search cancel

What happens when Web Email Protection Accounts Expire on Symantec Encryption Management Server?

book

Article ID: 202565

calendar_today

Updated On:

Products

Encryption Management Server PGP Key Management Server PGP Key Mgmt Client Access and CLI API

Issue/Introduction

What happens when Web Email Protection (WEP) Accounts Expire on Symantec Encryption Management Server (SEMS)?

 

 

Resolution

Web Email Protection users have a lifespan that is determined by the organization as well as the activity status of the WEP inbox. 

If a WEP user continues to login to their account, the account remains active on the SEMS.

If a user fails to login to their account for the configured amount of time, the user will receive a reminder 7 days before their account expires and the user must confirm (via clicking a link) their account is still active. 

NOTE: If the Account "Inactivity Expiration" period is less than 3 weeks, no reminder emails will be sent.  This should be a rare scenario because most accounts in production are typically 90 days or longer.

For example, an organization may configure the expiration settings for the account for 90 days (Inactivity Expiration).  If a user has not logged in to their account in 90 days, on day 83, the user should receive the reminder.  If the user fails to confirm their account, on day 90, the account will be removed from the SEMS.  When the account expires, all the email associated to that account is also removed.

There is a separate setting for the actual mail of an account (Message Expiration).  For example, an account may not expire until 90 days of inactivity, but messages themselves will expire regardless of how active the account is if the organization hosting the WEP accounts determine this.  For example, if messages expire every month, once a message reaches a month's age, the messages themselves will be cleaned up and the WEP account itself will remain.

All of the above are configurable on the SEMS to meet your individual needs.

 

What happens if you would like to reduce the window of account expirations?  For example, if your WEP accounts have an expiration date of 1 year, and you would like to move this to 6 months.  What will happen when accounts will immediately enter the expiration period and subsequently bypass the 7-day reminder period?

When this happens, all the accounts that are expired immediately will *not* send out any reminder for the users, they will immediately be expired, and during the daily cleanup, the users accounts will be removed.

Any other accounts that enter the 7 day period will receive the reminders.  The maximum number of reminder emails that can be sent per day via SEMS is 10,000.  When this limit is reached, the server will process those messages and the users will receive the links.  All users who click the reminder links will continue to use their account and everyone else will be cleaned up after the expiration period is reached.

 

TIP: If you would like to disable these account expiration notifications, there is a customization that can be made via SSH on the server.  Please contact Symantec Enterprise Support for more assistance in making this change.

Additional Information

153269 - Symantec Encryption Management Server Web Email Protection Troubleshooting

EPG-23744