PGP Encryption Server Mail processing rules do not work as expected (Symantec Encryption Management Server)
Article ID: 231021
Updated On:
Products
Issue/Introduction
Sometimes, mail processing rules do not work as expected. For example, an outbound message that you believe should be encrypted is sent unencrypted.
Environment
Symantec Desktop Email Encryption and Symantec Encryption Management Server release 10.5 and above.
Resolution
If Encryption Desktop processing rules are not working as expected, please enable verbose logging in Encryption Desktop by following the steps in article 180838. Once verbose logging is enabled, each mail rule that was checked and each rule that was matched will be written to the "%appdata%\PGP Corporation\PGP\PGPlog.txt" log file. For example:
DE 10:52:16 MAPI Proxy: evaluating rule Inbound Mail: no match
DE 10:52:16 MAPI Proxy: evaluating rule Outbound Server Mail: no match
DE 10:52:16 MAPI Proxy: evaluating rule Outbound Client Mail: match
DE 10:52:16 MAPI Proxy: evaluating rule No Encryption for Regular Internal Users: no match
DE 10:52:16 MAPI Proxy: evaluating rule Passthrough If Encrypted: no match
DE 10:52:16 MAPI Proxy: evaluating rule Expand Mailing Lists: no match
DE 10:52:16 MAPI Proxy: evaluating rule Always Encrypt Sensitive Messages: no match
DE 10:52:16 MAPI Proxy: evaluating rule Encrypt Button: match
If Encryption Management Server rules are not working as expected, the rules that matched (but not the rules that didn't match) are written to the Mail log and can be viewed from the administration console by navigating to Reporting / Logs. For example:
SMTP-00006: recipient [email protected]: policy rule match: chain: "Outbound: Secure Message", rule: "Send Secure Message (Web)"
SMTP-00006: recipient [email protected]: policy rule match: chain: "Outbound", rule: "Always Encrypt Sensitive Messages"
SMTP-00006: recipient [email protected]: policy rule match: chain: "Default", rule: "Outbound Server Mail"
If debug logging is enabled, the log also shows rules that did not match. Please open a support case if you wish to enable debug logging.
The default mail policies were carefully designed by product specialists and should only be modified where absolutely necessary. It is possible to export a list of all the policies and rules for reference or troubleshooting purposes. To export the list, please do the following from the administration console:
- Navigate to Mail / Mail Policy.
- Click on the Options button on the bottom right of the page.
- Choose Print View for All. Note that the Export option creates a zip file containing the policies and rules in XML format. This is only useful for importing to another Encryption Management Server.
- A new window appears containing a list of all the policies and rules.
- Either click on the Print button and choose to print to a PDF file or right click on the page and save as HTML format.
It can be useful to compare the Encryption Management Server mail policies in your environment with the defaults. The default policies and rules for release 10.5 are attached to this article as 1640175628118__default_mail_policy.pdf. If you wish to restore the Encryption Management Server mail policies to the defaults, please do the following from the administration console:
- Navigate to Mail / Mail Policy.
- Click on the Restore To Factory Defaults button on the bottom left of the page.
Note that any modifications made to the default mail policies will not be modified by product upgrades.
Additional Information
Attachments
Feedback
