Encryption Management Server does not bounce outbound messages from unmanaged domains
Last Updated December 08, 2016
If Encryption Management Server receives an outbound message from a domain that is not listed in the management console under Consumers / Managed Domains, it proxies the message unmodified and does not apply message rules.
This can result in sensitive messages being sent in the clear.
The proxy log contains a message like this where the domain pgptest.co.uk is not a managed domain:
The sender will receive a message from Encryption Management Server explaining that the message bounced. By default, the message subject is "Message undeliverable" and the message contains the recipient's address and the connection ID. The connection ID can be used to search the Mail Log. The Message Template used for the bounce notification is:
Message Bounced -- Internal Server Error
Searching the Message Log for unmanaged domain blocked will reveal how many unmanaged domains have attempted to send email through the Encryption Management Server.
For assistance implementing this configuration change, please contact Symantec Technical Support.
Imported Document ID: TECH222992
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe