This guide will cover the crucial areas of Mimecast which require whitelisting to ensure our phishing and training emails are delivered directly to your users.

Key Areas to Whitelist

For Mimecast to be compatible with the SATT service, you must whitelist the following areas by standard:

• Permitted Senders
• Greylisting
• Impersonation Protection Bypass

You only need to whitelist these areas below if you have them installed as part of your Mimecast package:

• TTP (Targeted Threat Protection)
• URL Protection Bypass
• Anti-Spoofing

We recommend that you whitelist all of the areas stated above which are available in your Mimecast.

Contents

Permitted Senders

Greylisting

Targeted Threat Protection

Impersonation Protection Bypass

URL Protection Bypass

Anti-Spoofing

 

Permitted Senders

To successfully whitelist our phishing and training e-mails when using Mimecast, you should create a new Permitted Sender policy to allow our simulated test and training emails through.

 

1. Login to the Mimecast Administration Console. Go to Administration > Gateway > Policies:

 

2. Go to Permitted Senders:

3. Once in, you should see:

4. Create a new policy.

4a. Call the policy SATT

4b. Set the permitted sender policy to 'Permit sender

4c. Set Addressed Based On to 'The Return Address (Email Envelope From)'

4d. Set Applies From to 'Everyone'

4e. Set specifically to 'Applies to Everyone'

4f. Set Enable/Disable to 'Enable'

4g. Set policy as perpetual to 'Always On'

4h. Set the Date Range to 'All Time'

4i. Ensure policy override is ticked. This is important as this will ensure the policy overrides any conflicting rules

4j. Ensure Bi Directional is not ticked

4k. Copy the source IP ranges below and paste them in the Source IP ranges box.

109.108.147.96/32

109.108.147.136/32

109.108.147.26/32

     178.17.44.156/32

     178.17.44.157/32

     178.17.44.158/32

 

The completed rule setup should look like this:

 

This completes the Permitted Sender whitelisting policy configuration. Please follow the rest of the guide in case you have other policies which can also block our e-mails.

 

Greylisting

By default, adding us to the permitted senders list should bypass Greylisting. If you incur delivery issues after whitelisting in the Permitted Senders, you should follow these steps to further whitelist in the Greylisting policy.

1. Log on to the Administration Console.

2. Click on the Administration menu item. A menu drop-down is displayed.

3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.

4. Click on Greylisting. Existing policies will be displayed.

5. Create a new policy

5a. Call the rule 'Disable Greylisting for SATT'

5b. Select the option 'Take no action'

5c. Set Addresses Based On to 'The Return Address'

5d. Set Applies From to 'Everyone' and Specifically 'Applies to Everyone'

5e. Set Applies to to 'Internal Addresses'

5f. Set Specifically to 'Applies to all Internal Recipients'

5g. Set policy as perpetual to 'Always On'

5h. Set the Date Range to 'All Time'

5i. Ensure policy override is ticked. This is important as this will ensure the policy overrides any conflicting rules

5j. Ensure Bi Directional is not ticked

5k. Copy the source IP ranges below and paste them in the Source IP ranges box.

109.108.147.96/32

109.108.147.136/32

109.108.147.26/32

     178.17.44.156/32

     178.17.44.157/32

     178.17.44.158/32

Mimecast TTP (Targeted Threat Protection)

If you are subscribed to Targeted Threat Protection, you need to follow these steps for whitelisting:

 

Impersonation Protection Bypass

Some of our more targeted test emails will utilise spoofing. This is where the email will appear as someone within your organisation. There are two areas in Mimecast which block these emails. These are Impersonation Protection Bypass and Anti-Spoofing.

Please follow the steps below to whitelist the Impersonation Protection Bypass:

1. Log on to the Administration Console.

2. Click on the Administration menu item. A menu drop-down is displayed.

3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.

4. Click on Impersonation Protection Bypass. Existing policies will be displayed.

5. Create a new policy

5a. Call the rule 'Disable Impersonation Protection for SATT'

5b. Select the option 'Disable Impersonation Protect'

5c. Set Addressed Based On to 'Both'

5d. Set Applies From to 'Everyone'

5e. Set Applies to to 'Internal Addresses'

5f. Set Specifically to 'Applies to all Internal Recipients'

5g. Set policy as perpetual to 'Always On'

5h. Set the Date Range to 'All Time'

5i. Ensure policy override is ticked. This is important as this will ensure the policy overrides any conflicting rules

5j. Ensure Bi Directional is not ticked

5k. Copy the source IP ranges below and paste them in the Source IP ranges box.

109.108.147.96/32

109.108.147.136/32

109.108.147.26/32

     178.17.44.156/32

     178.17.44.157/32

     178.17.44.158/32

 

The completed rule should look like this:

 

URL Protection Bypass

URL Protect can block our phishing and training landing pages. The URL Protection Bypass policy allows you to exclude specific senders or recipients from a URL Protection Policy.

Please follow these steps to bypass URL Protection:

1. Log on to the Administration Console.

2. Click on the Administration menu item. A menu drop-down is displayed.

3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.

4. Click on URL Protection Bypass. Existing policies will be displayed.

5. Create a new policy

5a. Call the rule 'Disable URL Protection for SATT'

5b. Select the option 'Disable URL Protection'

5c. Set Addressed Based On to 'Both'

5d. Set Applies From to 'Everyone' and Specifically to 'Everyone'

5e. Set Applies to to 'Internal Addresses'

5f. Set Specifically to 'Applies to all Internal Recipients'

5g. Set policy as perpetual to 'Always On'

5h. Set the Date Range to 'All Time'

5i. Ensure policy override is ticked. This is important as this will ensure the policy overrides any conflicting rules

5j. Ensure Bi Directional is not ticked

5k. Copy the source IP ranges below and paste them in the Source IP ranges box.

109.108.147.96/32

109.108.147.136/32

109.108.147.26/32

     178.17.44.156/32

     178.17.44.157/32

     178.17.44.158/32

 

The completed policy should look like this:

 

Mimecast Anti-Spoofing (recommended but not mandatory)

As default, the anti-spoofing policy will be in place to stop anyone from directly spoofing your domain. As part of our service, training users on the risk of this is a crucial part. We would recommend that you allow us to spoof your domain directly so that users can be fully trained, however if you would prefer not to we will make purposeful mistakes in sender addresses.

 

 Go to Administration > Gateway > Policies

 

 Go to Anti-Spoofing

 

 

Go to create a new policy and setup the rule using the below as a template:

 

The IP addresses to add to the range are:

109.108.147.96/32

109.108.147.136/32

109.108.147.26/32

     178.17.44.156/32

     178.17.44.157/32

     178.17.44.158/32

 

Click Save and Exit and the policy will be in place.

 

Useful Links

If you have issues following this guide or require further support, we advise you raise these queries with your Vendor support. Below is a list of Mimecast support links and useful contact information:

☍ Mimecast Knowledge Base

☍ Configuring Permitted Senders Policies

☍ Configuring Attachment Protection Definitions and Policies

☍ Configuring Attachment Management Definitions and Policies

☍ Configuring Suspected Malware Bypass Policies

☍ Configuring Impersonation Protection Definitions and Policies

☍ Configuring Anti-Spoofing Policies

☍ Configuring URL Protection Bypass Policies

✉ support@mimecast.com

☏ 9am - 5pm- 02078478701

☏ Out of Hours - 08450568689