Conditional Bracket routing to bypass signature services


As Bracket relies on an outbound connector to facilitate relay to the outbound gateway, conflicts can arise if other services such as Code-2, Exclaimer, or INKY also utilize outbound relay to their own respective services. While it is preferred to have these services route back to O365 and then conditionally route to Mailprotector after they have modified the message, in some rare circumstances it can be necessary to instead enforce Bracket encryption in lieu of other services.

Applies To:

Bracket, Exchange Online, Office 365 (O365)

Configuration Steps

1. Create the Outbound Connector

  1. From the Mailflow > Connectors tab, click the icon to add a new connector.
  2. Select Connection from: Office 365, and Connection To: Partner organization



  3. Enter a name and optional description for the connector



  4. Set the connector to only be used when a transport rule redirects messages to this connector, and click Next.mceclip3.png


  5. With "Route email through these smart hosts" selected, add the smart host for your Mailprotector domain to the list with the + icon, and then click Next.



  6. Set TLS to "Any digital certificate", and click Next.




  7. Validate the connector using an email address that is external to the tenant you're currently configuring, and click Validate.
  8. Once validation is complete, click Next.


  9. Review the connector configurations and click Create connector.

NOTE: If the "Send test email" validation fails, the connector can still be saved, and will function correctly as long as there is not a larger configuration issue.

2. Create a transport rule that routes bracketed internal mail through Mailprotector's smarthost

    1. Navigate to Mail Flow > Rules, and click the icon to create a new transport rule.
    2. Add a descriptive name that will allow this rule to be easily distinguished from other transport rules.
    3. Click "More Options..." to allow the rule to be built using multiple conditions, and an exception.
    4. Using the add condition button, add Sender and Recipient criteria that match on "Inside the organization" and "Outside the organization" respectively.


    5. Add a 3rd condition of "The subject matches...", providing the expression below. This provides the transport rule with regex that matches the criteria Bracket uses at the smarthost.


      NOTE: If using curly braces or pipes as the Bracket trigger, the following expressions will be used instead:

      ^\{.*\}   <-- curly braces
      ^\|.*\| <-- pipes
    6. Set "Do the following..." to the action of "Use the following connector..." pointing to the connector which was created previously.


    7. Click add exception with criteria of "A message header matches these text patterns" and an 'X-Mailprotector-ID' value of '.', and then click Save.


      CRITICAL STEP: Step 7 is required in order to avoid a mail loop if the message passes back to Exchange. It is critical that each field matches the screenshot identically to prevent the mail loop. 

    8. Check the box labeled "Stop processing more rules" and click Save
    9. Reopen the transport rule configurations, and now you will be able to set priority for the rule. Set the rule's priority to 0, and click Save again.

Have more questions? Submit a request