Endpoint Encryption

 View Only
Back to discussions
Expand all | Collapse all

unable to send unsecured emails

  • 1.  unable to send unsecured emails

    Posted Jul 30, 2012 08:57 AM

    Hi,

    After upgrading from Windows XP and Office 2003 to Windows 7 and Office 2010 I had to reïnstall PGP desktop on the new PC.

    I mostly copied the configuration I had on my precious PC by editing the policies so that only "Encrypt + Sign" "Encrypt" and "Sign" are active. The first two are configured so that if a recipient's key is not available the email is sent unsecured.

    So I should have to click the encrypt and/or sign button for Outlook 2010 to send secure e-mail.

    Unfortunately PGP attempts to secure every outgoing email. Since there is no key for most recipient's the mail is never sent. PGP first tels me that it is "attempting to secure email" and after a few seconds that "some recipients will be processed later". In effect, those emails never get send.

    Am I doing something wrong? I'm really looking for a solution since I now have to completely disable PGP to get my unsecured e-mails out.



  • 2.  RE: unable to send unsecured emails

    Posted Jul 30, 2012 10:44 AM

    It sounds like all should work as you desire.  I don't know the problem, but wonder if it can be bypassed by having your two button policies at the top of the list of policies, and creating a third one right below those two:

    If any

    Recipient    is not   Nonsense@nonsense.com

    Send in Clear

     

    What PGP version are you using?  I'm wondering it it might be a version not compatible with either Windows 7 or Office 2010.



  • 3.  RE: unable to send unsecured emails

    Posted Jul 30, 2012 10:49 AM

    You need to look at your configuration, it seems you have missed something, or it is using opportunistic encryption coupled with KNF: Block or it is looking at an exception before it gets to the "Encrypt and Sign buttons" policy that comes with Outlook

    There is also an article that might be relevant

    http://www.symantec.com/docs/TECH149324

     



  • 4.  RE: unable to send unsecured emails

    Posted Jul 31, 2012 03:14 AM

    Thanks for your replies!

    @Tom
    The version I'm using is 10.2.1, as I understand it should be compatible with Windows 7 and Office 2010.
    I tried adding the policy you suggested, but unfortunately it did not make any difference.

    @Weevil

    I agree it looks like oportunistic encryption is enabled. I checked the config, but cannot find anything that would prompt the program to use opportunistic encryption.

    I attached 4 screenshots. I'm a real n00b at this, so if there is anything I'm missing, or something I'm doing wrong, please let me know.

     

     

     



  • 5.  RE: unable to send unsecured emails

    Posted Jul 31, 2012 07:13 AM

    Open PGP Desktop

    Click the PGP Messaging module on the top of the left hand side

    Click on you PGP messaging service in the PGP Messaging module (left hand side)

    Click Edit Policies on the right hand side

    You then disable undesired policies by removing the check for each

    You order your policies by clicking on one at a time, and then clicking Move Down, to move it down in the order.

    PGP processes the policies from the top down, and executes the first that applies



  • 6.  RE: unable to send unsecured emails

    Posted Jul 31, 2012 10:45 AM

    @Tom

    Thanks for your reply!
    I think I already followed the procedure you describe. Have a look at the screenshots I added to my previous comment. The problem is that, even with only these three policies active, PGP still tries to secure every outgoing email, regardless of wether those Sign and Encrypt buttons are used or not.

    If the order of the policies as shown in the secreenshots is wrong, couild you tell me what the correct order would be? Or if the configuration of the policies is wrong, could you tell me what should be changed?

    Thanks,

    Bert-Jan



  • 7.  RE: unable to send unsecured emails

    Posted Jul 31, 2012 11:14 AM

    The screenshots for the policies look like they should work.  However, I don't see a screenshot indicating the order of your policies, which would also show which policies are enabled.  If these are your only enabled policies, you don't have a policy stating what should happen when buttons are not selected - I think my suggested policy would address this need.  The default Opportunistic policy would also address this need, but it will also encrypt whenever keys are present to encrypt to.



  • 8.  RE: unable to send unsecured emails

    Posted Jul 31, 2012 11:38 AM

    Another policy that would probably meet your needs, if located right below your button policies:

    If any

    recipient is *

    Send in clear



  • 9.  RE: unable to send unsecured emails

    Posted Aug 02, 2012 10:35 AM

    Oops, you're absolutely right. I made the "all-policies" screenshot but forgot to add it. I attached it to this comment.

    I also added a screenshot of the policy ("test policy" in the first screenshot) I added as you suggested in your comment on july 30. Unfortunately that did not make a difference.

    I just changed that policy to the policy you suggested in your last comment (restarted the PC to be sure), but unfortunately that als made no difference. PGP still tries to secure all outgoing e-mails.

    Is there anything else I could try? I'd hate to stop using PGP and go through the hassle of finding another encryption solution 



  • 10.  RE: unable to send unsecured emails

    Posted Aug 02, 2012 11:41 AM

    Since the button policies are working for you, when you use the buttons, the problem appears to be that you need a policy that will process your outgoing email when you do not select a button.  At this point, I'd suggest that you enable the default Opportunistic Encryption policy, with its default settings.  If this lets all email go out, you can probably fine tune it to meet your needs.  If it doesn't work, you may need to return the button policies to their default settings.