About
This document will guide you through the configuration of Virtru Gateway rules backed by Gmail infrastructure.
Assumptions:
- CNAME Records Created so Virtru can sign DKIM and the virtrugateway.com domain can send on behalf of your domain.
- TXT Records Created so Virtru can verify domain ownership prior to implementation.
- Mail Flow The Virtru Hosted Gateway is preconfigured for maximum security and interoperability between systems.
(Example)
- Mail Decryption Trigger:
-
X-Virtru-Decrypt
NOT in Header -
Inbound
Messages
-
- Mail Flow: Gmail > Gateway > MX > Gmail > Final Delivery
- Authorization
-
X-Virtru-Auth
:00000000000000000000
(Virtru provided)
-
- Comprehensive Mail Storage is disabled.
Comprehensive Mail Storage
If Comprehensive Mail Storage is enabled, the unencrypted message will NOT be delivered, only the encrypted message will be delivered.
Note
The Authorization Header is specific to your organization and will be provided to you by Virtru.
Note
Any inbound Virtru encrypted emails being sent from an organization that uses the Virtru Private Keystore will not be decrypted by the Hosted Gateway as it is not currently a supported function. You may still access the Virtru email via these methods however: Access Secure Emails & Files
Jump to:
Content Compliance Rule Creation
Diagram of Standard Mailflow
Host Creation
1. Navigate to: Gmail Advanced - General Settings
2. Then to Hosts
3. Click the ADD ROUTE
button
Add Route(Host)
- Name:
- Virtru Inbound Decrypt Gateway
- Host:
- smtp.virtrugateway.com
- Port
- 587
- Require secure transport (TLS)
- Yes
- Require CA-signed certificate
- Yes
Rule - Add Compliance Rule (Example)
1. Navigate to: Gmail Advanced - General Settings
2. Search for:Content Compliance
3. Add Rule
Fill in the appropriate information.
- Name:
Virtru Inbound Decrypt
- Email messages to affect:
Inbound
- If ALL of the following match the message
4. Add setting
Add expressions that describe the content you want to search for in each message.
Add Setting
5. If All of the following match the message
Add Expression
- Encrypted Message Detection
- Advanced Content Match
- Location
- Body
- Match type
- Contains Text
- Content
- --- START PROTECTED MESSAGE TDF
- Loop Prevention
- Advanced Content Match
- Location
- Full Headers
- Match type
- Not Contains Text
- X-Virtru-Decrypt
6. Diagram
7. Add Actions
- Modify message
- Add custom header
- Name: X-Virtru-Auth
- Value: <Virtru Provided>
- Add custom header
- Name: X-Virtru-Decrypt
- Value: 1
- Add custom header
8. Diagram
- Route
- Change Route
- Uncheck Suppress Bounces
- Virtru Inbound Decrypt Gateway
9. Add Setting
10. Save the Rule to Gmail