By default, Encryption Management Server sends notification email messages from:

[email protected]

where domain is derived from the Encryption Management Server hostname.

For example, if the hostname is keys.example.com, notification messages will be sent from [email protected].

This default email address can be modified. See article 154712 for details.

However, even if the default email address is modified, some bounce messages are still sent from the default email address.

This can occur when a Web Email Protection user sends a message to an invalid email address in a managed domain.

A possible scenario is as follows. Please download and open the attached message_undeliverable.eml email message for an example of a bounce message:

• Encryption Management Server hostname: keys.example.com
• Web Email Protection service: enabled
• Managed Domain: example.com
• Web Email Protection user email address: [email protected]

If the above Web Email Protection user sends a message to [email protected], a bounce message with the following attributes is generated by Encryption Management Server:

• Sender: [email protected]
• Recipient: [email protected]
• Subject: Message undeliverable: Returned to Sender
• Message Body:

This is the mail system at host keys.example.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to pgp-universal-admin.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[email protected]>: host keys.example.com[10.0.0.10] said:
    550 5.1.1 <[email protected]>: Recipient address rejected: User
 unknown in relay recipient table (in reply to RCPT TO command)

• Attachments:

1. details.txt - A text file containing details of why the message bounced.
2. The message that [email protected] sent.

Note that the bounce message will be sent directly to [email protected] and not to their Web Email Protection mailbox.

Symantec Encryption Management Server 3.4 and above.

This issue only occurs if the mail route for the managed domain points to a mail server that checks that the recipient address is valid before it accepts the complete message. In other words, if the mail server checks at the RCPT TO stage of the SMTP process.

Note that Microsoft Exchange does not check at the RCPT TO stage. If the recipient domain is one that Exchange hosts, it accepts the complete message before checking whether the recipient is valid. If the recipient is not valid, it will bounce the message. By default, the bounce message will be sent from the postmaster account.

There are a number of possible solutions to this issue. For example:

1. Route mail for managed domains to a mail server that accepts the whole message before checking whether the recipient is valid. Bounce messages will then be sent from that mail server rather than from Encryption Management Server.
2. Create a mail rule that checks whether messages sent from Web Email Protection users are addressed to Encryption Management Server internal users and if they are not, bounce them. Bounce messages will be sent from Encryption Management Server but the sender address will be the address that is used for notification emails.