How to Whitelist by IP Address in Exchange 2013, 2016, or Office 365

Office 365 Environments: If you whitelisted our email servers prior to February 2018, you will need to add an additional mail flow rule in your Office 365 Admin center. This rule can be found in SECTION 3.

This document will cover how to whitelist our simulated phishing email servers in your Exchange 2013, 2016, or Office 365 environment (the process is the same for each of those three mail servers).

The goal is to allow us to send simulated phishing emails to bypass your Microsoft Exchange Online Protection (EOP) mail filter. This set-up will allow only simulated phishing emails from us to bypass this filter.

First, you'll want to set up an IP Allow List which includes our three IP addresses. Next, you will set up a mail flow rule to allow incoming mail to bypass both the Clutter folder, as well as Microsoft's EOP spam filter. You must complete BOTH sections to whitelist successfully.

Once your settings are in place, it may take some time for those settings to propagate. We recommend that you wait 1-2 hours and then set up a phishing campaign to yourself or a small group to test out your new whitelisting rules.

The instructions for setting up these rules are shown below (the below instructions show screenshots for Office 365).

SECTION 1: SET UP IP ALLOW LIST
SECTION 2: BYPASS CLUTTER FOLDER and SPAM FILTER
SECTION 3: BYPASS JUNK FOLDER (O365 mail servers ONLY)

SECTION 1: SET UP YOUR IP ALLOW LIST

Step 1:

Log into your mail server admin portal and go into the Admin -> Exchange area.

 

Step 2:

Click on Admin -> Exchange.

 

Step 3:

Click on Connection Filter (beneath Protection heading).

 

Step 4:

Click on Connection Filter, then click the Pencil icon to edit the default connection filter policy.

 

 

Step 5:

Under the IP Allow list, click the sign to add an IP address.

Step 6:

On the "Add allowed IP address" screen, add the following IP addresses:

  • 192.254.121.248

  • 23.21.109.197

  • 23.21.109.212


If you're on the EU instance of KnowBe4, the IP addresses you need to whitelist will be different. See here for more information.

Adding our IPs to your Allowed IP list:

Step 7:

Click OK, then Save. Next, you will want to set up a mail flow rule to allow our mail to bypass spam filtering and the Clutter folder.


SECTION 2: BYPASS CLUTTER AND SPAM FILTERING

To ensure our messages will bypass your Clutter folder as well as spam filtering within Microsoft's EOP, you can follow the steps below.

Step 1:

Go to Admin -> Mail -> Mail Flow.

Step 2:

Click the (+) Create New Rule button beneath Mail Flow -> Rules.

Exchange Admin Center:

Step 3:

  • Give the rule a name, such as (Bypass Clutter & Spam Filtering by IP Address)

  • Click on "More options"

  • Add the condition "Apply this rule if...."

  • Select "The sender", then click on More Options and select "IP address is in any of these ranges or exactly matches:

New Rule Screen:

Don't see the settings you need?

Make sure you click the "More options" link on the New Rule Screen to be able to see all the settings you need.

Step 4:


Specify the following sender IP addresses, then click OK:

  • 192.254.121.248

  • 23.21.109.197

  • 23.21.109.212

If you're on the EU instance of KnowBe4, the IP addresses you need to whitelist will be different. See here for more information.

Specify Sender IP addresses:

Step 5:

  • Beneath "Do the following", click "Modify the message properties" then "Set a Message Header"

Modifying the message properties:

Step 6:

Set the message header to this value:
Set the message header "X-MS-Exchange-Organization-BypassClutter" to the value "true".

NOTE: Both "X-MS-Exchange-Organization-BypassClutter" and "true" are case sensitive.

Set the message header value:

Step 7:

Add an additional action beneath "Do the following" to "Modify the message properties". Here, click on "Set the spam confidence level (SCL) to..." and select "Bypass Spam Filtering". 

Bypass Spam Filtering

Step 8:

Click Save. An example of the completed rule is below.

 

Completed Mail Flow Rule

 

Helpful Hint: To test out your whitelisting and make sure phishing security tests will reach your end users, you can set up a phishing campaign to a small test group which includes yourself. Once the simulated phishing email reaches your inbox, you'll know you've successfully whitelisted our servers in your system. 

SECTION 3: BYPASS JUNK FOLDER (O365 mail servers ONLY)

 

This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your users are receiving simulated phishing emails in their inboxes.

Step 1:

Go to Admin -> Mail -> Mail Flow.

Step 2:

Click the (+) Create New Rule button beneath Mail Flow -> Rules.

 

Step 3:

  • Give the rule a name, such as "KnowBe4-Skip Junk Filtering".

  • Click on "More options".

  • Add the condition "Apply this rule if....".

  • Select "The sender", then click on "More options" and select "IP address is in any of these ranges or exactly matches:

    • Specify the following sender IP addresses, then click OK:

      • 192.254.121.248

      • 23.21.109.197

      • 23.21.109.212

Step 4:

Beneath "Do the following", click "Modify the message properties" then "Set a Message Header".

Step 5:

Set the message header to this value:
Set the message header "X-Forefront-Antispam-Report" to the value "SFV:SKI;".

To learn more about this header, click here.

Step 6:

Beneath "Properties of this rule" set the priority to directly follow the existing rule (outlined in SECTION 2) set up for KnowBe4 whitelisting.

Step 7:

Click Save. An example of the completed rule is below.

 

Completed Mail Flow Rule