About
This document will guide you through the configuration of Virtru Gateway rules backed by Office 365 infrastructure.
Assumptions:
- CNAME Records Created so Virtru can sign DKIM and the virtrugateway.com domain can send on behalf of your domain.
- TXT Records Created so Virtru can verify domain ownership prior to implementation.
- Mail Flow The Virtru Hosted Gateway is preconfigured for maximum security and interoperability between systems.
(Example)
- Mail Decryption Trigger:
X-Virtru-Decrypt
NOT in HeaderInbound
Messages
- Mail Flow: Gmail > Gateway > MX > Gmail > Final Delivery
- Authorization
X-Virtru-Auth
:00000000000000000000
Note
The Authorization Header is specific to your organization and will be provided to you by Virtru.
Jump to:
Diagram of Standard Mailflow
Connector Creation
Content Compliance Rule Creation
Create Virtru Encryption Rule
Diagram of Standard Mailflow
Create Connector
- Login into the Admin Console
- Navigate to the Exchange Admin Portal
- Navigate to the Mail Flow Section
- Navigate to the Connectors Tab
- Create a new Connector
- From: Office 365
- To: Partner Organization
- Name the Connector
- Ex: Virtru Hosted Gateway Inbound
- Enter a description
- Optional
- When to use this connector
- Only when I have a transport rule setup that redirects message to this connector
- How do you want to route email messages
- Route email through these smart hosts
- smtp.virtrugateway.com
- Route email through these smart hosts
- How should Office 365 connect to your partner organization's email server
- Always use TLS
- Issued by a trusted certificate authority (CA)
- Validate Connector
- Connector may need to be validated
Transport Rule
- Navigate to the Mail Flow Section
- Navigate to the Rules Tab
Add New Rule - Authentication
- Enter Rule Details
- Name
- Virtru Inbound Decrypt - Authentication
- Conditions
- The Sender is located: Outside the organization
- The Recipient is located: Inside the organization
- Body Contains: --- START PROTECTED MESSAGE TDF
- Actions
- Add Header
- Name: X-Virtru-Auth
- Value:Virtru Provided
- Add Header
- Exceptions
- If Header Exists
- Name: X-Virtru-Decrypt
- Value: 1
- If Header Exists
- Name
Diagram
Add New Rule - Routing
- Enter Rule Details
- Name
- Virtru Inbound Decrypt - Routing
- Conditions
- The Sender is located: Outside the organization
- The Recipient is located: Inside the organization
- Bode Contains:--- START PROTECTED MESSAGE TDF
- Actions
- Add Header
- Name: X-Virtru-Decrypt
- Value: 1
- Use the following connector
- Virtru Inbound Decrypt Gateway
- Add Header
- Exceptions
- If Header Exists
- Name: X-Virtru-Decrypt
- Value: 1
- If Header Exists
- Name
Diagram
Create Virtru Encryption Rule
Once the message is routed to the Virtru Hosted Gateway, a Virtru DLP Rule must be created and enabled to evaluate the message and encrypt.Each Virtru DLP Rule is evaluated against each message sent to the Virtru Hosted Gateway. The Virtru DLP Rules are shared between the Virtru Hosted Gateway and the Virtru Clients.
To create a rule follow this LINK