This article details the steps necessary to setup safelisting in Avanan for both Microsoft 365 and Google Workspace clients.
Microsoft 365
For phishing emails to be delivered successfully, a header must be added to mail coming from PhishingBox IP's. This header will inform Avanan that the incoming mail is safe to be delivered to the inbox. Follow the steps below to create this mail flow rule in Exchange Admin Center:
- Navigate to admin.exchange.microsoft.com > Mail flow > Rules
- Click the
button and select "Create a new rule"
- In the new rule pop-up, input the following:
- Name: Input an appropriate name like "PhishingBox Avanan Safelisting"
- Apply this rule if: "The sender" | "IP address is any of these ranges or exactly matches"
- In the "specify IP address ranges" pop-up, input the PhishingBox's mail IP's:
- US Clients:
- 64.191.166.196 (Phishing Mail) and click "Add"
- 64.191.166.197 (Training Mail) and click "Add"
- EU Clients
- 64.238.34.10 (Phishing Mail) and click "Add"
- 64.238.34.11 (Phishing Mail) and click "Add"
- 64.191.166.197 (Training Mail) and click "Add"
- US Clients:
- Click "Save
- In the "specify IP address ranges" pop-up, input the PhishingBox's mail IP's:
- Do the following: "Modify the message properties" | "set a message header"
- Click the first "Enter text" link
- Input "X-CLOUD-SEC-AV-Info" and click "Save"
- Click the second "Enter text" link and input "{portalname},office365_emails,inline" (replace {portalname} with the name of your Avanan portal) and click "Save"
-
- Click "Next"
- Set "Rule Mode" to Enforce
- Check the Stop processing more rules box
- Click "Next"
- Click "Finish" and then "Done"
- Click the check box for the new rule and click "Edit"
- Click the "Settings" tab
- Change the priority so that its above the "Avanan - Protect" mail flow rule
Google Workspace
To ensure phishing email delivery, you must modify the existing Avanan content compliance rule and create one new rule. Below are the steps to achieve this:
Modify Existing Rule
- Navigate to admin.google.com > Apps > Google Workspace > Gmail
- Expand the Compliance section
- In the Content compliance section, click "Edit" on your existing Avanan rule
- In the pop-up, click "Edit" on the expression under step 2
- Modify the expression fields to the following:
- Metadata match
- Attribute: Source IP
- Match Type: Source IP is not within the following range: 64.191.166.192/28
NOTE: EU clients will need to add two expressions that use the same settings above but with these two IP ranges: 64.191.166.192/28 and 64.238.34.8/30
- Click "Save"
Create New Rule
- Navigate to admin.google.com > Apps > Google Workspace > Gmail
- Expand the Compliance section
- Click "Configure" or "Add another rule" in the Content compliance section
- In the "Add setting" pop-up, input the following settings:
- Content Compliance: Input an appropriate name like "PhishingBox Avanan Safelisting"
- Email messages to affect: Inbound
- Add expression that describe the content you want to search for in each message:
- If ALL of the following match the message
- Expressions:
- Metadata match
- Attribute: Source IP
- Match type: Source IP is within the following range: 64.191.166.192/28
NOTE: EU clients will need to add two expressions that use the same settings above but with these two IP ranges: 64.191.166.192/28 and 64.238.34.8/30
- Expressions:
- If ALL of the following match the message
- If the above expressions match, do the following:
- Modify message:
- Headers: Add custom headers
- Header key: "CLOUD-SEC-AV-Info"
- Header value: "{portalname},google_mail,inline" (replace {portalname} with the name of your Avanan portal)
- Click "Save"
- Headers: Add custom headers
- Modify message:
- Click "Save"