Skip to main content

Whitelisting for Mimecast

This article describes the whitelisting process to allow for Jericho Phishing emails and training emails to get through the Mimecast SSG

D
Written by Dan Chyan
Updated over 6 months ago

Preventing Link Re-writing

  1. Log into your Mimecast Administration Console

  2. Navigate to Services | URL Protection.

  3. Click the URL Tools drop-down.

  4. Click Managed URLs. A list of managed URLs is displayed.

  5. Add Managed URLs

    1. The primary url is https://app.redirectingly.com, however, we do add additional URLs. Please contact support@jerichosecurity.com to ask about these additional URLs.

The next policy-based tasks all start with the following:

  1. Log into your Mimecast Administration Console.

  2. Click the Administration toolbar button.

  3. Select the Gateway | Policies menu item.

Permitted Senders

  1. From Gateway | Policies, select Permitted Senders.

  2. Select the New Policy button.

  3. Name the policy narrative Jericho Phishing Simulations and permit sender

  4. Apply the policy to everyone (including all senders and recipients)

  5. Enable and set the policy as perpetual

  6. Check the Policy Override box

  7. Input the IP Addresses found in our general whitelisting guide

  8. Save the policy

URL Protection Bypass

  1. From Gateway | Policies, select URL Protection Bypass.

  2. Select the New Policy button.

  3. Name the policy narrative Jericho URL Protection Bypass and disable the protection

  4. Apply the policy to everyone based on the Both

  5. Enable and set the policy as perpetual

  6. Check the Policy Override box

  7. Input the IP Addresses found in our general whitelisting guide

  8. Save the policy

Attachment Protection Bypass

Note: The attachment bypasses are necessary for using Jericho's Attachment-based attack types.

  1. From Gateway | Policies, select Attachment Protection Bypass.

  2. Select the New Policy button.

  3. Name the policy narrative Jericho Attachment Protection Bypass and disable the protection

  4. Apply the policy to everyone based on the Return Address

  5. Enable and set the policy as perpetual

  6. Check the Policy Override box

  7. Input the IP Addresses found in our general whitelisting guide

  8. Save the policy

Attachment Management Bypass

  1. From Gateway | Policies, select Attachment Management Bypass.

  2. Select the New Policy button.

  3. Name the policy narrative Jericho Attachment Management Bypass and disable the protection

  4. Apply the policy to everyone based on Both

  5. Enable and set the policy as perpetual

  6. Check the Policy Override box

  7. Input the IP Addresses found in our general whitelisting guide

  8. Save the policy

Impersonation Protection Bypass

Note: This is necessary if you want to create campaigns where you are impersonating someone from your company ex. your company's CEO.

  1. From Gateway | Policies, select Impersonation Protection Bypass.

  2. Select the New Policy button.

  3. Name the policy narrative Jericho Impersonation Protection Bypass and select the impersonation protection definition to bypass (if it does not exist, then you should not have to continue with the policy definition).

  4. Apply the policy to everyone based on Both

  5. Enable and set the policy as perpetual

  6. Check the Policy Override box

  7. Input the IP Addresses found in our general whitelisting guide

  8. Save the policy

Greylisting Bypass

  1. From Gateway | Policies, select Greylisting.

  2. Select the New Policy button.

  3. Name the policy narrative Jericho Greylisting Bypass and select Take no action.

  4. Apply the policy to everyone based on the return address

  5. Enable and set the policy as perpetual

  6. Check the Policy Override box

  7. Input the IP Addresses found in our general whitelisting guide

  8. Save the policy

Did this answer your question?