Encryption analysis

New Contributor

Hello everybody,


I would like to know if there is a Powershell script so that you can analyze Exchang log files to see whether the emails are encrypted?
This is so important to me. Please help me.

 

Thanks

2 Replies
Could you please explain what exactly do you want to achieve?
@Victor Ivanidze 

2021-02-16T08:57:53.615Z,Connector_Std,08D8CD4678A8D136,0,,2.2.2.2:25,*,SendRoutingHeaders,Set Session Permissions
2021-02-16T08:57:53.615Z,Connector_Std,08D8CD4678A8D136,1,,2.2.2.2:25,*,,attempting to connect
2021-02-16T08:57:53.619Z,Connector_Std,08D8CD4678A8D136,2,1.1.1.1:23951,2.2.2.2:25,+,,
2021-02-16T08:57:53.621Z,Connector_Std,08D8CD4678A8D136,3,1.1.1.1:23951,2.2.2.2:25,<,"220 partner.server.com Microsoft ESMTP MAIL Service ready at Tue, 16 Feb 2021 09:54:32 +0100",
2021-02-16T08:57:53.621Z,Connector_Std,08D8CD4678A8D136,4,1.1.1.1:23951,2.2.2.2:25,>,EHLO Local.mail.server,
2021-02-16T08:57:53.623Z,Connector_Std,08D8CD4678A8D136,5,1.1.1.1:23951,2.2.2.2:25,<,250 partner.server.com Hello [213.61.138.101] SIZE 104857600 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH NTLM 8BITMIME BINARYMIME CHUNKING,
2021-02-16T08:57:53.623Z,Connector_Std,08D8CD4678A8D136,6,1.1.1.1:23951,2.2.2.2:25,>,STARTTLS,
2021-02-16T08:57:53.625Z,Connector_Std,08D8CD4678A8D136,7,1.1.1.1:23951,2.2.2.2:25,<,220 2.0.0 SMTP server ready,
2021-02-16T08:57:53.626Z,Connector_Std,08D8CD4678A8D136,8,1.1.1.1:23951,2.2.2.2:25,*," CN=*.mail.server.com, O=MS xyz. für Informationssysteme mbH, L=Berlin, C=DE CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US 06A70BC74121796D60CC44482403E4FC 00B3B27BC3249A076A0A2C9EF016D36CDE8E0F2A 2020-12-07T01:00:00.000Z 2021-12-20T00:59:59.000Z *.mail.server.com;mail.server.com",Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2021-02-16T08:57:53.679Z,Connector_Std,08D8CD4678A8D136,9,1.1.1.1:23951,2.2.2.2:25,*," CN=*.mail.server.com, O=MS xyz. für Informationssysteme mbH, L=Berlin, C=DE CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US 06A70BC74121796D60CC44482403E4FC 00B3B27BC3249A076A0A2C9EF016D36CDE8E0F2A 2020-12-07T01:00:00.000Z 2021-12-20T00:59:59.000Z *.mail.server.com;mail.server.com",Remote certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2021-02-16T08:57:53.679Z,Connector_Std,08D8CD4678A8D136,10,1.1.1.1:23951,2.2.2.2:25,*,,"TLS protocol SP_PROT_TLS1_2_CLIENT negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash algorithm CALG_SHA_256 with strength 0 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
2021-02-16T08:57:53.679Z,Connector_Std,08D8CD4678A8D136,11,1.1.1.1:23951,2.2.2.2:25,*,00B3B27BC3249A076A0A2C9EF016D36CDE8E0F2A,Received certificate Thumbprint
2021-02-16T08:57:53.679Z,Connector_Std,08D8CD4678A8D136,12,1.1.1.1:23951,2.2.2.2:25,>,EHLO Local.mail.server,
2021-02-16T08:57:53.682Z,Connector_Std,08D8CD4678A8D136,13,1.1.1.1:23951,2.2.2.2:25,<,250 partner.server.com Hello [213.61.138.101] SIZE 104857600 PIPELINING DSN ENHANCEDSTATUSCODES AUTH NTLM LOGIN 8BITMIME BINARYMIME CHUNKING,
2021-02-16T08:57:53.683Z,Connector_Std,08D8CD4678A8D136,14,1.1.1.1:23951,2.2.2.2:25,*,,sending message with RecordId 30726196035616 and InternetMessageId <b9bbe847d2394064a7aa0fc1bf33bcc1@Local.mail.server>
2021-02-16T08:57:53.683Z,Connector_Std,08D8CD4678A8D136,15,1.1.1.1:23951,2.2.2.2:25,>,MAIL FROM:<TLSTEST@Local.mail.server> SIZE=4776,
2021-02-16T08:57:53.683Z,Connector_Std,08D8CD4678A8D136,16,1.1.1.1:23951,2.2.2.2:25,>,RCPT TO:<my.name@mail.server.com>,
2021-02-16T08:57:53.685Z,Connector_Std,08D8CD4678A8D136,17,1.1.1.1:23951,2.2.2.2:25,<,250 2.1.0 Sender OK,
2021-02-16T08:57:53.685Z,Connector_Std,08D8CD4678A8D136,18,1.1.1.1:23951,2.2.2.2:25,<,250 2.1.5 Recipient OK,
2021-02-16T08:57:53.685Z,Connector_Std,08D8CD4678A8D136,19,1.1.1.1:23951,2.2.2.2:25,>,BDAT 1826 LAST,
2021-02-16T08:57:54.040Z,Connector_Std,08D8CD4678A8D136,20,1.1.1.1:23951,2.2.2.2:25,<,"250 2.6.0 <b9bbe847d2394064a7aa0fc1bf33bcc1@Local.mail.server> [InternalId=45436459024703, Hostname=xxx.localname.MS] 3412 bytes in 0.333, 9,992 KB/sec Queued mail for delivery",
2021-02-16T08:57:54.042Z,Connector_Std,08D8CD4678A8D136,21,1.1.1.1:23951,2.2.2.2:25,>,QUIT,
2021-02-16T08:57:54.043Z,Connector_Std,08D8CD4678A8D136,22,1.1.1.1:23951,2.2.2.2:25,<,221 2.0.0 Service closing transmission channel,
2021-02-16T08:57:54.044Z,Connector_Std,08D8CD4678A8D136,23,1.1.1.1:23951,2.2.2.2:25,-,,Local





I'm just sending you the logs (I've changed some information for security reasons.)
And I say what I want to achieve.
With the help of Powershell, would I know whether my emails are encrypted or not?