Issue Sending Message to Specific Domain from ETT
Michael Mall
For some reason, when I originate a message from the ETT tool’s “Send a Direct Message” tool to a Direct Address at the domain, strongeyecare.isharemedicalrecords.com, our mail logs indicate the recipient cannot be trusted. However, when I send a message to tes...@ett.isharemedicalrecords.com from a Direct Address on that domain, the outbound message is sent successfully and a Processed MDN is received successfully in response. Also, the users at that domain are able to successfully receive inbound messages from other Direct Addresses. Do you know what may cause this? Is the ETT, somehow, trying to encrypt the message using the wrong certificate, such as the signing certificate instead of the encryption certificate?
Log entries showing outbound message from m.e...@strongeyecare.isharemedicalrecords.com and an MDN being returned in response:
INFO 10:24:35,280 | org.nhindirect.gateway.smtp.james.mailet.NHINDSecurityAndTrustMailet | Proccessing incoming message from sender m.e...@strongeyecare.isharemedicalrecords.com
INFO 10:24:36,021 | james.mailetcontext | Remotely delivering mail Mail1663687475270-11de2458-89a3-409b-97d8-b11826c30815
INFO 10:24:36,021 | james.mailetcontext | Sending mail to [tes...@ett.healthit.gov] on host ett.healthit.gov
INFO 10:24:36,026 | james.mailetcontext | Remote delivery thread (5) will process mail Mail1663687475270-11de2458-89a3-409b-97d8-b11826c30815-to-ett.healthit.gov
INFO 10:24:36,026 | james.mailetcontext | Attempting to deliver Mail1663687475270-11de2458-89a3-409b-97d8-b11826c30815-to-ett.healthit.gov
INFO 10:24:36,026 | james.mailetcontext | Attempting delivery of Mail1663687475270-11de2458-89a3-409b-97d8-b11826c30815-to-ett.healthit.gov to host ec2-34-235-25-130.compute-1.amazonaws.com. at 34.235.25.130 from m.e...@strongeyecare.isharemedicalrecords.com for addresses [tes...@ett.healthit.gov]
INFO 10:24:41,377 | james.mailetcontext | Mail (Mail1663687475270-11de2458-89a3-409b-97d8-b11826c30815-to-ett.healthit.gov) sent successfully to ec2-34-235-25-130.compute-1.amazonaws.com. at 34.235.25.130 from m.e...@strongeyecare.isharemedicalrecords.com for [tes...@ett.healthit.gov]
INFO 10:24:42,586 | org.nhindirect.gateway.smtp.james.mailet.NHINDSecurityAndTrustMailet | Proccessing incoming message from sender tes...@ett.healthit.gov
INFO 10:24:42,589 | org.nhindirect.stagent.cryptography.activekeyops.SplitDirectRecipientInformation | Searching for exchange encryption algorithm
Encrytpion algorithm OID: 1.2.840.113549.1.1.1
Encrytpion Provider: SAFENETPROTECTWRAPPER
INFO 10:24:42,589 | org.nhindirect.stagent.cryptography.activekeyops.SplitDirectRecipientInformation | getExchangeEncryptionAlgorithmName returning algorithm: RSA/ECB/PKCS1Padding
INFO 10:24:42,604 | org.nhindirect.gateway.smtp.NotificationProducer | No MDN messages to send.
INFO 10:24:42,653 | james.mailetcontext | Local delivered mail Mail1663687482518-98da6ed3-4820-47f1-8f27-b1da047643b7 sucessfully from tes...@ett.healthit.gov to m.e...@strongeyecare.isharemedicalrecords.com in folder INBOX
Log entries for message originating from ETT to m.e...@strongeyecare.isharemedicalrecords.com:
INFO 10:27:32,033 | org.nhindirect.gateway.smtp.james.mailet.NHINDSecurityAndTrustMailet | Proccessing incoming message from sender tes...@ett.healthit.gov
INFO 10:27:32,037 | org.nhindirect.stagent.DefaultNHINDAgent | Could not decrypt with message private cert subject CN=strongeyecare.isharemedicalrecords.com, O=Strong Eye Care, L=Dallas, ST=TX, C=US and serial number 9bb9807c0c73969555ae6afab0d83f3
ERROR=Unexpected
…
WARN 10:27:32,059 | org.nhindirect.stagent.trust.TrustModel | enforce(IncomingMessage message) - could not find a trusted certificate for recipient m.e...@strongeyecare.isharemedicalrecords.com
ERROR 10:27:32,061 | org.nhindirect.gateway.smtp.james.mailet.NHINDSecurityAndTrustMailet | Failed to process message: ERROR=NoTrustedRecipients
Screenshot of the ETT settings used to originate the message to m.e...@strongeyecare.isharemedicalrecords.com:
