Outbound email messages sent through Encryption Management Server in Gateway mode do not get encrypted, even though when you navigate to Reporting / Logs and select the Mail log, you can see that the message appears to be encrypted. You see entries like this:

recipient 1/1 ([email protected]): signing, encrypting to 2 keys:

In addition, if a message cannot be encrypted because no recipient key could be found and the Mail log shows it as bouncing, no bounce message is received by the sender.

Symantec Encryption Management Server 3.4.2 and above.

Learn mode is enabled.

Check whether Learn Mode is enabled. If Learn Mode is enabled the Mail log will contain entries like this:

(learn mode is on, message will not be modified)

Learn Mode is enabled by default on a new installation of Encryption Management Server. In Learn Mode, Encryption Management Server:

• Creates user accounts with user keys, in accordance with Consumer Policy.
• Decrypts messages using internal and external keys stored on the server, but does not search for keys externally.
• Does not encrypt or sign messages.
• Will not apply mail policy to messages, and will not take any Key Not Found action on messages.

To turn off Learn Mode, click on the yellow icon on the top right of the administration console page and choose to disable it. Encryption Management Server must be licensed before you can take it out of Learn Mode.