Encryption Management Server Mail Log shows "not enough contiguous memory" error
Article ID: 155158
Updated On:
Products
Issue/Introduction
When sending large mail attachments through Encryption Management Server there may not be sufficient memory allocated to process the message. Sending the mail may fail and an error like this appears in the Mail Log:
2016/12/15 11:46:45 +01:00 ERROR pgp/messaging[28479]: SMTP-35780: pgpproxy: not enough contiguous memory to read in message error=-11999 (out of memory)
There have been some reports of third-party mail processing servers that can cause this behavior. When a third-party mail processing server is routing mail to the Encryption Management Server, there may be more resources needed to accommodate the additional mail processing communications. In the case of large attachments being sent, more memory may need to appropriately handle these attachments.
The maximum message size that Encryption Management Server can process is 100 MB. This maximum value is the size of the encoded message so in practice the maximum size of all files attached to a message will be 70 MB to 80 MB. Encrypting the message on the server will consume more resources and further reduce this practical maximum.
Additional error messages might be seen in the Mail Log:
pgpproxy: Error processing SMTP message, awaiting next client command. (-11980).
SMTP Data ProtocolEvent returning with error -11980 (unknown error)
error handling SMTP DATA event: out of memory
In a scenario where an MTA is sending to the PGP server outbound, mail may queue and may display a deferral error "451"
"451 Requested action aborted: error in processing"
There is another condition that may occur over time where the PGP Server cannot allocate memory with the following error:
"fork: Cannot allocate memory"
EPG-28017
Resolution
There are three possible solutions to this issue:
Table of Contents
Scenario 1: Restarting Services
Restarting all services may resolve this issue if it is seen very rarely. This will reinitialize the memory pool of the proxy service and remove any fragmentation of the memory pool that may have occurred.
Scenario 2: Increase Total Memory/RAM
Increasing the total RAM in the Encryption Management Server to the supported maximum of 16 GB may resolve this issue because the proxy service is allocated a maximum memory pool that consists of a fixed percentage of total RAM.
Scenario 3: Reach Out to Symantec Encryption Support
If the Encryption Management Server already has 16 GB RAM, a configuration option to increase the memory buffer for the Encryption Management Server proxy service can be added in order to resolve this issue. Please contact Symantec Support for assistance in making this configuration change.
Total Memory Consumption Information
In some rare cases, the PGP Server may show decreases in memory utilization even though it is not using this memory.
Consider the following when using "free -m" via SSH:
| Total | used | free | shared | buff/cache | available | |
| Mem: | 32174 | 19744 | 4343 | 1254 | 8087 | 10782 |
| ... | ||||||
| ... | ||||||
| Mem: | 32174 | 25608 | 231 | 1238 | 6334 | 4933 |
As you can see in the above table, the starting point is 10782 available memory.
Over time, the memory was used and eventually got as low as 4933.
EPG-27842/EPG-26789
Important Note: Although the system requirements state 4GBs as the minimum allocations needed, this is rarely enough memory for large environments.
The PGP Server should be allocated 32GBs of memory for larger and busy environments. Once this is done, we can allocate more memory to the PGPrep and PGPDatalayer binaries, which will allow for better system performance. Reach out to Symantec Encryption Support for guidance on making this change.
This is a very rare case, but if you are seeing memory issues, reach out to Symantec Encryption Support for further analysis.
Additional Information
EPG-28017
Feedback
