About
This document will guide you through the configuration of Virtru Gateway rules backed by Office 365 infrastructure.
Assumptions:
- CNAME Records Created so Virtru can sign DKIM and the virtrugateway.com domain can send on behalf of your domain.
- TXT Records Created so Virtru can verify domain ownership prior to implementation.
- Mail Flow The Virtru Hosted Gateway is preconfigured for maximum security and interoperability between systems.
(Example)
- Mail Decryption Trigger:
-
X-Virtru-Inbound-ScanningNOT in Header -
InboundMessages
-
- Mail Flow: Gmail > Gateway > MX > Gmail > Final Delivery
- Authorization
-
X-Virtru-Auth:00000000000000000000
-
Note
The Authorization Header is specific to your organization and will be provided to you by Virtru.
Jump to:
Diagram of Standard Mailflow
Connector Creation
Content Compliance Rule Creation
Create Virtru Encryption Rule
Diagram of Standard Mailflow
Create Connector
- Login into the Admin Console
- Navigate to the Exchange Admin Portal
- Navigate to the Mail Flow Section
- Navigate to the Connectors Tab
- Create a new Connector
- From: Office 365
- To: Partner Organization
- Name the Connector
- Ex: Virtru Hosted Gateway - Inbound Security Ruels
- Enter a description
- Optional
- When to use this connector
- Only when I have a transport rule setup that redirects message to this connector
- How do you want to route email messages
- Route email through these smart hosts
- smtp.virtrugateway.com
- Route email through these smart hosts
- How should Office 365 connect to your partner organization's email server
- Always use TLS
- Issued by a trusted certificate authority (CA)
- Validate Connector
- Connector may need to be validated
Transport Rule
Note
Office 365 transport rules are highly customizable, feel free modify the example expressions to meet your specific use cases.
- Navigate to the Mail Flow Section
- Navigate to the Rules Tab
Add New Rule - Authentication
- Enter Rule Details
- Name
- Virtru Inbound Security Rules - Authentication
- Conditions
- The Sender is located: Outside the organization
- The Recipient is located: Inside the organization
- Actions
- Add Header
- Name: X-Virtru-Auth
- Value:<Virtru Provided>
- Add Header
- Exceptions
- If Header Contains Text
- Name: X-Virtru-Inbound-Scanning
- Value: 1
- If Header Contains Text
- Name
Diagram
Add New Rule - Routing
- Enter Rule Details
- Name
- Virtru Inbound Decrypt - Routing
- Conditions
- The Sender is located: Outside the organization
- The Recipient is located: Inside the organization
- Actions
- Modify Message Properties>Set a message header
- Name: X-Virtru-Inbound-Scanning
- Value: 1
- Redirect Message to>The following connector
- Virtru Hosted Gateway - Inbound Security Rules
- Modify Message Properties>Set a message header
- Exceptions
- The message header>includes any of these words
- Name: X-Virtru-Inbound Scanning
- Value: 1
- The message header>includes any of these words
- Name
Diagram
Click Save and Finish setup
Create Virtru Encryption Rule
Once the message is routed to the Virtru Hosted Gateway, a Virtru Security Rule must be created and enabled to evaluate the message and encrypt. Each Virtru Security Rule is evaluated against each message sent to the Virtru Hosted Gateway. The Virtru Security Rules are shared between the Virtru Hosted Gateway and the Virtru Clients.
To create a rule follow this LINK