Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

PGP Web Mail Protection Not Working

Created: 27 Mar 2014 | 14 comments
Hyodo's picture

Hi, I have a problem sending Web Mail Protection, it's not working

my cfg:

PGP Server 3.3.1

with client Desktop 10.3.1

the WebMail Proctection service is Running,

I can send encrypt email just fine to internal user, however when I tried to send encrypt mail outside of the company ( xpto@gmail.com) the PGP Notifier gives the follow  figure

120px_pgp2.PNG

 

At Consumer policy I haver configured the Web Mail like this:

 pgp4.PNG  pgp3.PNG

 

I have creat a Policy Chain that tries to encrypt every e-mail which contains [web] at the subject, and if the KNF it will send by Web Mail Protection :

pgp5.PNG

 

 

I know e-mail is going to the right Policy because it tries to encrypt, however the PGP Web Mail Protection is not been used.

Anyone knows why ?

Did I forget to configure something ? 

Is It need a outbound proxy too ?

Thanks everyone

 

 

Operating Systems:

Comments 14 CommentsJump to latest comment

dcats's picture

Hi Hyodo,

Probably that rule you created is in the end of the chain and the message reaches a rule that allows the send in clear if the key is not found.
You can move that rule to the top of the chain (rules are evaluated top-down) and then it must be evaluated before it reaches any other and it stops processing.

Rgs,
dcats

dcats's picture

Hi Hyodo,

Probably that rule you created is in the end of the chain and the message reaches a rule that allows the send in clear if the key is not found.
You can move that rule to the top of the chain (rules are evaluated top-down) and then it must be evaluated before it reaches any other and it stops processing.

Rgs,
dcats

Hyodo's picture

Thanks dcats

but unfortunately it is not that.

I have created a test Policy chain, just to make is was not a problem of policy chain or rules

In that policy there is only that one rule. that acts if there is a "[web]" in the subject.

Becaus it's tries to encrypty, I know is getting to the right Policy chain e rule. that is the only rule.

it must be another configuration that I didn't it was necessary to Web Mail.

Could you think in something else ?

Thank you

 

Hyodo's picture

Sorry but no

That rule is in the only one in that chain

 

dcats's picture

Hi Hyodo,

Please open the SEMS console and go to Reporting > Logs, select the Mail log.
Once there, you can see if the chain you created was evaluated. If not, you will need to check how the mail chain was followed and insert your rule there.

Rgs,
dcats

Hyodo's picture

Hi dcats, thank you

I went to the Mail´s logs in verbose mode and it only shows event at the server, nothing about processing a e-mail.

So I went to see the PGP Desktop log ( at the client machine) and there is written:

10:42 Info Processing outgoing message from Hyodo <svc-teste@xxxx.com.br> with subject: [web]
10:42:18 Email  Info    Sending unsecured message to xxxxx@gmail.com

Could it be the client is trying to processs the e-mail by itself ? Without passing through the server ?

I tested the communication between the server and client and it is working.

Any Ideias ?

 

 

 

bipshr's picture

Hi Hyodo,

In order to match the chain you created, you need to add a rule in the Outbound chain like if message header contains [web], then action is to go to chain and specify your chain which contains the rule.

The same thing can also be achieved without needing to create an extra chain by simply adding a rule inside of the Outbound chain.

Hope it helps.

Best Regards,

Bipin

 

 

 

 

 

Hyodo's picture

Thank you Bipim,

but that is not the problem. The problem is, Why is it not sending the e-mail by the Web Mail Protection ?

Now I have just one rule at the outbound chain

the rule try to encrypt if there is a [web] at the subject and if KNF it should try to send by Web Mail Protection, but it doesn´t.

Could think any other ideia to help me please ?

thanks

bipshr's picture

Hi Hyodo,

If you don't see any mail processing in the mail log of the SEMS server, then I think your SEMS is outside the mailflow on your network. If you disable pgptray and send an email to your communication partner, does it go through SEMS? Can you check that please?

Thank you.

Best Regards,

Bipin

 

 

Hyodo's picture

Hum, it could be that.

 

Bipin how could I test if the mail is going through the SEMS ?

 

Regards

Hyodo's picture

And another thing.

 

Do I need to configure a outbound proxy to make sure the mail is going through the SEMS ?

 

 

thank you

bipshr's picture

First of all, you have to add the SEMS to your network. There are basically two server placement namely Gateway placement and Internal Placement. In the Internal placement, the SEMS is located between your email users and their local mail server. In the Gateway placement, the SEMS is located between your external facing mail server and the Internet.

For detail information, you may want to check the admin guide section: configuring mail proxies. Here is a link:

http://www.symantec.com/docs/DOC6711

Please feel free to contact us if you have further questions.

Have a great day.

 

Best Regards,

Bipin

Hyodo's picture

Thanks Bipin,

 

In this case I am using Microsoft Exchange 2010, do you know if I need to be careful in this case ?

 

Regards

bipshr's picture

Hi Hyodo,

Depending on where you place your SEMS (most common is gateway) in your network, you have to adjust your outbound relay on exchange.

Here is how the most common mail setup in a gateway placement looks like:

Outbound mail:

Clients ----> Mail Server --> SEMS --> Internet

The outbound mail gets encrypted on SEMS (depending on your mail policy settings).

Inbound mail:

Client <-- Mail Server <-- SEMS <-- Internet

The inbound mail gets decrypted on SEMS (depending on your mail policy settings)

Best Regards,

Bipin