When I run a test on my server through this site it passes and shows TLS 1.2 being used:
https://www.checktls.com/TestReceiver
Our domain is marionutilities.com.
However when I look through the headers of any outside emails there is no information at all about TLS or Ciphers being used. Here is an email from gmail to myself:
Now here is an email from ME webmail to gmail:Received: from mail-wm0-f49.google.com ([74.125.82.49]) by marionutilities.com with MailEnable ESMTPS; Fri, 4 May 2018 13:39:31 -0400
Received: by mail-wm0-f49.google.com with SMTP id t11so5227498wmt.0
for <jdoe@marionutilities.com>; Fri, 04 May 2018 10:39:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=mime-version:frommessage-id:subject:to;
bh=HP7M8vew8q+71LlIu+Ntt4GTsrHajua60LJKdIFsfyc=;
b=i0ihki/x5iyWCqbao/x2+vzJihncfq0gxfUhlfvsDeVv/YnaCJ6ksJLAkmmr7cbgNO
T3NUp3GDO8eR8NHlA6KacSza/Zmm0mqiCTRls+5RJRwFJzan7rAtxNDMNrrUeN/tlH45
3Wv+aZjLSHbl81fZkG7O32+aqltzr4IkFCXf0x/pPkdPElTfy+W6VYQ1TSKqHCgFM6e1
If4HI0AXl1+cb0Pft/3n/3hymcFeEhKSwg3YMEdx/ufXJdyaadyr5P3R6ZwQxhbkN3SC
J2QZ4OTpXcodlwGkafv3tRmFI0tpMV4E8TOvfOqGC6fACx7pxQIy/9YNUafSppnMjXSS
CsMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:frommessage-id:subject:to;
bh=HP7M8vew8q+71LlIu+Ntt4GTsrHajua60LJKdIFsfyc=;
b=tr2hh50nPpwonciSgukeSvjGOePYDuZTgMoELXKR10+y4ZZWJ4uhKwR9lKTi5dcgGx
hXTMDYS0U28taFzPFNUQQjIooxyFddZreOcmgtiwsuz53yAFdClfnLgUax4+YQbxFmoO
zHu8Myye0onFybQEXIw2OC7vWXOHGG53RByvaD517udC623QhijD4KK0iHT4Lp2Pkzwr
QgB5+tBRMhd7hUnoq9kx72W6wsNzNWjhY7JjM/qCklxS0kdk9ugHDnLRV4auiKXc2z0p
jT1NqixRYpgCJ9eXwRMs248otc920LyLA7afRmtEv7xF+gbuwK3J0iomk9JjpNjOPB02
kBZw==
X-Gm-Message-State: ALQs6tAEX60ABgX4tzILKtfG/rfmyDqnZuQNefhpgStd9xpl+Egt3Qz3
k32nF6uPDyIerrSo1IkbseIUVjXxsphWBDMyVAA=
X-Google-Smtp-Source: AB8JxZqfDKqdisSezSQ/5hsxNGO3Yz6+jT1F2zrz0MUT8uq4CkS1gP2+gIrDFTIUOgxho1rlvEoqt1x2hBXdQnqElTc=
X-Received: by 10.28.63.199 with SMTP id m190mr16487180wma.158.1525455569178;
Fri, 04 May 2018 10:39:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.61.3 with HTTP; Fri, 4 May 2018 10:39:28 -0700 (PDT)
From: John Doe <jdoe@gmail.com>
Date: Fri, 4 May 2018 13:39:28 -0400
Message-ID: <CALZaCmGtmzF50RQibo+FadtBL8Bf-h3JEi0FOMatSwbtOA5WrA@mail.gmail.com>
Subject: Testing from gmail to ME
To: jdoe@marionutilities.com
Content-Type: multipart/alternative; boundary="001a114c245e525461056b64cd4f"
X-ME-Bayesian: 0.000000
Return-Path: <jdoe@gmail.com>
--001a114c245e525461056b64cd4f
Content-Type: text/plain; charset="UTF-8"
As you can see it's using TLS 1.2.Delivered-To: jdoe@gmail.com
Received: by 10.28.129.130 with SMTP id c124csp351228wmd;
Fri, 4 May 2018 10:57:01 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZomP0/FnfzhVah7r1VKcuUnq6HLiy55QQ0yEhxdWYSu17HTS4s7fI/z2QGBS3dh2e1Zk8so
X-Received: by 2002:a6b:9589:: with SMTP id x131-v6mr6912194iod.40.1525456621472;
Fri, 04 May 2018 10:57:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525456621; cv=none;
d=google.com; s=arc-20160816;
b=TZONHLSAJsbX8y8y8LcrJii1V1H9NdcFAV8Y+UpXVnicp8rKABlzw9TVFSZBoOPhzv
