Articles in this section

See more

Enable sender secret key validation

Updated
Follow

About this article

 
  •  This security feature was added in Email Signature Server release version 0.2.0.1238

 

To enhance the security of our Email Signature Server we have added a feature to validate the authenticity of the sender.

With this feature, the Email Signature Server only processes emails that are sent by the tenant's Exchange Online server.

This feature is disabled by default since it requires the generation of a new security key which needs to be provided as an environment variable in the deployment.

 

Prerequisites

 
  • Generate a new GUID value.
  • Use the following link to generate a new GUID:
    https://www.guidgenerator.com/ or run theNew-GuidCmdlet in PowerShell.
  • This needs to be generated and must be kept secret.
  • The same key needs to be added also to the Email Signature Server deployment.

 

Changes required in the Exchange Online Admin center

  1. Go to [Exchange Online Admin Page] (https://outlook.office365.com/ecp/?rfr=Admin_o365 )
  2. Select Mail Flow
  3. On the Rules tab select the templafy email signaturesrule
  4. Click the pencil Edit icon; the Rule window will appear

    mceclip1.png

  5. On the Rule window under the Do the following...section click the [+] button
  6. Select Modify the message properties... -> Set a message header
  7. Click [Enter Text] for the message header and set the header name to Templafy-EmailSignatureServer-Secret
  8. Click [Save]
  9. Click [Enter Text] for the message value and set the header value to the new GUID value that was created above.
  10. Click [Save]
  11. Click [Save]to save the changes to the rule
 
  • It can sometimes take up to 5-10 minutes for a rule change to take effect.

 

Changes required in the Kubernetes deployment for Client Hosted

  1. Navigate to the Resource group containing the templafyemailsignatureserver Kubernetes service
  2. Select the Workloads (preview) item under the Kubernetes resources section of the left hand panel
  3. Click the email-signature-server-deployment in the main panel

    Kubernetes_resources_workload_numbered.png

  4. Select the YAML item in the left hand pane of the email-signature-server-deployment Overview

  5. Select the JSON tab of the main panel   

     edit-JSON-deployment.png

  6. Add the following as an environment variable in the env section, you can place this after office365SmtpServerHostname block:
    {
   "name": "templafyEmailSignatureServerSecret",
   "value": "<Your GUID>"
},
  7. Replace the "<Your GUID>" with the the GUID you configured in the Exchange rule above

  8. Click the [Review + Save] button

  9. Check the ☑Confirm manifest changes checkbox

  10. Click the [Save] button

 
  • If the secret is not correct or if it is not added to Exchange Online mail flow rule then all mail sending will fail instantly with a Non delivery receipt (NDR).NDR.png

Related articles

Comments

0 comments

Article is closed for comments.