Background
This document will guide you through the configuration of the Customer-Hosted Gateway rules backed by Gmail infrastructure.
Specific steps for this section include:
- Add Host
- Add Rule
- Test Rule
Assumptions:
- Mail Encryption Trigger:
-
#secure#
in Subject Line as the encryption trigger (for testing purposes) -
Outbound
Messages
-
- Mail Flow: Gmail > Gateway > Final Delivery
- IP of the gateway is: 1.1.1.1
Skip to:
Diagram of Standard Mailflow
Creating Gmail Rules
In Google Admin, navigate to Apps > Google Workspace > Settings for Gmail > Hosts
Add Host
Select the ADD ROUTE
button to add a new host that points to your Customer-Hosted Gateway running in either outbound-encrypt or Scanning mode, and save your changes.
Add New Host
Content Compliance Settings
In Google Admin, navigate to Apps > Google Workspace > Settings for Gmail > Compliance:
Fill in appropriate information.
- Name:
Virtru Outbound Encrypt
- Email messages to affect:
Outbound
to encrypt external emails.- If also encrypting internally, select
Internal-Sending
as well.
- If also encrypting internally, select
3. Add expressions that describe the content you want to search for in each message.
If > All of the following match the message
> Add Expression
The following example will illustrate using a keyword trigger in the subject line of an email.
- Subject Contains #secure# (for testing purposes)
- Advanced Content Match
-
Location
- Subject
-
Match type
- Contains Text
-
Content
- #secure#
- Virtru Action for Loop Prevention
- Advanced Content Match
-
Location
- Full Headers
-
Match type
- Not Contains Text
-
Content
- X-Virtru-Encrypt
- Exclude Google Drive shares
- Advance Content Match
-
Location
- Envelope Sender
-
Match type
-
- Not Contains Text
-
-
Content
- google.com
Add Actions
- Under "If the above expressions match, do the following":
- Modify message
- Add custom headers
- Header Key: X-Virtru-Encrypt
- Header Value: 1
- Modify message
Change Route
Save the Rule to Gmail
Create Virtru Encryption Rule
Once the message is routed to the Customer-Hosted Gateway, a Virtru Security Rule must be created and enabled to evaluate the message and encrypt. Each Virtru Security Rule is evaluated against each message sent to the Virtru Gateway. The Virtru Security Rules are shared between the Customer-Hosted Gateway and the Virtru Clients.
To create a rule, go to Managing Security Rules in the Virtru Control Center.