Hi Everyone,
My organization is trying to set up cybersecurity training for our staff which includes a phishing email campaign. I have configured the rules according to the provider's documentation but the test phishing emails are still getting quarantined by the content filter. We have a single Exchange 2016 server and most of the test emails are showing up in our spam mailbox with the following error message:
"Remote Server returned '550 5.2.1 Content Filter agent quarantined this message'"
I have added their IP addresses to the IP Allow List and they show up when I run Get-IPAllowListEntry.
I have set up the three rules listed below as instructed by the training provider:
Bypass Spam Filtering - Sender's IP addresses same as ones listed above in IP Allow List.
* Set the message header to this value - Set the message header 'X-Forefront-Antispam-Report' to the value 'SFV:SKI'
* Set the spam confidence level (SCL) to - Bypass spam filtering
* Priority = 0
* Enforce checked
Bypass Focused Inbox - Sender's IP addresses same as the ones listed above in IP Allow List.
* Set the message header to this value - Set the message header 'X-MS-Exchange-Organization-BypassFocusedInbox' to the value 'true'
* Priority = 1
* Enforce checked
Bypass Clutter - Sender's IP addresses same as the ones listed above in IP Allow List.
* Set the message header to this value - Set the message header 'X-MS-Exchange-Organization-BypassClutter' to the value 'true'
* Priority = 2
* Enforce checked
Does anyone have any ideas on what I might be missing? Having to manually release all of the test phishing emails for a few hundred users will get pretty tedious. I did read that the IP Allow List might only work on an Edge Transport server. We only have one Exchange server so would this cause a problem with the IP Allow List?
Thanks!
