Background
This document will guide you through the configuration of Virtru Gateway rules backed by Office 365 infrastructure. Header check will be added to ensure mail routing loops are prevented.
Specific steps for this section include:
- Create Send Connector
- Create Receive Connector
- Create Transport Rule
- Test Rule
Assumptions:
- Mail Decryption Trigger:
- Body contains Virtru Key Phrases
External
SenderInternal
Recipient
- Mail Flow: O365 > Gateway > O365 > Final Delivery
- IP of the gateway is: 1.1.1.1
Skip to:
Diagram of Standard Mailflow
Create Send Connector
- Login into the Admin Console
- Navigate to the Exchange Admin Portal
- Navigate to the Mail Flow Section
- Navigate to the Connectors Tab
- Create a new Connector
- From: Office 365
- To: Partner Organization
- Name the Connector
- Ex: Virtru Inbound Decrypt - Send
- Enter a description
- Optional
- When to use this connector
- Only when I have a transport rule setup that redirects message to the connector
- How do you want to route email messages
- Route email through these smart hosts
- Ex: 1.1.1.1
- Ex: gw.example.com
- Route email through these smart hosts
- How should Office 365 connect to your partner organization's email server
- Always use TLS
- Any digital certificate
- Validate Connector
- Connector may need to be validated
Create Receive Connector
- Login into the Admin Console
- Navigate to the Exchange Admin Portal
- Navigate to the Mail Flow Section
- Navigate to the Connectors Tab
- Create a new Connector
- From: Your organization's email Server
- To: Office 365
- Name the Connector
- Ex: External to O365
- Enter a description
- Optional
- What sender IP addresses do you want to use to identify your partner
- Specify the sender IP address
- Ex: 1.1.1.1
- Specify the sender IP address
Transport Rule
- Login into the Admin Console
- Navigate to the Exchange Admin Portal
- Navigate to the Mail Flow Section
- Navigate to the Rules Tab
- Add new Rule
- Enter Rule Details
- Name
- Ex: Virtru Inbound Decrypt - Send
- Conditions
- Sender: Is Outside the Organization
- Recipient: Is Inside the Organization
- Subject Or Body Contains:
- --- START PROTECTED MESSAGE TDF
- --- START VIRTRU SEARCH TOKENS ---
- Actions
- Send to Connector: Virtru Inbound Decrypt - Send
- Add Header
- Name: X-VIRTRUDECRYPT
- Value: 1
- Exceptions
- If Header Exists
- Name: X-VIRTRUDECRYPT
- Value: 1
- If Header Exists
- Name