Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Customer Hosted: Inbound Decrypt Rules for Gmail

  • Updated

Background

This document will guide you through the configuration of the Customer-Hosted Gateway rules backed by Gmail infrastructure.

Specific steps for this section include:

  1. Add Host
  2. Add Rule
  3. Test Rule

Assumptions: 

  • Mail Decryption Trigger:
    • In the body of every Virtru-encrypted email, the phrase below can be found:
    • --- START PROTECTED MESSAGE TDF
  • Mail Flow: Gmail > Gateway > Final Delivery
  • IP of the gateway is: 1.1.1.1
  • Comprehensive Mail Storage is disabled

Comprehensive Mail Storage

If Comprehensive Mail Storage is enabled the unencrypted message will NOT be delivered, only the encrypted message will be delivered.

Items to Consider Prior to Enabling Inbound Decrypt

Gateway-level decryption decrypts inbound Virtru messages before they reach your inbox. Virtru advises following your organization's security policies to remain compliant.

 

Skip to:

 

 

Diagram of Standard Mailflow

Diagram of Standard Mailflow

 

 

 

Creating Gmail Rules

In Google Admin, navigate to Apps > Google Workspace > Settings for Gmail > Hosts

Add Host

Select the ADD ROUTEbutton to add a new host that points to your Customer-Hosted Gateway running in inbound decrypt mode, and save your changes

 

Add New Host

Add New Host

 

Content Compliance Settings

In Google Admin, navigate to Apps > Google Workspace > Settings for Gmail > Compliance:

Add Rule

Fill in appropriate information.

  1. Name: Virtru Inbound Decrypt
    • Email messages to affect: Inbound
    • If also decrypting internally, select Internal-Receiving  as well.

Add setting

 

2. Add expressions that describe the content you want to search for in each message. 

If All of the following match the message Add Expression

Edit Setting

 

Screen_Shot_2021-02-05_at_8.47.11_AM.png

  • Virtru Action for Decryption
    • Advanced Content Match
    • Location
      • Body
    • Match type
      • Contains Text
    • Content
      • --- START PROTECTED MESSAGE TDF

Add Another Expression

This will prevent loops in the mail flow

Add expression to prevent mailflow loop

 

  • Virtru Action for Loop Prevention
    • Advanced Content Match
    • Location
      • Full Headers
    • Match type
      • Not Contains Text
    • Content
      • X-MSGDECRYPT
        • This can also be customized to the header of your choice, i.e. X-Virtru-Decrypt

3. Add Header and Change Route

Add header change route

Under "If the above expressions match, do the following" > Modify message:

  • Add custom headers
  • Header Key: X-MSGDECRYPT
    • This can also be customized to the header of your choice, i.e. X-Virtru-Decrypt
  • Header Value: 1

Under Route, select "Change Route" and point this rule to your Customer-Hosted GW running in inbound decrypt mode:

Route

Add Setting

Add Setting

 

Save the Rule to Gmail

Save

 

 

Related articles