03-29-2018 09:56 AM - edited 03-08-2019 07:35 PM
Good Morning,
We use the KnowBe4 product for Email Testing for our users. Some of the tests are containing attachments that AMP "says" are Malicious. We want to make sure that these emails are able to be delivered to our users. I created the following message filter and want to make sure that it will do the job.
Allow KnowBe4 emails in, bypassing all filters
allow_KnowBe4: if (recv-listener == "IncomingMail" AND header ("X-PHISHTEST") == "KnowBe4")
{
skip-spamcheck();
skip-viruscheck();
skip-ampcheck();
skip-marketingcheck();
skip-socialcheck();
skip-bulkcheck();
skip-vofcheck();
skip-filters();
}
.
We can guarantee that each email from KnowBe4 will contain the above X-Header and will contain the word "KnowBe4". The actual value is "This is a phishing security test from KnowBe4 that has been authorized by the recipient organization". Though it would be easier just to search for a word instead of the phrase.
Thanks,
Doug
Solved! Go to Solution.
03-29-2018 09:59 AM
That filter will work for the purpose you have described.
Do you have any other questions ?
03-29-2018 09:37 PM
03-29-2018 09:59 AM
That filter will work for the purpose you have described.
Do you have any other questions ?
03-29-2018 10:13 AM
03-29-2018 10:26 AM
Thanks Ken. I had that in the Mail Policy of allowed users, but somehow, this test didn't follow the normal testing that had been done. We attempted to include attachments and other random items and this caused the emails to come from the IP addresses of KnowBe4, but the Envelope Sender was different. So, of course, it used the Default Mail Policy instead of the KnowBe4 mail policy.
I figured it would be easier to use a Message Filter and bypass everything at the connection instead of "bringing it in" and processing it.
Now if we could only "bypass" O365 malware scanning, it would be much better.
Doug
03-29-2018 10:28 AM
03-29-2018 09:37 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide