Symantec Encryption Management Server (PGP Server) has observed a rare condition when certain PDFs are not able to send and will bounce.  Upon reviewing the debug logs, the following exceptions are observed:

""2022/06/23 16:25:45 -05:00 ERROR pgp/messaging[28092]: SMTP-00020: error handling SMTP DATA event: existing PDF attachments could not be encrypted
2022/06/23 16:25:46 -05:00 DEBUG pgp/messaging[28092]: SMTP-00020: exception location:
2022/06/23 16:25:46 -05:00 DEBUG pgp/messaging[28092]: SMTP-00020: #0 Ovid::BoomerangEngine::makeEncryptedPDFMessage(Ovid::BoomerangEngine::BoomerangUserInfo const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, s from /lib/libovidserver.so.0
...
std::list<Ovid::BoomerangBounceRecipient, std::allocator<Ovid::BoomerangBounceRecipient> 
...
2022/06/23 16:25:46 -05:00 DEBUG pgp/messaging[28092]: SMTP-00020: SMTP Data ProtocolEvent returning with error -11980 (unknown error)
2022/06/23 16:25:46 -05:00 INFO pgp/messaging[28092]: SMTP-00020: pgpproxy: Error processing SMTP message, awaiting next client command. (-11980)."

Symantec Encryption Management Server (PGP Server) 10.5 and above.

Upon further review, it appears that only some PDFs cause this issue.  Symantec Encryption Engineering is currently reviewing this issue.  If you are running into this issue, reach out to Symantec Encryption Support for further guidance and mention this article.

There is a workaround to bypass the exception and send the messages out successfully.  Upon logging into the PGP Server, locate the PDF rules that are invoked when sending encrypted email.  Go to the Actions tab of the mail rule and check the box to encrypt both the body of the messages as well as the attachments.

When this is done, the entire email is encapsulated into a "PGPMessage.pdf" that is encrypted and the exception is no longer seen.

Important Note: If you wish to have both the body and the attachments encrypted, it is recommended you always have this check box enabled anyway to ensure that under all conditions all the content will be encrypted.

The use case to not have this box checked is if you want the email body left unencrypted and only the attachment encrypted.  This could be a form letter that contains generic information, but then the actual PDF is what contains the sensitive data.  If you are unsure if the body could contain sensitive data or not, it is a better idea to encrypt both the body and the email so that all the data is secured. 

EPG-27414

153269 - Symantec Encryption Management Server Web Email Protection Troubleshooting