search cancel

Email stuck in Outbox indefinitely using Symantec Encryption Desktop for Email Encryption and Opportunistic Encryption

book

Article ID: 163760

calendar_today

Updated On:

Products

Desktop Email Encryption

Issue/Introduction

After enabling email encryption with standalone Symantec Encryption Desktop, emails are indefinitely sitting in the Outbox and will never be sent out.

Upon reviewing the logs, possible entries observed:

"Searching server keyserver.pgp.com for recipient <[email protected]>"

"No usable encryption key found; message cannot be encrypted"

"Get Encryption Key for email [email protected]  failed with error server search failed (-11285)"

 

Cause

A possible cause of this issue is that the email encryption rule being invoked is the "Opportunistic Encryption" rule, which will attempt to find a key for any recipient being emailed.  If a suitable key is found, the message can be encrypted.  If no key is found, then the message will be sent unencrypted.

With Opportunistic Encryption, if no key is found, an attempt to search keyservers will be performed.  If port 389 or 636 to applicable keyservers is closed, or none of the configured keyservers can be reached, no key can ever be found "opportunistically" via the keyserver, and therefore the message will stay in the Outbox until a keyserver can be searched successfully.
 

Resolution

In order to resolve this behavior, enable ports 389 or 636, whichever applies to the keyserver in question, or make sure that there is proper connectivity between the endpoint and the keyserver. Then send the message again.  If this is not possible, disable the keyserver search in the rule, or disable the Opportunistic Encryption rule and configure a customized rule that can work for a particular scenario.