search cancel

Encryption Management Server decrypts attachments automatically

book

Article ID: 199987

calendar_today

Updated On:

Products

Encryption Management Server Encryption Management Server Powered by PGP Technology Gateway Email Encryption Gateway Email Encryption Powered by PGP Technology Encryption Desktop Powered by PGP Technology

Issue/Introduction

By default, when Encryption Management Server processes inbound email messages, it will automatically decrypt encrypted attachments that are attached to standard email messages.

For example, if a third party encrypts a file to an internal user's key using PGP Zip and then attaches the *.pgp file to a standard email message and sends it to the internal user, Encryption Management Server will decrypt the attachment and deliver the message with an unencrypted attachment to the internal user.

Clearly, where Encryption Management Server is being used as an email gateway and internal users do not have Encryption Desktop installed, this is necessary. Otherwise, internal users will receive a *.pgp attachment that they cannot open.

However, if internal users do have Encryption Desktop installed but Email functionality is disabled, such users may wish to decrypt the attachment themselves using PGP Zip. By doing this, it means the attachment is stored in an encrypted state within the user's mailbox.

Environment

  • Symantec Encryption Management Server release 3.4.2 and above.
  • Symantec Encryption Desktop 10.4.2 and above.

Resolution

Change the Decrypt Message (SMTP) rule to decrypt only messages that are fully encrypted.

From the Encryption Management Server administration console, do the following:

1. Navigate to Mail / Mail Policy.

2. Click on the Inbound policy chain.

3. Click on the Decrypt Message (SMTP) rule.

4. Click on the Edit Conditions button. By default, the conditions are:

5. Change Any part of the message is encrypted to All of the message is encrypted and click the Save button:

Attachments