Articles in this section

Enable sender secret key validation

Avatar
Kevin Waddle
Updated
Follow

About this article

 
  •  This security feature was added in Email Signature Server release version 0.2.0.1238

 

To enhance the security of our Email Signature Server we have added a new feature to validate the authenticity of the sender.

With this feature the Email Signature Server only processes emails that are sent by the tenant's Exchange Online server.

This feature is disabled by default since it requires the generation of a new security key which needs to be provided as an environment variable in the deployment.

 

Changes required in the Exchange Online Admin center

  • Go to [Exchange Online Admin Page] (https://outlook.office365.com/ecp/?rfr=Admin_o365 )
  • Select mail flow
  • On the rules tab select the templafy email signatures rule
  • Click the pencil Edit icon; the Rule window will appear

    pencil-edit-rule-icon.png

  • On the Rule window under the *Do the following... section click the [add action] button
  • Select Modify the message properties... -> set a message header
  • Set the header name to Templafy-EmailSignatureServer-Secret
  • Set the header value to a new GUID value. This needs to be generated and must be kept secret. The same key needs to be added also to the Email Signature Server deployment.
    Use the following link to generate a new GUID: https://www.guidgenerator.com/ or run [guid]::NewGUID() in PowerShell.
  • Click the [Save] button
 
  • It can sometimes take up to 5-10 minutes for a rule change to take effect.

 

Changes required in the Kubernetes deployment for Client Hosted

  1. Navigate to the Resource group containing the templafyemailsignatureserver Kubernetes service
  2. Select the Workloads (preview) item under the Kubernetes resources section of the left hand panel
  3. Click the email-signature-server-deployment in the main panel

    Kubernetes_resources_workload_numbered.png

  4. Select the YAML item in the left hand pane of the email-signature-server-deployment Overview

  5. Select the JSON tab of the main panel    edit-JSON-deployment.png

  6. Add the following as an environment variable in the env section, you can place this after office365SmtpServerHostname block: 
    {
   "name": "templafyEmailSignatureServerSecret",
   "value": "<Your GUID>"
},
  7. Replace the "<Your GUID>" with the the GUID you configured in the Exchange rule above

  8. Click the [Review + Save] button

  9. Check the ☑Confirm manifest changes checkbox

  10. Click the [Save] button

 
  • If the secret is not correct or if it is not added to Exchange Online mail flow rule then all mail sending will fail instantly with a Non delivery receipt (NDR).
  • NDR.png

Related articles

Comments

0 comments

Article is closed for comments.