help with encrypted attachments

[MishNY]

hi everyone,
I haven't been here in a long time and might be in the wrong section but hoping someone can point me in the right direction. This is work related, not personal but our IT Mgr and another companies IT Mgr haven't been able to figure it out. I'm having problems with encrypted attachments with a company we have been doing business with for years. Using Exchange Server 2007 for our email. All parties using Verisign digital IDs. All of a sudden one company when they send me encrypted attachments, the message body of the email is blank and attachments are stripped. I can send and receive encrypted attachments to other companies, but can only send to this one in particular - not receive. They can send and receive to other recepients (and receive mine). We just cant get theirs. My ITMgr says it is on their end and theirs can't figure it out. This has been ongoing for about 3 weeks now. I'm not completely server savvy but can find out whatever someone might need to know to help? Their IT Mgr has dealt with someone at verisign who so far has only mentioned making sure we have each others private keys. Both of us have trusted certificates stored on each other. Thanks for any suggestions

[jdc2000]

Have you verified that your antivirus and antispam filters are not removing the attachments? I would still bet that it is a certificate or key issue on your end.

[MishNY]

Have you verified that your antivirus and antispam filters are not removing the attachments? I would still bet that it is a certificate or key issue on your end.

I have it turned off at my computer. All other computers on the network use the server anti-virus and antispam software. I can receive their attachments as long as they don't use encryption to send to me. But as soon as they try to send me another file (same type xls, doc, etc) they get stripped. I've looked at the certificate details of 2 on our end and another company I deal with and there is one line of the certificate that is missing on theirs that appears on the others. It's just numbers. (possibly the private key data?) Theirs is the same type/class id from verisign.

[MishNY]

Something else that might help regarding the only difference I can see in the certificates. On mine and a co-worker as well as another company I deal with... under "view certificate" and "details" you see various things under Field and Value such as Version, Serial number, signature algorithm, etc. Under the field column we all have an entry that lists 2.16.840.1.113733.1.6.7 and a various number next to it under value. The 2 people with that company I cant receive from don't have such an entry in their certificate details. But they are the same type of certificate, "Verisign Class 1 Individual Subscriber CA-G2"

[jdc2000]

The additional details were helpful. From your first post I was thinking that your server was blocking all encrypted e-mails from the outside company. However, it now appears that you are using the certificates in client computers. Now I see why yout IT department thinks it is on their end. It looks like their certificates did not get installed correctly. Missing certificate details could well be the problem. The senders should try to get the the certificate they need to send to you fixed so it contains all necessary data. At this point, I don't know if they are using the same certificate to send to other users, or if they have indovodual certificaets for each sender and receiver pair.

[jerryctx]

This has been ongoing for about 3 weeks

Who did what to whom three weeks ago?

[TropicalBound]

I was wondering what happened three weeks ago myself. Did the cert expire?

Do you have an email firewall on your Exchange Server? If the firewall cannot scan the attachments, it will usually strip them off (depending on how it's configured). See if white listing their domain in the firewall helps.

Do you have another email address they could send the encrypted attachments to? Hotmail, Yahoo, etc?

TB

[MishNY]

Approx 3 weeks ago we had a PC in the company with a spam bot detected. Their server had us blacklisted for about 3 days. The problem was resolved and we were whitelisted.

We do have an email firewall on the exchange server and they are white listed. I am able to receive attachments from them as long as they are not encrypted. It's only when they encrypt it is stripped.

I am thinking perhaps that number that doesn't exist on their certificates is the "private key"?

[jdc2000]

I do think it is a problem with the certificate installation on their end.

[MishNY]

Thanks jdc. I think so too but their IT Mgr still thinks it is on our end. I'm going to paste a couple of message header infos on 2 emails and mask anything resembling an address just in hopes maybe something will help. This is a portion of a header from his email that comes over with blank message body and no attachment.

with Microsoft SMTP Server id 0.0.000.0; Mon, 1 Feb 2010 09:01:16 -0500
X-Ninja-PIM: Scanned by Ninja
X-Ninja-AttachmentFiltering: (no action)
X-MimeOLE: Produced By Microsoft Exchange V6.5
MIME-Version: 1.0
Content-Type: application/x-pkcs7-mime; name="smime.p7m,smime.p7m";
smime-type="enveloped-data,enveloped-data"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Content-Class: urn:content-classes:message
Subject: test
Date: Mon, 1 Feb 2010 09:04:56 -0500
Message-ID: <bunchalettersandnumbershere@********.com>
X-MS-Has-Attach: yes
Thread-Topic: test
thread-index: AcqjR4kNyh8XuCTZRzawTKcLQ8lfmQ==


And here is another from someone that I received the encrypted file correctly.
with Microsoft SMTP Server id 0.0.000.0; Tue, 30 Jun 2009
13:32:12 -0400
Content-Class: urn:content-classes:message
Subject: RE: 401K 7-2-09.xls
MIME-Version: 1.0
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Date: Tue, 30 Jun 2009 13:33:48 -0400
Message-ID: <bunchalettersandnumbers@***********.local>
X-MimeOLE: Produced By Microsoft Exchange V6.5
In-Reply-To: <bunchalettersandnumbershere@exchange>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: 401K 7-2-09.xls
thread-index: Acn5qFM6eNtlO6FxSN2gaPcWQt/gEgAAI9oA
References: <bunchalettersandnumbershere@exchange>

[jdc2000]

I don't see anything n the headers that would be useful in tracking down the cause. It might help if you provided some details on exactly how or what method of encryption you are using on these e-mails. It sounds like you are using some of secure encrypted e-mail rather than just encrypting the attachments.