Encryption Management Server PDF Email Protection converts outbound email messages to password protected PDF attachments.
The password used to protect the PDF attachments is the passphrase that the PDF Email Protection user uses to login to the Web Email Protection portal.
Certain passphrases can be used for the Web Email Protection portal but fail when they are used in the PDF conversion process. The entry error handling SMTP DATA event: bad passphrase appears in the administration console under Reporting / Logs / Mail log and Encryption Management Server rejects the outbound message:
The MTA that sends the outbound message to Encryption Management Server will usually retry several times before bouncing the message back to the sender.
Passphrases that are known to cause this issue include the following characters:
Ą ą Ć ć Ę ę Ł ł Ń ń Ś ś Ź ź Ż ż
The above characters are all represented in Octal UTF-8 as 304 NNN or 305 NNN. For example, Ą is 304 204 and Ł is 305 201.
Symantec Encryption Management Server release 10.5 and above.
To workaround this issue, change the encryption cipher used by PDF Email Protection from the default of AES-128 to AES-256 by doing the following:
sed -i 's|aes</pdf-cipher>|aes256</pdf-cipher>|' /etc/ovid/prefs.xml
pgpsysconf --restart pgpuniversal
Broadcom is committed to product quality and satisfied customers. This issue is currently being considered by Broadcom to be addressed in a forthcoming version or Maintenance Pack of the product. Please be sure to refer back to this article periodically as any changes to the status of the issue will be reflected here.