The PGP Encryption Server (Symantec Encryption Management Server) cannot decrypt S/MIME email encrypted using the RSAES-OAEP (RSA Encryption Scheme - Optimal Asymmetric Encryption Padding) key transport algorithm.

The mail log will contain entries like this when the PGP Encryption Server attempts to decrypt an RSAES-OAEP encrypted message:

2017/10/11 09:30:09 +01:00  INFO   pgp/messaging[3412]:      SMTP-00001: recipient [email protected]: policy rule match: chain: "Inbound", rule: "Decrypt Message (SMTP)"
2017/10/11 09:30:09 +01:00  WARN   pgp/messaging[3412]:      SMTP-00001: fatal exception evaluating policy for recipient [email protected]: unimplemented public key operation - jumping to Exception chain

PGP Encryption Server 3.3 and above.

This behavior is by design.  Symantec Corporation is committed to product quality and satisfied customers.

If you are running into this issue, reach out to Symantec Encryption Support for further guidance.