Large Emails or Messages with Large Attachments are not Delivered by Symantec Encryption Management Server (SEMS)

book

Article ID: 158073

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

When sending a large email or an email message with a large attachment via the Symantec Encryption Management Server (previously PGP Universal Server),  the message is not delivered to recipient.

 

Possible errors in the logs:

2013/05/07 15:25:14 +01:00 ERROR pgp/messaging[2761]: SMTP-20562: pgpproxy: unable to send mail transaction data to server error=-11989 (write failed)
2013/05/07 15:25:15 +01:00 ERROR pgp/messaging[2761]: SMTP-20562: error handling SMTP DATA event: write failed
2013/05/07 15:25:15 +01:00 ERROR pgp/messaging[2761]: SMTP-20562: pgpproxy: error reading/processing message error=-11989 (write failed)
2013/05/07 15:25:15 +01:00 INFO pgp/messaging[2761]: SMTP-20562: connection from 172.xx.xx.xxx:56146 closed

 

Cause

1.      The issue can be caused if the proxylib buffer size is not set or set to too low on the server.

2.      Slow network speed could cause the next hop to close the connection while SEMS is still processing or transmitting the email.

3.      The email message passing through the server is more than 100 MB.

 

Resolution

1.      Check the size of the email: If the size of the email exceeds maximum permitted size of 100 MB then the email delivery will fail.

2.      Proxylib value: Check and make corrections to the proxylib value as per the article: http://www.symantec.com/docs/TECH171167

3.      Increase the network speed: Increase the network speed or check the Link Speed setting in the Network Interface settings of the Symantec Encryption Server:

Speed and duplex values together make up the link speed. SEMS determines which combinations of speed and duplex are appropriate for the hardware and offers only those as options.  You can also choose auto-negotiation, where the network interface determines the appropriate speed and duplex setting, but that does not always result in the best link speed.  Since auto-negotiation doesn’t always result in best link speed, this could be a possible cause of the issue.  You can manually select the speed by clicking on the drop-down on the Network Interface setting in SEMS.

 

What to do if Interface doesn’t show any link speed in the drop down list?

·         When a NIC is set to a custom link mode, rather than auto-negotiate, the network driver no longer advertises other link speeds.  SEMS requires access to the list of possible link speeds to populate the Network Settings Link Speed menu.  If you want to change the Link Speed from a custom setting, and no other custom settings appear, select Auto and restart SEMS.  After you restart, the Link Speed menu is
populated with all available options for the NIC.

·         MAC ID, MTU, and Link Speed are not applicable when using VMware because the ESX Server controls the network settings.  However, when you create a new virtual interface, those settings are automatically populated. If your SEMS is running on VMware and you want to create a new interface or edit an existing interface, you cannot save your changes until you clear the auto-populated MTU, MAC ID, and Link Speed settings.

If no value shows up in the interface settings even after a reboot, please note that SEMS determines which combinations of speed and duplex are appropriate for the hardware, and offers only those as options