search cancel

Some PDF Email Protection passphrases cause errors with email processing

book

Article ID: 227478

calendar_today

Updated On:

Products

Gateway Email Encryption Encryption Management Server

Issue/Introduction

Encryption Management Server PDF Email Protection converts outbound email messages to password protected PDF attachments.

The password used to protect the PDF attachments is the passphrase that the PDF Email Protection user uses to login to the Web Email Protection portal.

Certain passphrases can be used for the Web Email Protection portal but fail when they are used in the PDF conversion process. The entry error handling SMTP DATA event: bad passphrase appears in the administration console under Reporting / Logs / Mail log and Encryption Management Server rejects the outbound message:

The MTA that sends the outbound message to Encryption Management Server will usually retry several times before bouncing the message back to the sender.

Passphrases that are known to cause this issue include the following characters:

Ą ą Ć ć Ę ę Ł ł Ń ń Ś ś Ź ź Ż ż

The above characters are all represented in Octal UTF-8 as 304 NNN or 305 NNN. For example, Ą is 304 204 and Ł is 305 201.

Environment

Symantec Encryption Management Server release 10.5 and above.

Resolution

To workaround this issue, change the encryption cipher used by PDF Email Protection from the default of AES-128 to AES-256 by doing the following:

  1. ssh to Encryption Management Server.
  2. Run the following command:
    sed -i 's|aes</pdf-cipher>|aes256</pdf-cipher>|' /etc/ovid/prefs.xml
  3. Restart the mail proxy service:
    pgpsysconf --restart pgpuniversal

Broadcom is committed to product quality and satisfied customers. This issue is currently being considered by Broadcom to be addressed in a forthcoming version or Maintenance Pack of the product. Please be sure to refer back to this article periodically as any changes to the status of the issue will be reflected here.

Additional Information

EPG-25304

Attachments