UH2IU9jyIiQOXHq0u4DkcyahF5brxlAanEh8byzRtnvyNFKV4cq1cY7LiC8V1NtFk4OY
Ablp4gjkjZMmCmMcmJB/zc7ctrf1pKhaEoJDzRpqPo5JLmCiVg5vv2nBXSvpSGVCNMjx
ubeXsYwMGzIwA5QCgF572d+PlYKei0ZFnCSQOQld0F8dxzaeB3oXnM1mAZZ937I64fWk
cN3c2LNMg+66iH0s/XuS5QI4tWSkkwmNi47eLkFDnRnUUEt6VIGJW9oXOWwVh3vk7KCY
rHow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=mime-version:message-idsubject:from:to
:arc-authentication-results;
bh=lGKAw9Og+nGoZToKdOPXKh4zlzS1EDQd+w4Z8PfGhTU=;
b=hMZIvBPSnEpsobAhkUF9RXdscYDb0rkhHahnW5oK2njtnuOVL+tVz1aNzsfbpadiE4
ipGUp1o0SgscwW7r5JVn5JzWBDUkHG/L0MYxtFshxZJg0i/jMWsufoGNw+8WqRNj4cCS
so8gkn9ozGZVOMtrNuNbJxNx3tWqP659SEpFLpq1/OlGoIPDPbKh9SOsLWlY8oEuto4+
E0hbzRoBkYCq2XtBR2AWBvFnyPHYBA/ns2baWY0asqwL1SgwdCPpTBW2SV668B+m/Apa
vUJdvSKwHCBUbs1S/h76e60dAiRqs23t8Sv0nL0sR+FDrzi7kSqXuAMY9AHvezeZqk8D
yU/A==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of jdoe@marionutilities.com designates 24.123.208.162 as permitted sender) smtp.mailfrom=jdoe@marionutilities.com
Return-Path: <jdoe@marionutilities.com>
Received: from marionutilities.com (smtp.marionutilities.com. [24.123.208.162])
by mx.google.com with ESMTPS id u63-v6si3872562ioe.206.2018.05.04.10.57.00
for <jdoe@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Fri, 04 May 2018 10:57:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of jdoe@marionutilities.com designates 24.123.208.162 as permitted sender) client-ip=24.123.208.162;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of jdoe@marionutilities.com designates 24.123.208.162 as permitted sender) smtp.mailfrom=jdoe@marionutilities.com
Received: from ([172.17.17.105]) by marionutilities.com with MailEnable WebMail; Fri, 4 May 2018 13:56:58 -0400
To: <jdoe@gmail.com>
From: John Doe <jdoe@marionutilities.com>
Subject: Test from Me to gmail
Date: Fri, 4 May 2018 13:56:58 -0400
Message-ID: <54047D9509504644AD066F8BF07248D5.MAI@marionutilities.com>
MIME-Version: 1.0
X-MimeOLE: Produced By MailEnable WebMail.NET V10.15.0.0
X-Mailer: MailEnable WebMail.NET
X-Read: 0
Content-Type: multipart/alternative; boundary="__=_AltPart_1510233092_530426079"
X-ME-Bayesian: 0.000000
--__=_AltPart_1510233092_530426079
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
What makes this even more confusing is that internal emails from our Exchange Server to our Mailenable server do seem to be using TLS. This is an email I sent via OWA to an email address that does not exist on the Exchange Server - thus it routed to ME:
There it is - TLS 1.2 being used on an inbound email. So to me that means we have things configured correctly in ME.Received: from mucex02.marionutilities.com ([172.17.16.4]) by marionutilities.com with MailEnable ESMTPS; Fri, 4 May 2018 14:03:24 -0400
Received: from mucex02.marionutilities.com (172.17.16.4) by
mucex02.marionutilities.com (172.17.16.4) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
15.1.1415.2; Fri, 4 May 2018 14:03:24 -0400
Received: from mucex02.marionutilities.com ([fe80:57ca1b0]) by
mucex02.marionutilities.com ([fe80:57ca1b0%12]) with mapi id
