About
This document will guide you through the configuration of Virtru Gateway rules backed by Office 365 infrastructure.
Assumptions:
- CNAME Records Created so Virtru can sign DKIM and the virtrugateway.com domain can send on behalf of your domain.
- TXT Records Created so Virtru can verify domain ownership prior to implementation.
- Mail Flow The Virtru Hosted Gateway is preconfigured for maximum security and interoperability between systems.
(Example)
-
- Mail Decryption Trigger:
-
X-Virtru-DecryptNOT in Header -
InboundMessages
-
- Mail Flow: Gmail > Gateway > MX > Gmail > Final Delivery
- Authorization
-
-
X-Virtru-Auth:00000000000000000000
-
-
- Mail Decryption Trigger:
Note
The Authorization Header is specific to your organization and will be provided to you by Virtru.
Jump to:
Diagram of Standard Mailflow
Connector Creation
Content Compliance Rule Creation
Create Virtru Encryption Rule
Diagram of Standard Mailflow
Create Connector
- Login into the Admin Console
- Navigate to the Exchange Admin Portal
- Navigate to the Mail Flow Section
- Navigate to the Connectors Tab
- Create a new Connector
- From: Office 365
- To: Partner Organization
- Name the Connector
- Ex: Virtru Hosted Gateway Inbound
- Enter a description
- Optional
- When to use this connector
- Only when I have a transport rule setup that redirects message to this connector
- How do you want to route email messages
- Route email through these smart hosts
- smtp.virtrugateway.com
- Route email through these smart hosts
- How should Office 365 connect to your partner organization's email server
- Always use TLS
- Issued by a trusted certificate authority (CA)
- Validate Connector
- Connector may need to be validated
Transport Rule
- Navigate to the Mail Flow Section
- Navigate to the Rules Tab
Add New Rule - Authentication
- Enter Rule Details
- Name
- Virtru Inbound Decrypt - Authentication
- Conditions
- The Sender is located: Outside the organization
-
- Omit this line if you want to decrypt internally as well
-
- The Recipient is located: Inside the organization
- Body Contains: --- START PROTECTED MESSAGE TDF
- The Sender is located: Outside the organization
- Actions
- Add Header
- Name: X-Virtru-Auth
- Value:Virtru Provided
- Add Header
- Exceptions
- If Header Exists
- Name: X-Virtru-Decrypt
- Value: 1
- If Header Exists
- Name
Diagram
Add New Rule - Routing
- Enter Rule Details
- Name
- Virtru Inbound Decrypt - Routing
- Conditions
- The Sender is located: Outside the organization
-
- Omit this line if you want to decrypt internally as well
-
- The Recipient is located: Inside the organization
- Body Contains:--- START PROTECTED MESSAGE TDF
- The Sender is located: Outside the organization
- Actions
- Add Header
- Name: X-Virtru-Decrypt
- Value: 1
- Use the following connector
- Virtru Inbound Decrypt Gateway
- Add Header
- Exceptions
- If Header Exists
- Name: X-Virtru-Decrypt
- Value: 1
- If Header Exists
- Name
Diagram