Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

problem with keyserver: ldap://keyserver.pgp.com:389

Created: 06 Feb 2013 • Updated: 07 Feb 2013 | 1 comment
tito's picture

Hello,

I have PGP Universal server    3.3.0 (Build 8741) in the VMWARE ESXi environment: Symantec Encryption Server release 3.3.0.8741 (Ovid).

My question is following:

In the MAIL: "Policy Chain: Outbound" I have following custom rule:

--------------------------------

    This rule is always executed

     Edit Conditions

Actions

Send (encrypted/signed)

   Encrypt to recipient's key

    When suitable key not found send clear, signed

    Sign

    Preferred encoding format: Automatic

     Edit Actions   

Key Search

The following locations will be searched for keys by default:

   Internal users

    External users

These additional locations will also be searched:

    Keyserver of sender or recipient address (ldap://keys.$ADDRESS_DOMAIN:389)

    PGP Global Directory (ldap://keyserver.pgp.com:389)

--------------------------------

In the section "These additional locations will also be searched" there has been used only "ldap://keys.$ADDRESS_DOMAIN:389" value. Why?

I need to find keys by "PGP Global Directory (ldap://keyserver.pgp.com:389)" too.

See debug log below:

---

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00117: recipient cybermedi@yahoo.com: policy rule match: chain: "Default", rule: "Outbound Server Mail"

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00117: recipient cybermedi@yahoo.com: policy rule match: chain: "Outbound", rule: "kryptuj_muzesli"

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00117: key search <cybermedi@yahoo.com> [keys.yahoo.com]: Could not get recipient encryption key: Skipping keyserver keys.yahoo.com because it was down the last time it was checked

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00117: message accepted [250 2.0.0 Ok: queued as 602AE3DF3B3]

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00117: recipient 1/1 (cybermedi@yahoo.com): passing through unmodified

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00117:   [250 2.0.0 Ok: queued as 602AE3DF3B3]

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00117: connection from 192.168.200.10:10859 closed

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00116: message accepted [250 2.6.0 <2de4955a-dd7c-419c-bee2-1b3ef62c98e5@CAS1.eru.cz> [InternalId=9867] Queued mail for delivery]

Feb  6 17:21:28 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00116: recipient 1/1 (tikal@3t.cz): [Bcc] passing through unmodified

Feb  6 17:21:33 192.168.200.12 pgp pgp/messaging[3625]:       SMTP-00116: connection from 192.168.200.4:45978 closed

-------------------------------

Regards Tomas

Comments 1 CommentJump to latest comment

Alex_CST's picture

There is an option inside the universal server to use keyserver.pgp.com as a lookup source, but you can manually add it in keys > keyservers

Please mark posts as solutions if they solve your problem!

http://www.cstl.com