Symantec Endpoint Protection email tools proxy does not scan encrypted POP3 email connections

Article:TECH102212  |  Created: 2007-01-20  |  Updated: 2007-01-15  |  Article URL http://www.symantec.com/docs/TECH102212
Article Type
Technical Solution


Environment

Issue



Why are encrypted email connections not scanned by the email tools?

Symptoms
Unscanned encrypted email messages received on the client



Cause



Messages sent over encrypted connections cannot be scanned.

Solution



This is normal operation of email scanning of encrypted connections. Symantec Endpoint Protection only monitors port 25 for SMTP traffic and port 110 for POP3 traffic. Symantec Endpoint Protection's email feature is designed to scan readable email for threats. This is done as a client of our email proxy tool which redirects ports 25 and 110. This type of redirection and interception of mail is exactly what secure email protocols are designed to protect against. As a result, Symantec Endpoint Protection can only intercept and scan unsecured standard SMTP and POP3 traffic. Encrypted email cannot be decrypted and the Endpoint Protection client will not have access to the attachments to scan for threats.

The advanced options "Allow encrypted POP3 connections" and " Allow encrypted SMTP connections" are to prevent the email proxy from interfering with secure email traffic over monitored ports 25 and 110. They are not designed to disable secure email transaction. If desired, this is more properly the role of the Network Threat Protection firewall.





Supplemental Materials

SourceETrack
Value895400

Legacy ID



2007072016163048


Article URL http://www.symantec.com/docs/TECH102212


Terms of use for this information are found in Legal Notices