Overview
Mimecast has many security features (packages) that need to be bypassed in order to ensure Hoxhunt's training emails are delivered correctly to recipients.
IMPORTANT: Instead of allowlisting Mimecast, we highly recommend to set up a Partner Receive Connector between Hoxhunt and your Exchange service for optimal delivery.
Note from Mimecast documentation: "Now that we may not bypass Greylisting, RBL, and Spam checks for inbound messages, it is important to check the results of these checks to understand why a message was not delivered. This is because we may no longer bypass all of these checks."
Following policies may need to be configured for Hoxhunt:
Anti-Spoofing Policy
Permitted Senders Policy
Attachment Protection Bypass Policy
URL Protection Bypass Policy
Impersonation Protection Bypass Policy
Attachment Management Bypass Policy
Auto-Allow Policy
Block sender policy
Greylisting Bypass policy
DNS Authentication bypass Policy
Here are Hoxhunt IP addresses you need for configuring the policy bypasses:
193.3.183.0/25
35.156.0.138
37.139.12.94
TIP: If there is an existing policy for allowed IP addresses, there will be an entry that states it applies ‘From Everyone’ and ‘To Everyone’, if you click on this and look at the Validity section at the bottom, you may see existing allowlisted IP addresses. If this is the case, then you can add any further required IP addresses to the Validity section here.
If there is no existing policy defined as ‘From Everyone’ and ‘To Everyone’ to permit senders, then follow the instructions below.
Below is an example of how Permitted Senders Policy should be configured.
(See Mimecast's article for more information about configuring Permitted Senders Policy)
- Login to the Mimecast Administration Console.
- Go to Gateway > Policies.
- Select Permitted Senders from the list.
- Click New Policy.
- Under Policy Narrative, enter an easy to understand name, such as ‘Hoxhunt Permitted Senders’.
- Under Permitted Sender Policy, select Permit Sender.
- Under Emails from, set Applies from as Everyone.
- Under Emails to, set Applies to as Everyone.
- Under Validity, check the Policy Override checkbox.
- Add the Hoxhunt IP addresses required in the Source IP Ranges box.
Note from Mimecast documentation: "Now that we may not bypass Greylisting, RBL, and Spam checks for inbound messages, it is important to check the results of these checks to understand why a message was not delivered. This is because we may no longer bypass all of these checks."