HOW TO: Encrypt email messages stored on IMAP Servers
search cancel

HOW TO: Encrypt email messages stored on IMAP Servers

book

Article ID: 153366

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction


This article details how to enable the encryption of email messages stored on IMAP servers using an advanced preference setting available in PGP Universal Server managed PGP Desktop 9.9.1 and above clients.

Resolution


When using SMTP and IMAP protocols for email, after sending a message, the email client then uploads a copy of the sent email message over IMAP to the user's mail server. The copy of the message is stored on the server unencrypted and unsigned. However, retrieving messages from the server still requires you to enter your login credentials as if logging into your email client inbox.

The following preferences can be configured to enable the encryption of IMAP messages stored on the server.

  • mailEnableSecureFolders - enables copies of sent messages to be secured.
  • mailSecureFolderAction - Determines action on sent messages (Encrypt, Encrypt and Sign, and Sign).
  • mailSecureFolderList - list of folder names to secure. Wild-cards are accepted.
  • mailSecureFolderPassthruOnFailure - specifies if PGP Desktop client should store messages unsecured if an error is encountered.
Note: This article applies to PGP Universal Server managed PGP Desktop 9.9.1 and above clients running on Windows 2000, XP, Server 2003, and Windows Vista.

The feature to enable encryption of email messages stored on IMAP servers is disabled by default. Use the steps below to enable the feature for PGP Desktop clients.

Enable Secure Folders for IMAP

  1. Login to the PGP Universal Server administrative interface.
  2. Click the Policy>Internal User Policy card.
  3. Click the desired policy to edit.
  4. Under Policy Options, click the Advanced tab.
  5. Click the Edit Preferences... button. The XML Preferences Editor screen displays.

    Editing XML Preferences

    Caution: XML preferences should be edited with discretion. A misconfiguration may cause your PGP Desktop clients to stop functioning properly.

  6. At the bottom of the editor, enter mailEnableSecureFolders in the Pref Name field.
  7. Leave the Type as Boolean and enter true for the Value.
  8. Click Save.

Set the encryption option for the folder

  1. Click the Edit Preferences... button. The XML Preferences Editor screen displays.
  2. At the bottom of the editor, enter mailSecureFolderAction in the Pref Name.
  3. Change the Type to Integer and enter 0,1, or 2 in the Value field.

    0 (Encrypt and Sign)
    1 (Encrypt) - Default
    2 (Sign)
  4. Click Save.

Establish which folders to secure

  1. Click the Edit Preferences... button. The XML Preferences Editor screen displays.
  2. At the bottom of the editor, enter mailSecureFolderList in the Pref Name field.
  3. Change the Type to String and enter the desired names of the folders to be secured in the Value field. Separate folder names with a semicolon. Using * as a wild-card is supported. The following list are the default values:
  • Sent
  • *
  • GESENDETE
  • ????????
  1. Click Save.
You can also set the option to store messages unsecured if an error is encountered using the mailSecureFolderPassthruOnFailure preference. If you want to upload the original unsecured message if it cannot be secured, set the preference to True. If you want to block the message from being uploaded if it is not secure, set the preference to False. Use the following to enable this option:

  1. Click the Edit Preferences... button. The XML Preferences Editor screen displays.
  2. At the bottom of the editor, enter mailSecureFolderPassthruOnFailure in the Pref Name field.
  3. Leave the Type as Boolean and enter true for the Value to enable the option.
  4. Click Save.

Powered by Wolken Software