Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Customer Hosted: Outbound Encrypt Rules for Gmail

  • Updated

Background

This document will guide you through the configuration of the Customer-Hosted Gateway rules backed by Gmail infrastructure.

Specific steps for this section include:

  1. Add Host
  2. Add Rule
  3. Test Rule

Assumptions: 

  • Mail Encryption Trigger:
    • #secure# in Subject Line as the encryption trigger (for testing purposes)
    • Outbound Messages
  • Mail Flow: Gmail > Gateway > Final Delivery
  • IP of the gateway is: 1.1.1.1

 

Skip to:

 

Diagram of Standard Mailflow

Diagram of Standard Mailflow

 

Creating Gmail Rules

In Google Admin, navigate to Apps > Google Workspace > Settings for Gmail > Hosts

Add Host

Select the ADD ROUTEbutton to add a new host that points to your Customer-Hosted Gateway running in either outbound-encrypt or Scanning mode,  and save your changes.

Add New Host

Add Mail Route

 

Content Compliance Settings

In Google Admin, navigate to Apps > Google Workspace > Settings for Gmail > Compliance:

Fill in appropriate information. 

  1. Name: Virtru Outbound Encrypt
  2. Email messages to affect: Outbound to encrypt external emails.
    • If also encrypting internally, select Internal-Sending  as well.

Add Setting

 

3. Add expressions that describe the content you want to search for in each message. 

If > All of the following match the message > Add Expression

The following example will illustrate using a keyword trigger in the subject line of an email. 

Screen_Shot_2021-04-23_at_10.33.28_AM.png

  • Subject Contains #secure# (for testing purposes)
    • Advanced Content Match
    • Location
      • Subject
    • Match type
      • Contains Text
    • Content
      • #secure#
  • Virtru Action for Loop Prevention
    • Advanced Content Match
    • Location
      • Full Headers
    • Match type
      • Not Contains Text
    • Content
      • X-Virtru-Encrypt 
  • Exclude Google Drive shares
    • Advance Content Match
    • Location
      • Envelope Sender
    • Match type
        • Not Contains Text
    • Content
      • google.com

Add Actions

  • Under "If the above expressions match, do the following":
    • Modify message
      • Add custom headers
      • Header Key: X-Virtru-Encrypt
      • Header Value: 1

Change Route

Change Route

 

Save the Rule to Gmail

Save

 

Create Virtru Encryption Rule 

Once the message is routed to the Customer-Hosted Gateway, a Virtru Security Rule must be created and enabled to evaluate the message and encrypt.  Each Virtru Security Rule is evaluated against each message sent to the Virtru Gateway.  The Virtru Security Rules are shared between the Customer-Hosted Gateway and the Virtru Clients.

To create a rule, go to Managing Security Rules in the Virtru Control Center.

 

 

 

Related articles