ZIVVER Office Plugin relay with Microsoft Exchange on-premise

Introduction

This guide explains how to set up ZIVVER Plugin Relay to relay messages via your on-premise Microsoft Exchange on-premise server.

Microsoft Exchange can be set up to perform actions on securely sent messages, such as placing an automatic signature or disclaimer at the bottom of the outgoing message, archiving the message or making the message available for eDiscovery. Because these actions take place on the Microsoft Exchange server, the outgoing message must go through Exchange to be acted upon. Without ZIVVER Plugin Relay, ZIVVER messages would be sent directly to the ZIVVER server by the ZIVVER Office plug-in and therefore do would not pass through Microsoft Exchange.

Technical requirements

To implement ZIVVER Plugin Relay, your organization must meet the following technical requirements:

  • Microsoft Exchange on-premise 2013 or higher is used.
  • ZIVVER Office plugin v4.2.0 or higher is installed.
  • SPF and DKIM are implemented for all outgoing emails from Microsoft Exchange.
    This is necessary to authenticate the connection to smtp-relay.zivver.com.

Activate Plugin Relay in the ZIVVER Office plugin

Plugin Relay can be activated in the ZIVVER Office plug-in v4.2.0 or higher by using the following registry key:

SendRelayEmail

This registry key ensures that the ZIVVER Office plugin will no longer send a message to the ZIVVER server. Instead, Outlook will deliver the securely sent message to Microsoft Exchange. This would allow Exchange to execute certain actions on the securely sent message. Finally, Exchange should filter the message and relay it to ZIVVER. Without this final step Exchange will deliver the securely sent message as a normal, unsecure message to the recipient(s).

Location in the registry:
HKEY_CURRENT_USER\Software\Zivver\OfficePlugin\Settings\SendRelayEmail

Register value:
REG_DWORD with a value of 1.

Implement Plugin Relay on Exchange on-premise

Make the following changes in Exchange on-premise to be able to use ZIVVER Plugin Relay:

  1. Create an accepted domain
  2. Create a contact
  3. Create a Send Connector
  4. Create a Mail Flow Rule

Without these adjustments Exchange will deliver the securely sent message as a normal, unsecure message to the recipient(s). Always make sure to make these required adjustments in Exchange if Plugin Relay is activated in the ZIVVER Office plug-in.

Send Connector
ZIVVER Plugin Relay uses a Send Connector in Microsoft Exchange. An outgoing message can only be processed by Exchange by one single Send Connector. Therefore, check in advance which Send Connectors are set up in Exchange. If it is required that a specific Send Connector is able to process the message, ZIVVER Plugin Relay may not be implemented. In that case please contact ZIVVER (enterprise@zivver.com).

Create an accepted domain

The first step is to add a new accepted domain in Exchange. This is a fictional domain that does not exist outside of Exchange.

  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ExchangeServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Mail Flow in the menu on the left.
  4. Go to Accepted domains.
  5. Add a new domain.
  6. Enter a name.
    For example: ZIVVER Plugin Relay
  7. Specify the accepted domain.
    For example: zivver.org
  8. Select for This accepted domain is the option Authoritative.
  9. Click Save.
    The fictional accepted domain has been created as an accepted domain within Exchange.

Create a contact

The second step is to create a contact person in Exchange. This contact uses the fictional domain that was created in the previous section.

  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ExchangeServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Recipients in the menu on the left.
  4. Go to Contacts.
  5. Create a new Mail Contact.
  6. Enter a display name.
    For example: Relay to ZIVVER
  7. Enter a name.
    For example: Relay to ZIVVER
  8. Enter an alias.
    For example: relay
  9. Enter the external email address.
    Use the fictional domain that was created in the previous section. For example: relay@zivver.org
  10. Click Save.
    The contact person has been created.

Create Send Connector

The third step is to make sure that Exchange can relay a securely sent message to smtp-relay.zivver.com. A Send Connector is used for this.

  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ExchangeServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Mail Flow in the menu on the left.
  4. Go to Send connectors.
  5. Add a new connector.
  6. Enter a name.
    For example: ZIVVER Plugin Relay.
  7. Select for Type either Custom or Partner.
  8. Click Next.
  9. Select the option Route email through these smart hosts.
  10. Click Add.
  11. Enter smtp-relay.zivver.com.
  12. Click Save.
    The added smart host is now shown in the list.
  13. Click Next.
  14. Select for Smart host authentication the option None.
  15. Click Next.
  16. Click Add.
  17. Enter for Type SMTP.
  18. Enter for FQDN the fictional domain.
    For example: zivver.org
  19. Enter for Cost a 1.
  20. Click Save.
  21. Enable the option Scoped send connector.
  22. Click Next.
  23. Click Add.
  24. Select a server.
  25. Click OK.
  26. Click Finish.
    The Send Connector is set up to process all messages that are sent to this fictional domain.

Create Mail Flow Rule

The fourth step is to create a Mail Flow Rule that filters out the securely sent messages. The filtered messages are redirected to the contact person that uses the fictional domain.

  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Mail Flow in the menu on the left.
  4. Go to Rules.
  5. Create a new rule.
  6. Give the rule a name.
    For example: ZIVVER Plugin Relay.
  7. Click in the bottom of the screen on More options.
  8. Under Apply this rule if… select A message header… that Matches these text patterns.
  9. Click Enter text….
  10. Enter Zivver Relay.
  11. Click OK.
  12. Click Enter Text Patterns….
  13. Fill in ..*.
    That is 2 dots, 1 wildcard, 1 dot.
  14. Click Add.
  15. Click OK.
  16. Under Do the following… select Redirect the message to… and then These recipients.
  17. Look up the contact person that was created at Create a contact and select it.
  18. Click OK.
  19. Select for Choose a mode for this rule the option Enforce.
  20. Enable the option Defer the message if rule processing doesn’t complete.
    If you enable this option, a message will not be sent until the message has been checked by this rule. If for any reason Exchange temporarily does not check messages for this rule, processing them will be paused.
  21. Click Save.
    Check that the priority of the newly created rule is correct. Adjust the priority if necessary to ensure that the different rules have the desired effect. Enable the rule to activate it._
  22. Enable the rule to activate it.
    The rule is now set and activated.

All sent messages are now checked and, depending on the existence of the ZIVVER Plugin Relay mail header, redirected to the contact person that uses the fictional domain. The Send Connector “catches” all messages to this fictional domain. The Send Connector then relays these messages to ZIVVER.

Perform a test

After all the required changes have been made in Exchange, ZIVVER Plugin Relay can be tested. The steps below explain how you can test whether the changes have been made correctly:

  1. Open Microsoft Outlook.
  2. Log in to the ZIVVER Office plugin with a ZIVVER account.
  3. Compose a new message.
  4. Enable the option Secure mail (ZIVVER slider set to the right).
  5. Send the message.

If ZIVVER Plugin Relay is set up properly, the recipient will receive a ZIVVER notification message. If the message does not arrive or if a normal, unsafe message is delivered, then ZIVVER Plugin Relay is not set up properly.

Exchange Delivery Reports

If the test message does not arrive as a ZIVVER notification message at the recipient, check the Exchange Delivery Reports for any errors. In addition, also check the configuration in Exchange.

Was this article helpful?

thumb_up thumb_down