15.01.1415.002; Fri, 4 May 2018 14:03:24 -0400
From: Administrator <Administrator@marionutilities.com>
To: "MEonlyAddress@marionutilities.com" <MEonlyAddress@marionutilities.com>
Subject: Test from Exchange to ME
Thread-Topic: Test from Exchange to ME
Thread-Index: AQHT49Ix8NcBimHkBEOPDYn95//2Jw==
Date: Fri, 4 May 2018 18:03:24 +0000
Message-ID: <f01b763fc0fe410daad0a9ebc80a449f@marionutilities.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.17.17.105]
Content-Type: multipart/alternative;
boundary="_000_f01b763fc0fe410daad0a9ebc80a449fmarionutilitiescom_"
MIME-Version: 1.0
X-CrossPremisesHeadersFilteredBySendConnector: mucex02.marionutilities.com
X-OrganizationHeadersPreserved: mucex02.marionutilities.com
X-ME-Bayesian: 0.006245
Return-Path: <Administrator@marionutilities.com>
--_000_f01b763fc0fe410daad0a9ebc80a449fmarionutilitiescom_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Yet it seems all inbound email from outside addresses do not use TLS. In the logs I can see STARTTLS being advertised and even initiated I think:
Yet the headers in the emails do not show any signs of TLS being used.05/04/18 10:55:26 SMTP-IN A38B099A8C1C41149A0207F1A8ED5566.MAI 1652 74.125.82.49 220 smtp.marionutilities.com - YO YO YO 0 0
05/04/18 10:55:26 SMTP-IN A38B099A8C1C41149A0207F1A8ED5566.MAI 1652 74.125.82.49 EHLO EHLO mail-wm0-f49.google.com 250-marionutilities.com [74.125.82.49], this server offers 3 extensions 116 30
05/04/18 10:55:27 SMTP-IN A38B099A8C1C41149A0207F1A8ED5566.MAI 1652 74.125.82.49 STARTTLS 24 10
05/04/18 10:55:27 SMTP-IN A38B099A8C1C41149A0207F1A8ED5566.MAI 1652 74.125.82.49 STARTTLS STARTTLS 24 10
05/04/18 10:55:27 SMTP-IN A38B099A8C1C41149A0207F1A8ED5566.MAI 1652 74.125.82.49 EHLO EHLO mail-wm0-f49.google.com 250-marionutilities.com [74.125.82.49], this server offers 2 extensions 102 30
05/04/18 10:55:27 SMTP-IN A38B099A8C1C41149A0207F1A8ED5566.MAI 1652 74.125.82.49 MAIL MAIL FROM:<jdoe@gmail.com> SIZE=59726 250 Requested mail action okay, completed 43 49
05/04/18 10:55:27 SMTP-IN A38B099A8C1C41149A0207F1A8ED5566.MAI 1652 74.125.82.49 RCPT RCPT TO:<jdoe@marionutilities.com> 250 Requested mail action okay, completed 43 41
05/04/18 10:55:27 SMTP-IN A38B099A8C1C41149A0207F1A8ED5566.MAI 1652 74.125.82.49 DATA DATA 354 Start mail input; end with <CRLF>.<CRLF> 46 6
What's even more concerning is that when I go into SMTP properties/Inbound tab/Port Settings and place a check next to Requires SSL on the SMTP service port all inbound email stops. Nothing comes in from outside, nothing internally from Exchange. I have to remove that check mark to get inbound email working again.
I've tried a few other outside test sites and the ones that appear to actually try to send an email fail due to a problem with TLS. All 3 of these sites fail me on TLS:
https://www.wormly.com/test-smtp-server
https://luxsci.com/extranet/tlschecker.html
https://ssl-tools.net/mailservers/marionutilities.com
I'm at a loss for what I'm doing wrong. Any help is greatly appreciated.