How to Whitelist by IP Address in Exchange 2013, 2016, or Office 365

This article will cover how to whitelist our simulated phishing email servers in your Exchange 2013, 2016, or Office 365 environment (the process is the same for all three mail servers).

The goal is to allow us to send simulated phishing emails to bypass your Microsoft Exchange Online Protection (EOP) mail filter. This setup will allow only simulated phishing emails from us to bypass this filter.

First, you'll want to set up an IP Allow List which includes our three IP addresses. Next, you will set up a mail flow rule to allow incoming mail to bypass both the Clutter folder, as well as Microsoft's EOP spam filter. You must do BOTH to whitelist successfully.

Once your settings are in place, it may take some time for those settings to propagate. We recommend that you wait 1-2 hours and then set up a phishing campaign to yourself or a small group to test out your new whitelisting rules.

The instructions for setting up these rules are shown below (the below instructions show screenshots for Office 365).

Jump to:

• Setting Up Your IP Allow List
• Bypassing Clutter and Spam Filtering
• Bypassing the Junk Folder (For O365 mail servers ONLY.)

Setting Up Your IP Allow List

If you are using Exchange 2013, you can set up an IP allow list using a command line. See instructions on this Technet article: Add-IPAllowListEntry

1. Log into your mail server admin portal and click Admin.
   
   
2. Click on Exchange.
   
   
3. Click on connection filter (beneath protection heading).
   
   
4. Click on connection filter, then click the Pencil icon to edit the default connection filter policy.
   
   
5. Under the IP Allow list, click the + sign to add an IP address.
   
   
6. On the Add allowed IP address screen, add the following IP addresses:
   
   
   • 192.254.121.248
   • 23.21.109.197
   • 23.21.109.212

   Note:

   If you're on the EU instance of KnowBe4, the IP addresses you need to whitelist will be different. See here for more information.

   Adding our IPs to your Allowed IP list:

   

7. Click OK, then Save. Next, you will want to set up a mail flow rule to allow our mail to bypass spam filtering and the Clutter folder.

Back to Top

Bypassing Clutter and Spam Filtering

To ensure our messages will bypass your Clutter folder as well as spam filtering within Microsoft's EOP, you can follow the steps below.

1. Go to Admin > Mail > Mail Flow.
2. Click the (+) Create New Rule button beneath Mail Flow > Rules.
   
   Exchange Admin Center:

   

3. Give the rule a name, such as "Bypass Clutter & Spam Filtering by IP Address".
4. Click on More options
5. Add the condition Apply this rule if....
6. Select The sender, then click on More Options and select IP address is in any of these ranges or exactly matches.
   
   

   New Rule Screen:

   

   Don't see the settings you need?

   Make sure you click the More options link on the New Rule screen to be able to see all the settings you need. 

7. Specify the following sender IP addresses, then click OK:
   
   
   • 192.254.121.248
   • 23.21.109.197
   • 23.21.109.212

   Note:

   If you're on the EU instance of KnowBe4, the IP addresses you need to whitelist will be different. See here for more information.

   Specify Sender IP addresses:

   

8. Beneath Do the following, click Modify the message properties then Set a Message Header.
   
   

   Modifying the message properties:

   

9. Click on the *Enter text... button to set the message header to this value:
   
   
   • Set the message header "X-MS-Exchange-Organization-BypassClutter" to the value "true". Both "X-MS-Exchange-Organization-BypassClutter" and "true" are case sensitive.

     Set the message header value:

     

10. Add an additional action beneath Do the following to Modify the message properties. Here, click on Set the spam confidence level (SCL) to... and select Bypass Spam Filtering.
    
    

    Bypass Spam Filtering

    

11. Click Save. An example of the completed rule is below.
    
    

    Completed Mail Flow Rule

    

To test out your whitelisting and make sure phishing security tests will reach your end users, you can set up a phishing campaign to a small test group which includes yourself. Once the simulated phishing email reaches your inbox, you'll know you've successfully whitelisted our servers in your system.

Back to Top

Bypassing the Junk Folder (O365 mail servers ONLY)

This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your users are receiving simulated phishing emails in their inboxes.

1. Go to Admin > Mail > Mail Flow.
2. Click the (+) Create New Rule button beneath Mail Flow > Rules.
   
   
3. Give the rule a name, such as "KnowBe4-Skip Junk Filtering".
4. Click on More options.
5. Add the condition Apply this rule if.....
6. Select The sender, then click on More options and select IP address is in any of these ranges or exactly matches. Specify the following sender IP addresses, then click OK:
   • 192.254.121.248
   • 23.21.109.197
   • 23.21.109.212
7. Beneath Do the following, click Modify the message properties then Set a Message Header.
8. Set the message header to this value:
   

   Set the message header "X-Forefront-Antispam-Report" to the value "SFV:SKI;".

   Note:

   To learn more about this header, click here.

9. Beneath Properties of this rule set the priority to directly follow the existing rule (outlined in Bypassing Clutter and Spam Filtering) set up for KnowBe4 whitelisting.
10. Click Save. An example of the completed rule is below.
    
    

    Completed Mail Flow Rule

    

Back to Top