Articles in this section

See more

Enable sender secret key validation

Avatar
Kevin Waddle
Updated
Follow

Note: This security feature was added in Email Signature Server release version 0.2.0.1238

To enhance the security of our Email Signature Server we have added a new feature to validate the authenticity of the sender.

With this feature the Email Signature Server only processes emails that are sent by the tenant's Exchange Online server.

This feature is disabled by default since it requires the generation of a new security key which needs to be provided as an environment variable in the deployment.

 

1. Changes required in Exchange Online

  • Go to [Exchange Online Admin Page] (https://outlook.office365.com/ecp/?rfr=Admin_o365 )
  • Select mail flow
  • On the rules tab select the outbound connector used by email signature server
  • Press edit, you will see the edit page
  • On the *Do the following... section click add action
  • Select Modify the message properties... -> set a message header
  • Set the header name to Templafy-EmailSignatureServer-Secret
  • Set the header value to a new GUID value. This needs to be generated and must be kept secret. The same key needs to be added also to the Email Signature Server deployment. Use the following link to generate a new GUID: https://www.guidgenerator.com/ or run [guid]::NewGUID() in PowerShell.
  • Press [Save]

Note: In certain situation it could take up to 5-10 minutes until a rule propagates.

 

2. Changes required in the Kubernetes deployment

  • Go to the Kubernetes dashboard of your Email Signature Server
  • Select the namespace of you deployment, by default this is: email-signature-server
  • Select Deployments
  • Select the email-signature-server-deployment deployment
  • Click Edit in the top right
  • Add the following as an environment variable in the env section, add this after office365SmtpServerHostname: 
    {
   "name": "templafyEmailSignatureServerSecret",
   "value": "<Your GUID>"
},
  • Replace the "<Your GUID>" with the your GUID
  • Click [Update], all your pods are recreated with the new setting.

 

Note: If the secret is not correct or if it is not added to Exchange Online mail flow rule then all mail sending will fail instantly with a Non delivery receipt (NDR).

The Error details will contain the following:

NDR.png

Related articles

Comments

0 comments

Article is closed for comments.