6, 2016 2:16 AM
    Moderator

All replies

  • Look at the message headers.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Tuesday, July 5, 2016 5:23 AM
    Moderator
  • Hi,

    Additional, you can enable protocol log for each connector, then send message to check SMTP log under C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive by default.

    More details about analyze protocol log, for your reference:
    http://social.technet.microsoft.com/wiki/contents/articles/23182.analyzing-the-protocol-logs-and-message-tracking-logs-in-exchange-2013.aspx

    For end user, you can check the message header to view the TLS version.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Tuesday, July 5, 2016 6:07 AM
    Moderator
  • Hello Allen,

    The protocol log does not show which protocol is used. For example only STARTTLS, but not TLS 1.1 or TLS 1.2. Can I audit this in logs?

    How can I tell if the message is send as clear text?




    • Edited by Nieckb Tuesday, July 5, 2016 8:41 AM
    Tuesday, July 5, 2016 7:00 AM
  • Hi,

    You can check e-mail message information by MRCA with Message Header Analyzer.

    Note that mailbox audit is used to track who logs on to the mailboxes in your organization and what actions are taken, and administrator audit log is used to record actions taken by a user or administrator that make changes in your organization.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Wednesday, July 6, 2016 2:16 AM
    Moderator