Inbound Shield™
  2. Home
  4. Docs
  6. Inbound Shield™
  8. Inbound Relay integration – Office365
  10. Journaling Mode

Journaling Mode

Journaling mode” allows new Trustifi users to test out Trustifi’s Inbound Shield protection on their environment, without making any significant changes to their mail flow and routing. By setting up “Journaling mode“, Trustifi will receive a copy of each inbound email (similar to a journal/archive service) to be scanned while the original email is delivered directly to the recipient’s mailbox as it would normally. Trustifi is then able to scan these emails and determine if any threat can be found in the email’s headers, links, content, or attachments. A record of these scanned emails will be found in the “Quarantined emails” page of the Trustifi web portal, even though these emails will not actually be quarantined.
How to set up Journaling Mode
To start, please follow the steps of the O365 inbound relay guide up to and including step 32 (“Selecting recipient location“). You will notice that some of the steps in the guide above will require creating connectors and changing settings which will not be used in journal mode, but performing these steps will make for an easy transition into full protection mode later on. After you’ve completed steps 1-31 in the guide above, please follow these steps:
First action: Require TLS encryption
Under “Do the following” – select “Modify the message security” and “Require TLS encryption“.
Second action: set a message header
For the new action, select “Modify the message properties” and then select “set a message header“. Now click on the first “Enter text” link and add the following input: x-trustifi-creds Then, click on “Save“. Now click on the second “Enter text” link, and there add the email relay secret key which you copied in step 3 of the previous guide. Then, click on “Save“.
Third action: Add bcc recipient
Add a new action and select “Add recipients” and “To the Bcc box“. The Bcc recipient added here will be the journaling address used by Trustifi to scan your emails. The address should be in this format: your company name (without spaces, all lowercase) + @journal.trustifi.com For example – if my company name is “Trustifi Testing”, I will add the following: trustifitesting@journal.trustifi.com
Adding an exception: IP addresses
Here we will add an exception to this mail flow rule to avoid processing emails which have already been sent by Trustifi. This is to avoid email being processed multiple times. Under “Except if“, select “The sender”, and “IP address is in any of these ranges or exactly matches”. In the “specify IP address ranges” window, enter the following IPs:
  • 3.93.243.176
  • 3.93.139.220
  • 54.195.145.1
  • 3.251.32.127
Then, click on “Save“.
Verifying the settings
After all conditions, actions, and exceptions have been created, take a moment to verify all conditions, actions, and exceptions are correct. If everything looks good, click on “Next“.
Rule settings
Set the following additional settings:
  • Under “Severity” – select “High
  • Under “Match sender address in message“- select “Header and envelope
Once finished, click on “Next“.
Review and finish
The next page will display a summary of the rule’s conditions, actions, exceptions, and settings. Make sure that everything looks OK and click “Finish” to create the rule.

How can we help?