Emails going to exception chain

book

Article ID: 156100

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Incoming emails cannot be parsed by Universal server and go to the exception chain. The mail is bounced per default back to the sender.

example logs:

SMTP-162150: recipient [email protected]: policy rule match: chain: "Default", rule: "Inbound Mail" Thu Dec 6, 2012 at 10:52:50 AM +01:00
SMTP-162150: recipient [email protected]: policy rule match: chain: "Inbound", rule: "Decrypt Message (SMTP)" Thu Dec 6, 2012 at 10:52:50 AM +01:00
SMTP-162150: fatal exception evaluating policy for recipient [email protected]: string operation failed - jumping to Exception chain Thu Dec 6, 2012 at 10:52:53 AM +01:00
SMTP-162150: recipient [email protected]: policy rule match: chain: "Exception", rule: "Bounce Inbound Message" Thu Dec 6, 2012 at 10:52:53 AM +01:00
SMTP-162150: recipient 1/1 ([email protected]): bouncing: internal server error Thu Dec 6, 2012 at 10:52:53 AM +01:00

Cause

The PGP Universal Server cannot parse and process mails that are non RFC compliant or otherwise corrupted.

To verify if the mail is corrupted it is advised to contact Technical support to enable RAW mail logging and create a network capture with tcpdump.

Resolution

The solution is here to inform the sender to submit RFC compliant mails.

The Exception chain can be configured to either bounce the bad mail or pass it through unmodified without processing it. Please refer to the admin guide for more details on how to configure mail policies.

Sometimes only mails from a certain domain cannot be parsed. This might for example occurr due to mail disclaimers being added to the encrypted and signed mail after is was processed by Universal server.  The mail is then not recognized anymore as encrypted and signed and will not be decrypted by Universal server. As the problem is only for one specific domain, it might help to create a rule in the Inbound Policy to always decrypt these mails. Below are the steps:

1. Go to Mail>Mail Policy. Click on Inbound policy.

2. Click on Add Rule and choose condition 'if any of the following are true'.

3. In the drop down choose 'Sender Domain', condition would be 'is' and add the domain name of the sender.

4. In the Action select Decrypt and Verify using Smart Annotation.

5. Save the new rule.

The mails would be automatically decrypted by the required domains.

 

The above workaround will not help for mails that otherwise are corrupted or not RFC compliant.


Applies To

PGP Universal Server in Gateway mode.