Why does Exchange block GPG-encrypted messages?

Posted on 2009-04-06
Last Modified: 2013-11-30
I am trying to implement an encryption solution using GPG, but it seems our Exchange server is blocking every message that has been encrypted. Signed messages work fine, and receiving encrypted messages also works, but as soon as i try to send an encrypted message, i get a mail from "System administrator" (wouldn't that be me? ;)) telling me that the the message couldn't be delivered, and a pretty uninformative error-code: [0x80004005-00000000-00000000]. Googling it doesn't really turn up much. I have tried disabling our av/spam detection and smtp scanner in our sonicwall, but to no avail. We also have a trend-micro mail scanner running on the exchange server, which i've also tried disabling, and it doesn't help. I've also tried checking and fixing the exchange servers mailbox store integrity, no help either. Can anyone help?
Question by:markqvist
  • 4
  • 2
LVL 65

Expert Comment

ID: 24082816
I doubt if it is Exchange blocking the message. The AV would be my guess. Unfortunately disabling the AV is not enough, you need to remove it. When it is disabled its hooks remain in the system.
It could also be your firewall, if that scans SMTP traffic.
Exchange doesn't care what the message is, but something scanning the traffic would.


Author Comment

ID: 24088255
Thank you for the feedback. Unfortunately, totally removing the AV is not an option, since it is running on our production Exchange server, and it also wouldn't be very smart cost-wise, since we already paid for a license that runs a few years from now. Can you suggest alternative options? We are running Trend Micro as our antivirus.

Author Comment

ID: 24088274
To clarify, I didn't just disable the AV entirely. I went to the configuration console and disabled all scanning modules relevant for outgoing mail traffic.
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

LVL 65

Expert Comment

ID: 24088579
Due to the way that the AV integrates with Exchange, removing it is the only way to prove it is not the cause of the problem. Disabling it is not enough, because of the hooks in to the application.

You need to remove it, then reboot. If the problem goes away, try reinstalling it. If the problem returns then you have to go back to Trend and ask them why they are blocking the messages.
If they cannot assist, then you will have to find another product or use a different system to encrypt messages.


Author Comment

ID: 24088950
Thank you for your insight. I guess I will just have to try it out... We'll see if it works ;)

Accepted Solution

markqvist earned 0 total points
ID: 24418967
Turns out theres a bug in gnupg that prevents it from sending through exchange. I solved it by installing a local smtp server on the computers and sending through that :)

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
how to add IIS SMTP to handle application/Scanner relays into office 365.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now