Forum Discussion
IP whitelist not working - Phishing Simulation setup
I am trying to setup 3rd party (TrendMicro) Phishing Simulation for Exchange online. The very first step is add the source IP into whitelist. But whatever whitelists I have added source IPs in, won't stop the server pickup the test messages as spam.
1. I added an Exchange Rule for the group of IPs, and changed the priority to 0:
2. In the Security, I setup Advanced Delivery rule - Phishing Simulation exemption list
3. I also added an anti-spam policy - connection filter policy to white list the range of IPs.
Unfortunately I still have these test message blocked for high spam SCL, even the Exchange Transport rule on above step 1 did apply, the message is still pickup by the system as SCL 9 and Quarantined.
Any help will be appreciated very much.
- Just an additional hint to what vinaybabupamu written before,
Please check if you added in the Advanced Delivery -> Phishing Simulation the domain of sender (envelope sender, P1) or DKIM domain of the message. Because for Phishing sim. match it must be both to match IP and domain. https://learn.microsoft.com/en-us/defender-office-365/advanced-delivery-policy-configure -> "There must be a match on at least one Domain and one Sending IP"
P.S.
I would remove Exchange transport rule and IP white list in anti-spam policy - connection filter policy, they do almost same (bypass some scans) and not needed here in case of use Phishing Simulation.
- Does EOP is your email gateway ?
Compare the safelisted IP with the sender IP observed in Message tracing? - Just an additional hint to what vinaybabupamu written before,
Please check if you added in the Advanced Delivery -> Phishing Simulation the domain of sender (envelope sender, P1) or DKIM domain of the message. Because for Phishing sim. match it must be both to match IP and domain. https://learn.microsoft.com/en-us/defender-office-365/advanced-delivery-policy-configure -> "There must be a match on at least one Domain and one Sending IP"
P.S.
I would remove Exchange transport rule and IP white list in anti-spam policy - connection filter policy, they do almost same (bypass some scans) and not needed here in case of use Phishing Simulation.- The problem solved after I put the sender's mail server domain into the Phishing Simulation. TrendMicro gave a long list of domain but didn't include the actual mail server domain. I located the mail server domain from test messages. Once added in, simulations fly through immediately.
Thanks again.
