If Encryption Management Server is clustered and some cluster members have the Web Email Protection service enabled and some do not, the quota information for each user is not enforced properly.
This can result in Web Email Protection users being told they have no quota remaining even if they have an empty mailbox.
It can also result in Web Email Protection users going over their quota.
This occurs if the cluster members that have the Web Email Protection service disabled process outbound messages for Web Email Protection users.
Quota usage is only replicated between cluster members that have the Web Email Protection service enabled and Message Replication set to All under Web Email Protection options.
Symantec Encryption Management Server 10.5 and above.
Quota limits are set on a global basis in the administration console under Services / Web Email Protection / Options but the Storage Quota value can be overridden on a per user basis.
By clicking on the Web Email Protection user's account, you can choose the default quota or various values between 1 MB and 1 GB.
If just a few users are affected, raising the individual quotas is the easiest solution.
An additional problem with cluster members that process outbound email for Web Email Protection users but have the Web Email Protection service disabled is that those outbound email messages will be stored by the server for whatever the message retention period is set to (3 months by default). In a busy environment this can cause disk space issues.
To resolve the disk space issues as well as the quota issues, implement the offline_quota.sh script which is part of the product:
To implement the script, please do the following.
On all cluster members that process Web Email Protection email, whether or not they have the Web Email Protection service enabled:
5 6-18 * * 1-5 root /usr/bin/offline_quota.sh >& /dev/null
pgpsysconf --restart crond
15 6-18 * * 1-5 root /usr/bin/offline_quota.sh >& /dev/null
Optionally, on all cluster members that process Web Email Protection email but have the Web Email Protection service disabled, purge messages older than 1 week by adding an additional entry to /etc/crontab:
10 5 * * * root /usr/bin/offline_quota.sh purge >& /dev/null
pgpsysconf --restart crond
After the cron job has run at least once, optionally check status with this command:
offline_quota.sh diag
Prior to upgrading Encryption Management Server, it is advisable to remove the script and then add it back after the upgrade. To remove the script, please do the following on each cluster member:
pgpsysconf --restart crond
offline_quota.sh remove