shouldn't "outgoing" sessions have different session ID? i mean, that i have few situations, that single email was sent to recipients in different domains, and all those sessions have the same session ID... How to live? :)
With situation like this i have to also compare relay name in logs, to be sure, that message was sent with TLS or not... this is terrible!
Cross search the history log so you can see the event logs associated with the session. Look for STARTTLS entries before the "from:" and also before the "to:" entries
This is not a scalable solution to see in an overview what emails were sent unsecure thus having a possible breach where information could be leaked. Also now it is not possible to make a report based on this to give management an overview of this.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.