Adding Email Archival Rules to PGP Universal Server Policy

book

Article ID: 156342

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

This article presents best practices for enabling mail archival in PGP Universal Server 3.2.1.

Background
The default mail policy rules in PGP Universal Server version 3.2.1 are configured to run in both PGP Desktop Email Messaging and PGP Universal Gateway Email.
The mail policy action "Send copy to alternate archive server" can only be added to a mail policy chain whose rule applicability is "Server Only".
There are two common deployment scenarios for securing outbound email with PGP Universal Gateway Email:
·         In a recommended high-efficiency deployment, a mail router selectively routes mail to PGP Universal Server Gateway Email for encryption. Thus, only messages that require encryption reach PGP Universal Server. In this case, it is desirable that all messages be archived.
·         In the alternate deployment, PGP Universal Server sits in the outbound mail stream and processes all outgoing mail. PGP Universal Gateway Email applies policy to each message and encrypts only those messages flagged by policy. In this case, it is desirable that only secured messages be archived.

Resolution

Steps

Note: Depending on your deployment scenario, use only one of the following procedures.
When PGP Universal Server receives only mail that requires encryption
1.       In the Universal Server management console, navigate to Mail > Mail Policy.
2.       Click Add Policy Chain and do the following:
·         For Name, enter "Outbound: Server Archival."
·         For Rule applicability, select Server Only.
3.       Click Save.
4.       Select the mail policy chain you just created, Outbound: Server Archival.
5.       Click Add Rule and do the following:
·         For Rule Name, enter "Archive Message."
·         For Description, enter "Always archive outbound messages routed to PGP Universal Server. Then continue processing Outbound rules."
6.       Under Conditions, click the arrow and select The condition is always true.
·         When prompted that current conditions will be deleted, click OK.
7.       Under Actions, click the arrow and select Send copy to alternate archive server and do the following:
·         Under Archive Server, click the arrow and select Add new archive server.
·         In the Add Archive Server dialog box, enter the details of an SMTP server that will accept mail for archiving and click OK.
·          Specify the encryption or decryption options required.
8.       Click the "+" icon to add one more action.
9.       Under Actions, click the arrow and select Go to chain, and then click the arrow for Chain and select Outbound.
10.   Click Save.
11.   Select Mail > Mail Policy.
12.   Select the Default policy chain, and then select the rule Outbound Server Mail.
13.   Do the following:
·         Select the Actions tab of this rule and change the Chain from Outbound to Outbound: Server Archival.
·         Change the description to “If this rule is executed on the server, go to the "Outbound: Server Archival" chain.
14.   Click Save.
When PGP Universal Gateway Email is in the outbound mail stream
1.       In the Universal Server management console, navigate to Mail > Mail Policy.
2.       Click Add Policy Chain and do the following:
·         For Name, enter "Outbound: Archive Secure Message"
·         For Rule applicability, select Server Only.
3.       Click Save.
4.       Select the mail policy chain you just created, Outbound: Archive Secure Message.
5.       Click Add Rule and do the following:
·         For Rule Name, enter "Archive Message."
·         For Description, enter " Archive the message and then continue processing Outbound: Secure Message rules."
6.       Under Conditions, click the arrow and select The condition is always true.
·         When prompted that current conditions will be deleted, click OK.
7.       Under Actions, click the arrow and select Send copy to alternate archive server and do the following:
·         Under Archive Server, click the arrow and select Add new archive server.
·         In the Add Archive Server dialog box, enter the details of an SMTP server that will accept mail for archiving and click OK.
·          Specify the encryption or decryption options required.
8.       Click the "+" icon to add one more action.
9.       Under Actions, click the arrow and select Go to chain, and then click the arrow for Chain and select Outbound: Secure Message.
10.   Click Save.
11.   Select Mail > Mail Policy.
12.   Click Add Policy Chain and do the following:
·         For Name, enter “Outbound: Secure and/or Archive Message”.
·         For Rule applicability, select Server and Client.
13.   Click Save.
14.   Select the mail policy chain you just created, Outbound: Secure and/or Archive Message.
15.   Click Add Rule and do the following:
·         For Rule Name, enter "Server."
·         For Description, enter “Archive secure messages processed on the server.”
16.   Under Conditions, do the following:
·         Click the arrow and select Application.
·         Click the arrow and select is PGP Universal Server.
17.   Under Actions, do the following:
·         Click the arrow and select Go to Chain.
·         Click the arrow for Chain and select Outbound: Archive Secure Message.
18.   Click Save.
19.   Still in the mail policy chain Outbound: Secure and/or Archive Message, click Add Rule and do the following:
·         For Rule Name, enter "Client."
·         For Description, enter “Skip archiving secure messages processed on the client.”
20.   Under Conditions, click the arrow and select The condition is always true.
·         When prompted that current conditions will be deleted, click OK.
21.   Under Actions, do the following:
·         Click the arrow and select Go to Chain.
·         Click the arrow for Chain and select Outbound: Secure Message.
22.   Click Save.
23.   Select Mail > Mail Policy.
24.   Select the Outbound policy chain.
25.   Select the rule Always Encrypt Sensitive Messages, and do the following:
·         Click Edit Actions.
·         Change the Chain from Outbound: Secure Message to Outbound: Secure and/or Archive Message.
·         Click Save.
26.   Select the rule Encrypt Button, and do the following:
·         Click Edit Actions.
·         Change the Chain from Outbound: Secure Message to Outbound: Secure and/or Archive Message.
·         Click Save.
27.   Select the rule PDF Messenger, and do the following:
·         Click Edit Actions.
·         Change the Chain from Outbound: Secure Message to Outbound: Secure and/or Archive Message.
·         Click Save.