By default, when Encryption Management Server processes inbound email messages, it will automatically decrypt encrypted attachments that are attached to standard email messages.
For example, if a third party encrypts a file to an internal user's key using PGP Zip and then attaches the *.pgp file to a standard email message and sends it to the internal user, Encryption Management Server will decrypt the attachment and deliver the message with an unencrypted attachment to the internal user.
Clearly, where Encryption Management Server is being used as an email gateway and internal users do not have Encryption Desktop installed, this is necessary. Otherwise, internal users will receive a *.pgp attachment that they cannot open.
However, if internal users do have Encryption Desktop installed but Email functionality is disabled, such users may wish to decrypt the attachment themselves using PGP Zip. By doing this, it means the attachment is stored in an encrypted state within the user's mailbox.
Change the Decrypt Message (SMTP) rule to decrypt only messages that are fully encrypted.
From the Encryption Management Server administration console, do the following:
1. Navigate to Mail / Mail Policy.
2. Click on the Inbound policy chain.
3. Click on the Decrypt Message (SMTP) rule.
4. Click on the Edit Conditions button. By default, the conditions are:
5. Change Any part of the message is encrypted to All of the message is encrypted and click the Save button: