Enforcing message storage quota in Symantec Encryption Web Email Protection

book

Article ID: 159108

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

In a server cluster, if you enable the Symantec Encryption Web Email Protection service on a few servers, define a mail policy that uses Web Email Protection as the default Key Not Found (KNF) action, and enable message replication on all servers, the message storage quota is not enforced. This allows external users to receive emails in excess of their assigned quota without triggering any notifications.

Resolution

Symantec has provided a script (offline_quota.sh) to enforce the message storage quota in Symantec Encryption Web Email Protection. The script file is created in the /usr/bin directory after you install or upgrade to Symantec Encryption Management Server 3.3.2 MP1.

The script automatically detects when to update or read the quota cache, or when to enable or disable itself. If Web Email Protection is enabled, the script removes any offline quota from that particular server, caches usage data, and then replicates the cache to the other servers in the cluster.

However, if the Web Email Protection service is disabled, the script installs the offline quota schema and reads the combined cached quota data.

 

Applying the workaround

To apply the workaround, perform the following steps:

  1. On all servers in the cluster, schedule a cron job to run the following command at 5 to 15 minute intervals during business hours:

    /usr/bin/offline_quota.sh

    You can run the script more frequently if you regularly send large emails through the Web Email Protection service. Note: Ensure that the command is scheduled to run at a different time on each web email server to avoid a conflict when they update the cache.
     
  2. On all of the servers on which the Web Email Protection service is disabled, schedule a cron job to execute the following command at least once every 24 hours:

    /usr/bin/offline_quota.sh purge

The purge argument removes stale message data that is more than 7 days old from the database to conserve disk space on each server.

 

Uninstalling the workaround

To uninstall the workaround, perform the following steps on each of the servers in the cluster:

  1. Execute the following command at the command line shell to remove the offline quota cache from the database:

    /usr/bin/offline_quota.sh remove
     
  2. Delete the two cron jobs that you created, while applying the workaround, from the /etc/crontab file on the server.
     

Note: You can choose to perform this procedure on only the local server, without affecting the functionality of the workaround on the remaining servers in the cluster.

 

Verifying the installation status of the workaround

In the command line shell, enter the following command to perform a diagnostic test to verify the installation status of the offline quota schema:

/usr/bin/offline_quota.sh diag

 

Scheduling a cron job

To schedule a cron job, perform the following steps:

  1. In the command line shell, enter the following command to edit the /etc/crontab file:

    $ vi /etc/crontab
     
  2. Press i to enable Insert mode.
  3. Use the Down Arrow key to move the cursor to the end of the crontab file.
  4. Enter the following command to add a new cron job for the command that you want to run: Minutes Hours DayOfMonth Month DayOfWeek root YourCommand >& /dev/null

    You can use numeric values to specify the schedule for running the script as follows:

    • Minutes – 0 to 59
    • Hours – 0 to 23
    • DayOfMonth – 1 to 31
    • Month – 1 to 12
    • DayOfWeek – 1 to 7, where 7 represents Sunday
       
    Alternatively, you can indicate the Month and DayOfWeek values by name. You can also use an asterisk (*) as a wildcard value to cover all possible values for a particular unit of time.

    For example, the following command will schedule the cron job to run at 9:15 pm on every Sunday of every month: 15 21 * * 7 root YourCommand >& /dev/null
     
  5. For more detailed information about scheduling cron jobs, refer to the crontab command manual. 5. Enter the following command to save the crontab file: :wq

Deleting a cron job

To delete a cron job, perform the following steps:

  1. In the command line shell, enter the following command to edit the /etc/crontab file:

    $ vi /etc/crontab
     
  2. Use the Down Arrow key to move the cursor to the cron job that you want to delete.
     
  3. Press d twice to remove the selected cron job.
     
  4. Enter the following command to save the crontab file: :wq

Applies To

This issue applies to clustered servers on which Symantec Encryption Management Server 3.3.2 MP1 is installed.