This article is currently under revision. For more information on whitelisting IPs, see our documentation portal: Allowing the Delivery of Simulated Phishing Emails.
Please treat the contents of this article with caution.
As part of the IT-Seal phishing simulation, we ask you to allow our email servers. These are the IPs 84.16.227.187 and 94.100.132.73. Our interactive explanation page, to which participants are redirected when they click on one of our phishing links, is also hosted there.
First, you need to adjust your IP allow list so that our emails can pass through the connection filters. Next, set up the message flow rules so that incoming IT Seal emails bypass both the clutter folder and the EOP spam filter. Then, in Office 365, you still need to adjust the Junk folder.
Additionally, it may be necessary to adjust their Advanced Threat Protection for Safe Links and Safe Attachments under Microsoft Defender for Office 365.
IP Allow List - Our IP address must be present in their allow list in order for the filtering systems to recognize our incoming emails and deliver them to the recipients. The IP allow list is part of the connection filter policy - this has an impact on the connection filters.
Connection Filter - Is an anti-spam feature in Microsoft Exchange that allows or blocks emails based on the message source. By default, the Connection Filter agent is the first antispam agent to evaluate an incoming connection to the Edge Transport server. Connection filtering compares the IP address of the source mail server with the values in the IP allow list - therefore, it is important that our IP address is in the IP allow list. If the source IP address is explicitly allowed, the message will be sent to the recipients in their organization without any additional processing by other anti-spam agents.
Message flow rules - These must be created so that our emails can bypass both the Clutter folder and Microsoft's EOP spam filter.
Junk filter - The junk email filter is enabled by default and filters out any incoming message based on several factors. These factors may include the time the message was sent or the content of the message. You should add our IP address to this list so that the filter does not move our emails to the junk folder.
Microsoft Defender Office 365 - You may need to add additional bypass rules. If some emails are delivered, but others are detected by the filters, you will need to adjust the Safe Attachments and Safe Links policies. To do this, you can find a separate article https://knowledge.it-seal.de/en/microsoft-defender-for-office-365-bypass-rules.
Secure attachments
Secure Links
Setting Up the IP Allow List
Log in to your Microsoft portal and click on "Security" from the menu.
In the "Policies and Rules" section, click on "Threat Policies".
Click on "Antispam".
Under Connection Filter Policy, click on "Edit Policy". Another window opens.
Click on "Edit" next to List of permitted IP addresses. Another window opens.
Insert our IT-Seal IP address here and click Save.
The IP Permit List setup is completed.
Avoid spam and clutter filters
Log in to your portal and click on "Security" in the menu. Click on "Exchange message tracking". The Exchange Admin Center opens in a new window.
Then click on "Rules" under the menu item "E-mail flow".
In the course of this, you must create a new rule to avoid the spam and clutter filter, please click on the "+" symbol and select "Create new rule..." to do so.
In the drop-down menu, under the item "Apply this rule if...", select the item "Sender" and then activate the rule "IP is in one of these ranges or exactly matches". Another window will then open.
Enter the IT-Seal IP address and click on the "+" symbol to add the IP. Click on "OK"
In the drop-down menu under the item "Proceed as follows..." select the item "Change message properties...". Then click on "Set message header".
Another window appears with additional options. For the first field enter "X-MS-Exchange-Organisation-BypassClutter" and for the second "true".
Click on "Add Action" and select "Change Message Properties..." from the drop-down menu and select "Set SCL Rating (Spam Confidence Level)".
You should now have a new rule that looks like this:
Click on "Save". This sets up the setup to avoid spam and clutter filters.
Bypass Junk Filter
Open the "Security" menu again. Click on "Exchange Message Tracking". The Exchange Admin Center opens in a new window.
Click on "Rules" and the drop-down menu "E-mail flow".
Click on the "+" symbol and select "Create new rule...". Another window opens.
Give the rules an appropriate name such as "Bypass Junk Filter by IP Address" and click on "More Options...".
In the drop-down menu, under the item "Apply this rule if...", select the item "Sender". Then click on the rule "IP is in one of these ranges or exactly matches". Another window opens.
Enter our IT-Seal IP address here and click on the "+" symbol to add the IP. Then click on "OK".
In the drop-down menu under the item "Proceed as follows..." select the item "Change message properties...". Then click on "Set message header".
For the first field, enter "X-Forefront-Antispam-Report" and for the second "SFV: SKI;".
Click on "Save" at the end.
It may take some time for the systems to adopt the new guidelines. We recommend that you wait 1-2 hours before testing the systems.
Comments
0 comments
Please sign in to leave a comment.