If Encryption Management Server cannot make outbound http connections, an inbound message that is S/MIME signed and/or S/MIME encrypted, is deferred. The sending mail server therefore keeps trying to send the message. This occurs even though the inbound message is successfully processed by Encryption Management Server and successfully passed to its Inbound mail proxy.
The result is that the recipient receives the same message multiple times.
In a configuration such as this:
Internet -> SMTP mail server -> Encryption Management Server -> Microsoft Exchange Server
This error appears in the Encryption Management Server mail log. The message is proxied successfully to the Exchange Server but the transmission channel from the SMTP mail server is not closed properly:
2018/04/20 15:28:36 +01:00 NOTICE pgp/messaging: SMTP-00000: passing through unmodified
2018/04/20 15:28:36 +01:00 ERROR pgp/messaging: SMTP-00000: error handling SMTP DATA event: write failed
2018/04/20 15:28:37 +01:00 ERROR pgp/messaging: SMTP-00000: pgpproxy: error reading/processing message error=-11989 (write failed)
When Encryption Management Server processes an S/MIME signed and/or encrypted message, it checks whether the certificates that it observes in the mail flow are revoked. Revoked certificates should not be used.
There are two mechanisms used to check whether S/MIME certificates are revoked:
Both mechanisms require that the host checking the certificates can connect over HTTP to a remote host.
If Encryption Management Server cannot make outbound http connections it causes problems with S/MIME mail processing.
Symantec Encryption Management Server 3.4.2 and above.
There are two possible solutions to this issue:
Note too that in order for Encryption Management Server to check for revoked certificates using OCSP, Encryption Management Server must trust the certificates in the certificate chain of the sender's personal certificate: