About

This guide outlines the steps to configure Microsoft Exchange Server On-Premise to work with the Virtru Customer Hosted Gateway for outbound email encryption. The setup uses Exchange Send and Receive Connectors to route and receive messages processed by the Gateway.

Step 1: Create a Send Connector to Route All Outbound Mail to the Virtru Gateway

A Send Connector defines how Exchange sends outbound email to partner Mail Transfer Agents (i.e, Virtru Gateway).

In This Setup:

• All outbound email from Exchange is routed through the Virtru Gateway, which applies encryption policies based on headers or DLP rules set in the Virtru Control Center before sending it to the final recipient.

Key Benefits:

• Routes email through a secure, policy-enforced encryption layer.

• Supports routing based on specific sender domains or DLP triggers.

• Helps ensure regulatory compliance and secure external communications.

1. Open Exchange Admin Center (EAC)
   Navigate to: Mail Flow > Send Connectors

2. Add a New Send Connector

   • Name: Virtru Outbound Connector

   • Type: Custom

   • Click Next

3. Configure Network Settings

   • Choose: Route mail through smart hosts

   • Add the Gateway's IP or FQDN
     Example: 10.0.0.2 or gateway.yourdomain.com

   • Click Next

4. Smart Host Authentication

   • Select: None 

5. Configure Address Space

   • Click Add

     • Type: SMTP

     • FQDN: *

     • Cost: 1

   • Click Next

6. Configure Source Servers

   • Add your Exchange server
     Example: EXCHANGE-01.yourdomain.com

   • Click Finish

7. Final Configuration

   • Ensure Connector Status is Enabled

   • Optional comment: Send all emails through the Virtru Encryption Gateway

   • Set Max send message size (e.g., 35MB) if required

Step 2: Create a Receive Connector for the Virtru Gateway

A Receive Connector controls how your Exchange server accepts incoming email from trusted sources.

In This Setup:

• After the Virtru gateway encrypts outbound messages, they are returned to Exchange for final delivery.

• The Receive Connector ensures that only secure, authorized traffic from the Gateway is accepted.

Key Benefits:

• Accepts traffic only from trusted IPs (the Virtru Gateway).

• Enforces TLS and Mutual TLS for secure delivery.

• Helps prevent unauthorized injection of messages into your mail flow.

1. Open Exchange Admin Center (EAC)
   Navigate to: Mail Flow > Receive Connectors

2. Add a New Receive Connector

   • Name: Virtru Inbound Connector

   • Server: Exchange01.yourdomain.com (replace with your actual server name)

   • Role: Frontend Transport

   • Type: Partner

   • Click Next

3. Configure Network Settings

   • Remote network settings: Add your Virtru Gateway IP address
     Example: 10.0.0.1

   • Network adapter bindings: Keep default (All available IPv4, port 25)

   • Click Finish

4. Edit Connector Properties

   • General Tab:

     • Confirm the Connector Status is Enabled

     • Optional comment: Receive all emails from the Virtru Encryption Gateway

   • Security Tab:

     • Authentication:

       • ☑ Transport Layer Security (TLS)

       • ☑ Enable domain security (Mutual Auth TLS)

     • Permission Groups:

       • ☑ Partners

   • Scoping Tab:

     • Remote network settings: Ensure 10.0.0.1 is listed (replace with actual Gateway IP or FQDN)

Summary

Final Verification

• Test outbound emails to verify routing through the Virtru Gateway.

• Confirm encryption is applied based on rules, headers, or DLP triggers.

• Review mail flow and logging for validation.