Why does Exchange block GPG-encrypted messages?

Posted on 2009-04-06
Last Modified: 2013-11-30
I am trying to implement an encryption solution using GPG, but it seems our Exchange server is blocking every message that has been encrypted. Signed messages work fine, and receiving encrypted messages also works, but as soon as i try to send an encrypted message, i get a mail from "System administrator" (wouldn't that be me? ;)) telling me that the the message couldn't be delivered, and a pretty uninformative error-code: [0x80004005-00000000-00000000]. Googling it doesn't really turn up much. I have tried disabling our av/spam detection and smtp scanner in our sonicwall, but to no avail. We also have a trend-micro mail scanner running on the exchange server, which i've also tried disabling, and it doesn't help. I've also tried checking and fixing the exchange servers mailbox store integrity, no help either. Can anyone help?
Question by:markqvist
  • 4
  • 2
LVL 65

Expert Comment

ID: 24082816
I doubt if it is Exchange blocking the message. The AV would be my guess. Unfortunately disabling the AV is not enough, you need to remove it. When it is disabled its hooks remain in the system.
It could also be your firewall, if that scans SMTP traffic.
Exchange doesn't care what the message is, but something scanning the traffic would.


Author Comment

ID: 24088255
Thank you for the feedback. Unfortunately, totally removing the AV is not an option, since it is running on our production Exchange server, and it also wouldn't be very smart cost-wise, since we already paid for a license that runs a few years from now. Can you suggest alternative options? We are running Trend Micro as our antivirus.

Author Comment

ID: 24088274
To clarify, I didn't just disable the AV entirely. I went to the configuration console and disabled all scanning modules relevant for outgoing mail traffic.
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

LVL 65

Expert Comment

ID: 24088579
Due to the way that the AV integrates with Exchange, removing it is the only way to prove it is not the cause of the problem. Disabling it is not enough, because of the hooks in to the application.

You need to remove it, then reboot. If the problem goes away, try reinstalling it. If the problem returns then you have to go back to Trend and ask them why they are blocking the messages.
If they cannot assist, then you will have to find another product or use a different system to encrypt messages.


Author Comment

ID: 24088950
Thank you for your insight. I guess I will just have to try it out... We'll see if it works ;)

Accepted Solution

markqvist earned 0 total points
ID: 24418967
Turns out theres a bug in gnupg that prevents it from sending through exchange. I solved it by installing a local smtp server on the computers and sending through that :)

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now