Endpoint Encryption

Hi, I have this problem with send Email from MS Exchange 2010 to relay with Gateway PGP.

THa mail returned to account with error 6 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#

This IS the log on PGPG gateway:

6141D147092: removed  Wed Oct 22, 2014 at 1:12:39 AM +02:00 
6141D147092: to=<postmaster@domain.it>, relay=192.168.10.6[192.168.10.6]:25, delay=1.6, delays=0.01/0/0.02/1.5, dsn=2.6.0, status=sent (250 2.6.0 <20141021231238.6141D147092@SME.domain.local> [InternalId=1452] Queued mail for delivery)  
certificate verification failed for 192.168.10.6: num=21:unable to verify the first certificate  
certificate verification failed for 192.168.10.6: num=20:unable to get local issuer certificate

Can you help me?

What is 192.168.10.6, your exchange server?  If it is, export the Exchange certificates, and import them into the "Trusted Keys" section of the PGP Server.

1. In the console tree, click Server Configuration.

2. Select the server that contains the certificate, and then select the certificate you want to export.

3. In the action pane, click Export Exchange Certificate.

4. On the Export Exchange Certificate page, select the certificate you want to export. The services that are checked are currently assigned to the certificate.

5. When you click Export, the Progress Page will confirm your selections and try to export the certificate.

6. The Completion page will display the status of the request together with the syntax of the Shell cmdlet needed to export the certificate.

Hello,

Did you create a smart host connector on MS Exchange to connect to the PGP server?  (Send Connector)

Thanks

Anthony

Hi everybody,

I create a new connector on Exchange for relay to PGP server and disable the default connector to internet.

I import into PGP server 2 certificate of exchange:

first cert of default installation exchange 2010,

second cert of globalsign for https,smtp,pop,IIS

but i have the same problem:

192.168.10.6 #<192.168.10.6 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#

Intestazioni originali del messaggio:

Received: from SME.Gamba.local (SME.Gamba.local [127.0.0.1])    by
 SME.Gamba.local (PGP Universal) with ESMTP id EA93714709F    for
 <danilo.sora@tresessanta.it>; Thu, 23 Oct 2014 00:47:20 +0200 (CEST)
Received: from Srv-Exc.Gamba.local ([192.168.10.6])  by SME.Gamba.local (PGP
 Universal service);  Thu, 23 Oct 2014 00:47:20 +0200
X-PGP-Universal: processed;
    by SME.Gamba.local on Thu, 23 Oct 2014 00:47:20 +0200
Received: from SRV-EXC.Gamba.local ([::1]) by Srv-Exc.Gamba.local ([::1]) with
 mapi id 14.01.0438.000; Thu, 23 Oct 2014 00:47:20 +0200
From: Postmaster <postmaster@studiolegalegamba.it>
To: "danilo.sora@tresessanta.it" <danilo.sora@tresessanta.it>
Subject: ee
Thread-Topic: ee
Thread-Index: Ac/uSiLfALGSpIeqQmWrshq9EfjhPA==
Date: Wed, 22 Oct 2014 22:47:19 +0000
Message-ID: <314BC0CD5675A7428F3659B0B01A3DB417280380@Srv-Exc.Gamba.local>
Accept-Language: it-IT, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.10.113]
MIME-Version: 1.0
Content-Language: it-IT
Content-Type: multipart/alternative;
    boundary="_000_314BC0CD5675A7428F3659B0B01A3DB417280380SrvExcGambaloca_"

this is the log on PGP server:

    0543D1470A1: removed        Thu Oct 23, 2014 at 12:47:37 AM +02:00    
0543D1470A1: to=<postmaster@studiolegalegamba.it>, relay=192.168.10.6[192.168.10.6]:25, delay=1.5, delays=0.04/0/0.01/1.4, dsn=2.6.0, status=sent (250 2.6.0 <20141022224736.0543D1470A1@SME.Gamba.local> [InternalId=1879] Queued mail for delivery)        Thu Oct 23, 2014 at 12:47:37 AM +02:00    
certificate verification failed for 192.168.10.6: num=21:unable to verify the first certificate        Thu Oct 23, 2014 at 12:47:36 AM +02:00    
certificate verification failed for 192.168.10.6: num=20:unable to get local issuer certificate

Can you post a screen shot of your mail proxy setup?

Thanks

Anthony

Hi Anthony,

this a screen shot.

Hello,

By your screenshot I don't see the Outbound mail to relay setup. This is your gateway.

Thanks

Anthony

Sorry Anthony, I'm not understand.

Outbound mail: Designated source ip exchenge server 192.168.10.6

Imbound mail: Exchange server  192.168.10.6

My gateway Ip address 192.168.10.100

Where is the configuration error?

Hello,

Send all outbound mail to relay would be the gateway. (Outbound Mail)

If you're using an SMTP unified then you'll need a gateway address so the mail can be sent out on the WAN if needed.

In some cases some networks like to use the setting send mail directly to recipient mailserver because there mail is going to a filter and then sent out on the WAN.

The settings you have, PGP is being told to route your mail back to your mail server so if the recipient is not part of the network then you'll have a mail loop which you'll have a relay problem.

(192.168.10.6 #<192.168.10.6 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#) Exchange error, no mailbox for recipient.  If you sent the e-mail out of network then you'll get this error if you have no gateway specified in your mail flow.

Thanks

Anthony

I Anthony,

this morning i solved the problem with your suggestion.

I config relay to another smtp server (in this case antispam server) and mail send correctly!

The next step i config the client Outlook. Adding the buttom PGP for sending mail with or without pgp crypt.

Hello,

The encrypt buttons for PGP can be enabled in your policy.  This should be under Messaging and keys.

If you have trouble encrypting your e-mail then make sure to disable the SSL in Outlook.  Also, to test this, get a public key from someone who has PGP.

Managed clients look at the mail policy first on the server.  If you want to use local policy then this can be enabled on the PGP client if you don't want to use the mail policy on the PGP server.  This is located in PGP Messaging and there is a check box above your policy window.

Thanks

Anthony