Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1720
Views
0
Helpful
12
Replies

TLS Monitoring

pvdberg00
Level 1
Level 1

‎09-10-2007 01:36 PM

We are using TLS for some incoming and outgoing mail. Is there a way to monitor the behaviour of the TLS mail. At this moment I can only find some TLS report afterwards.

Labels:
0 Helpful
12 Replies 12

kluu_ironport
Level 2
Level 2

‎09-10-2007 10:47 PM

How can I determine if my IronPort appliance is using TLS for delivery or receiving?

Transport Layer Security (TLS) is a popular mechanism for enhancing TCP communications with privacy and authentication. The IronPort appliance can establish connections to remote hosts using TLS or require TLS when remote hosts establish connections.

TLS connections are recorded in the IronPort mail logs along with other significant actions related to messages such as filter actions, anti-virus and anti-spam verdicts, and delivery attempts. If there is a successful TLS connection, there will be a TLS success entry in the mail logs. Likewise, a failed TLS connection will produce a TLS failed entry. If a message does not have an associated TLS entry in the log file, that message was not delivered over a TLS connection.

Below are examples of successful and failed TLS connections:

Successful TLS connection from remote host (Receiving):
Wed Jul 20 19:47:40 2005 Info: New smtp ICID 282204970 interface mail.example.com (1.2.3.4) address 2.3.4.5 reverse dns host unknown verified no
Wed Jul 20 19:47:40 2005 Info: ICID 282204970 ACCEPT SG None match SBRS None
Wed Jul 20 19:47:40 2005 Info: ICID 282204970 TLS success
Wed Jul 20 19:47:40 2005 Info: Start MID 200257070 ICID 282204970

Failed TLS connection from remote host (Receiving):
Tue Jun 28 19:08:49 2005 Info: New SMTP ICID 282204971 interface Management (1.2.3.4) address 2.3.4.5 reverse dns host unknown verified no
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 ACCEPT SG None match SBRS None
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 TLS failed
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 lost
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 TLS was required but remote host did not initiate it
Tue Jun 28 19:08:49 2005 Info: ICID 282204971 close

Successful TLS connection to remote host (Delivery):
Tue Jun 28 19:28:31 2005 Info: DCID 2386069 TLS success CN:
Tue Jun 28 19:28:31 2005 Info: New SMTP DCID 2386069 interface 1.2.3.4 address 2.3.4.5
Tue Jun 28 19:28:31 2005 Info: Delivery start DCID 2386069 MID 200257075 to RID [0]

Failed TLS connection to remote host (Delivery):
Fri Jul 22 22:00:05 2005 Info: DCID 2386070 IP 2.3.4.5 TLS failed: STARTTLS unexpected response


We are using TLS for some incoming and outgoing mail. Is there a way to monitor the behaviour of the TLS mail.  At this moment I can only find some TLS report afterwards.

0 Helpful

pvdberg00
Level 1
Level 1

‎09-11-2007 08:35 AM

I know that there are lines in the maillogs. I have also used spamtowho and in the output there are some lines about TLS connection. You can use the GUI (or CLI) to define TLS. What I want to know if there is a method to monitor the behaviour of TLS preventive.

0 Helpful

mkehler
Level 1
Level 1

‎09-17-2007 04:59 PM

2nd that... it would be nice to be alerted if TLS 'breaks'

0 Helpful

Wargot_ironport
Level 1
Level 1

‎04-03-2008 09:58 AM

This is exactly the question that I need an answer too aswell.

We are lokking at turning on TLS fairly soon, but need an easy way to monitor TLS just incase of failure, and also to be able to report on the volume of TLS connections that are happening.

I don't want to spend all day trawling through the mail logs. Is there either a report or somewhere within the GUI that we can monitor TLS?

0 Helpful

pvdberg00
Level 1
Level 1

‎04-03-2008 10:08 AM

What version of aSyncOS are you using? In version 6 there are some possibilities in the GUI for TLS reporting.

Peter.

0 Helpful

Wargot_ironport
Level 1
Level 1

‎04-03-2008 10:21 AM

Our Production Boxes are 5.5.1 at the moment but we are looking to upgrade to 6.1 when it is released (I think later this month)

We also have a test box is on V6.0 that were are currently testing TLS on.

0 Helpful

pvdberg00
Level 1
Level 1

‎04-03-2008 10:39 AM

We are allready using 6.1. There is a seperate display for TLS. I think you can ask support or your sales representative for this version to test.

Peter.

0 Helpful

Wargot_ironport
Level 1
Level 1

‎04-03-2008 10:56 AM

Thank You very much

:D

0 Helpful

jwiegert1
Level 1
Level 1

‎01-23-2009 05:42 PM

I just read this thread and I think what people are asking is if you can get an alert as soon as TLS fails. This seems to be pretty important if you have a "Required" TLS connection with a partner. Reports are good for the end of the day, but email alerts are important to fix critical problems. Is this possible?

0 Helpful

kyerramr
Level 1
Level 1

‎01-27-2009 08:04 AM

This feature is implemented in the newly released version of ASYncOS 6.5-405. TLS alerts can be configured under the destination controls setting.

-Kishore

0 Helpful

pvdberg00
Level 1
Level 1

‎01-27-2009 08:24 AM

Do you mean the Required - Verify (Preferred - Verify). This option is already in V6.4

Peter

0 Helpful

jwiegert1
Level 1
Level 1

‎01-27-2009 02:43 PM

I see it now. I did not have the latest version. Great feature. 

Do you mean the Required - Verify (Preferred - Verify). This option is already in V6.4

Peter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents