Encryption analysis

%3CLINGO-SUB%20id%3D%22lingo-sub-2136155%22%20slang%3D%22de-DE%22%3EEncryption%20analysis%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2136155%22%20slang%3D%22de-DE%22%3E%3CP%3EHello%20everyone%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20would%20like%20to%20know%20if%20there%20is%20a%20Powershell%20script%20so%20that%20you%20can%20analyze%20Exchang%20log%20files%20to%20see%20whether%20the%20emails%20are%20encrypted%3F%3CBR%20%2F%3EThis%20is%20so%20important%20to%20me.%20Please%20help%20me.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2136155%22%20slang%3D%22de-DE%22%3E%3CLINGO-LABEL%3E2013%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2138715%22%20slang%3D%22en-US%22%3ERE%3A%20Encryption%20analysis%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2138715%22%20slang%3D%22en-US%22%3ECould%20you%20please%20explain%20what%20exactly%20do%20you%20want%20to%20achieve%3F%3C%2FLINGO-BODY%3E
New Contributor

Hello everybody,


I would like to know if there is a Powershell script so that you can analyze Exchang log files to see whether the emails are encrypted?
This is so important to me. Please help me.

 

Thanks

2 Replies
Could you please explain what exactly do you want to achieve?
@Victor Ivanidze 

2021-02-16T08:57:53.615Z,Connector_Std,08D8CD4678A8D136,0,,2.2.2.2:25,*,SendRoutingHeaders,Set Session Permissions
2021-02-16T08:57:53.615Z,Connector_Std,08D8CD4678A8D136,1,,2.2.2.2:25,*,,attempting to connect
2021-02-16T08:57:53.619Z,Connector_Std,08D8CD4678A8D136,2,1.1.1.1:23951,2.2.2.2:25,+,,
2021-02-16T08:57:53.621Z,Connector_Std,08D8CD4678A8D136,3,1.1.1.1:23951,2.2.2.2:25,<,"220 partner.server.com Microsoft ESMTP MAIL Service ready at Tue, 16 Feb 2021 09:54:32 +0100",
2021-02-16T08:57:53.621Z,Connector_Std,08D8CD4678A8D136,4,1.1.1.1:23951,2.2.2.2:25,>,EHLO Local.mail.server,
2021-02-16T08:57:53.623Z,Connector_Std,08D8CD4678A8D136,5,1.1.1.1:23951,2.2.2.2:25,<,250 partner.server.com Hello [213.61.138.101] SIZE 104857600 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH NTLM 8BITMIME BINARYMIME CHUNKING,
2021-02-16T08:57:53.623Z,Connector_Std,08D8CD4678A8D136,6,1.1.1.1:23951,2.2.2.2:25,>,STARTTLS,
2021-02-16T08:57:53.625Z,Connector_Std,08D8CD4678A8D136,7,1.1.1.1:23951,2.2.2.2:25,<,220 2.0.0 SMTP server ready,
2021-02-16T08:57:53.626Z,Connector_Std,08D8CD4678A8D136,8,1.1.1.1:23951,2.2.2.2:25,*," CN=*.mail.server.com, O=MS xyz. für Informationssysteme mbH, L=Berlin, C=DE CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US 06A70BC74121796D60CC44482403E4FC 00B3B27BC3249A076A0A2C9EF016D36CDE8E0F2A 2020-12-07T01:00:00.000Z 2021-12-20T00:59:59.000Z *.mail.server.com;mail.server.com",Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2021-02-16T08:57:53.679Z,Connector_Std,08D8CD4678A8D136,9,1.1.1.1:23951,2.2.2.2:25,*," CN=*.mail.server.com, O=MS xyz. für Informationssysteme mbH, L=Berlin, C=DE CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US 06A70BC74121796D60CC44482403E4FC 00B3B27BC3249A076A0A2C9EF016D36CDE8E0F2A 2020-12-07T01:00:00.000Z 2021-12-20T00:59:59.000Z *.mail.server.com;mail.server.com",Remote certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2021-02-16T08:57:53.679Z,Connector_Std,08D8CD4678A8D136,10,1.1.1.1:23951,2.2.2.2:25,*,,"TLS protocol SP_PROT_TLS1_2_CLIENT negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash algorithm CALG_SHA_256 with strength 0 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
2021-02-16T08:57:53.679Z,Connector_Std,08D8CD4678A8D136,11,1.1.1.1:23951,2.2.2.2:25,*,00B3B27BC3249A076A0A2C9EF016D36CDE8E0F2A,Received certificate Thumbprint
2021-02-16T08:57:53.679Z,Connector_Std,08D8CD4678A8D136,12,1.1.1.1:23951,2.2.2.2:25,>,EHLO Local.mail.server,
2021-02-16T08:57:53.682Z,Connector_Std,08D8CD4678A8D136,13,1.1.1.1:23951,2.2.2.2:25,<,250 partner.server.com Hello [213.61.138.101] SIZE 104857600 PIPELINING DSN ENHANCEDSTATUSCODES AUTH NTLM LOGIN 8BITMIME BINARYMIME CHUNKING,
2021-02-16T08:57:53.683Z,Connector_Std,08D8CD4678A8D136,14,1.1.1.1:23951,2.2.2.2:25,*,,sending message with RecordId 30726196035616 and InternetMessageId <b9bbe847d2394064a7aa0fc1bf33bcc1@Local.mail.server>
2021-02-16T08:57:53.683Z,Connector_Std,08D8CD4678A8D136,15,1.1.1.1:23951,2.2.2.2:25,>,MAIL FROM:<TLSTEST@Local.mail.server> SIZE=4776,
2021-02-16T08:57:53.683Z,Connector_Std,08D8CD4678A8D136,16,1.1.1.1:23951,2.2.2.2:25,>,RCPT TO:<my.name@mail.server.com>,
2021-02-16T08:57:53.685Z,Connector_Std,08D8CD4678A8D136,17,1.1.1.1:23951,2.2.2.2:25,<,250 2.1.0 Sender OK,
2021-02-16T08:57:53.685Z,Connector_Std,08D8CD4678A8D136,18,1.1.1.1:23951,2.2.2.2:25,<,250 2.1.5 Recipient OK,
2021-02-16T08:57:53.685Z,Connector_Std,08D8CD4678A8D136,19,1.1.1.1:23951,2.2.2.2:25,>,BDAT 1826 LAST,
2021-02-16T08:57:54.040Z,Connector_Std,08D8CD4678A8D136,20,1.1.1.1:23951,2.2.2.2:25,<,"250 2.6.0 <b9bbe847d2394064a7aa0fc1bf33bcc1@Local.mail.server> [InternalId=45436459024703, Hostname=xxx.localname.MS] 3412 bytes in 0.333, 9,992 KB/sec Queued mail for delivery",
2021-02-16T08:57:54.042Z,Connector_Std,08D8CD4678A8D136,21,1.1.1.1:23951,2.2.2.2:25,>,QUIT,
2021-02-16T08:57:54.043Z,Connector_Std,08D8CD4678A8D136,22,1.1.1.1:23951,2.2.2.2:25,<,221 2.0.0 Service closing transmission channel,
2021-02-16T08:57:54.044Z,Connector_Std,08D8CD4678A8D136,23,1.1.1.1:23951,2.2.2.2:25,-,,Local





I'm just sending you the logs (I've changed some information for security reasons.)
And I say what I want to achieve.
With the help of Powershell, would I know whether my emails are encrypted or not?