Update Feb 9, 2021: macOS 11.2 (Big Sur) no longer requires this utility to disable TLS as mentioned in this article, however, this information is retained for historical purposes. Symantec recommends updating macOS to version 11.2 for best results.
The macOS Big Sur native mail application includes easy setup as many clients, however as part of this, there is no option to disable TLS, which is required to use the proxy with Symantec Encryption Desktop. If the Mail app is configured to use SSL/TLS for communication, Symantec Encryption Desktop cannot encrypt or decrypt emails. To allow Symantec Encryption Desktop to secure email messages, users must disable the use of SSL/TLS for email communication on macOS computers. However, macOS Big Sur users are unable to manually disable the use of SSL/TLS from Mail > Preferences > Accounts.
If you are already using Symantec Encryption Desktop’s Email Messaging for macOS Big Sur and your email accounts are already configured, nothing needs to be done for upgrade.
If you are installing Symantec Encryption Desktop on Mac OSX 11.x for the first time, follow the steps below to disable SSL for configured mail accounts.
Symantec provides a script in order to disable TLS and allow you to encrypt/decrypt emails automatically and the steps below will go over how to use this script.
/Library/Application\ Support/PGP/PGPUpdateMailAccounts -update -noprompt
More details about the command line tool PGPUpdateMailAccounts can be found below:
PGPUpdateMailAccounts Usage Prerequisites
Terminal must have full disk access. Quit Mail app before running the tool.
The following path is where the tool is located:
The PGPUpdateMailAccounts tool will disable security from mail accounts by disabling SSL, changing SSL ports to non-SSL ports and allowing insecure authentication. This is needed so that PGP proxy on the client itself can read outgoing and incoming mails. PGP proxy on client will upgrade connection to mail server internally. The PGP proxy sits between the mailserver and the mail client, so all communications to/from the mailserver are still encrypted.
Running the tool:
Running the tool without any option will show a list of IMAP/POP/SMTP accounts for the user followed by an option to go through each account one by one and disable SSL.
Run with the -help option to show all available options.
Run with the -list option to show a list of IMAP/POP/SMTP accounts for the user.
To disable TLS for the account run the following:
The -update option will prompt for each account. You will need to press "y" to disable TLS for the account or "n" to keep TLS enabled for an account you do not wish to encrypt/decrypt.
To bypass confirmation prompt use -noprompt option, which will disable TLS for all mail accounts and will not ask:
PGPUpdateMailAccounts -update -noprompt
In order to pick accounts specifically to update supply the -acclist option:
PGPUpdateMailAccounts -update -noprompt -acclist 41 44 40
PGPUpdateMailAccounts -update -acclist 41 44 40
These commands will update supplied accounts only. Account IDs can be obtained by running the "-list" option with the tool.
Effect on system
This tool will attempt to change the following settings of Apple’s Mail app’s SMTP/POP/IMAP accounts without verification.
Note: The PGP proxy will upgrade the connection, so this disables TLS only for the mail client. The proxy sits between the mailserver and the mail client and will still provide secure authentication to protect your email content.