03-05-2014 11:34 AM
We have been seeing some strange TLS errors for messages going to domains with MX Records in the *.iphmx.com domain recently. Whois says it belongs to "Cloud Email Security - Cisco Systems" so it would appear to be part of the Ironport Cloud Service. Some of the partner domains I ran tlsverify against came back with this:
Certificate verification failed: self signed certificate in certificate chain.
I decided to try and help out so I sent a note to the ARIN contacts for the IP network and then I got this in response:
Delivery is delayed to these recipients or distribution lists:
bit-bucket@printers.ironport.com
Subject: TLS errors for iphmx.com
This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.
Nice. Makes me glad we stuck with physical appliances.
Anyhoo...has anyone else seen unusual TLS errors to MX Records in iphmx.com?
...Bit-Bucket Bob
03-06-2014 12:34 AM
Not saying this is the answer, but when Cisco provision a cloud email security system for a customer they provide self signed certs for all SSL/TLS protected transactions including TLS. One of the actions the customer has to perform is to replace those self signed certs with CA signed certs (if they wish). It may be that the domains you are looking at are trials or POCs and they haven't got round to providing signed certs, or they may have decided not to have CA signed TLS certs. It is perfectly valid to use self-signed certs, with the risk that if the "other end" requires signed certs then emails will be bounced or sent over unencrypted channels, according to policy.
09-11-2015 08:08 PM
Looking through communications records for the past twelve weeks, I found that a number of iphmx.com servers are communicating using the RC4 cipher. These emails might as well not even be encrypted.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide