Mail Flow Rules

To support Prevent (Inline) protection mode for policies, Avanan creates Mail Flow rules. These rules allow Avanan to scan and perform remediation before the email is delivered to the recipient’s mailbox.

Avanan creates these Mail Flow rules.

Avanan - Protect Outgoing Rule

When is this rule applied?

What does this rule do?

Exceptions

  • Email is sent Outside the organization.

  • Email is received from a avanan_inline_outgoing@[portal domain] group member.

  • Routes the email using Avanan DLP Outbound Connector.

  • Sets the message header X-CLOUD-SEC-AV-Info with the [portal],office365_emails,sent,inline value.

  • Stops processing more rules.

Sender IP address belongs to one of the relevant IP addresses for Avanan - Protect Outgoing rule. See IP Addresses for Avanan - Protect Outgoing Rule.

Note - [portal] refers to the unique identifier of your Avanan tenant.

  • 35.174.145.124

  • 3.214.204.181

  • 44.211.178.96/28

  • 3.101.216.128/28

  • 3.101.216.144/28

  • 44.211.178.112/28

  • 52.17.62.50

  • 52.212.19.177

  • 3.252.108.160/28

  • 13.39.103.0/28

  • 13.39.103.16/28

  • 3.252.108.176/28

  • 3.27.51.160/28

  • 3.27.51.176/28

  • 3.27.51.178/28

  • 3.105.224.60

  • 13.211.69.231

  • 18.143.136.64/28

  • 18.143.136.80/28

  • 15.222.110.90

  • 52.60.189.48

  • 3.101.216.128/28

  • 3.101.216.144/28

  • 3.99.253.64/28

  • 3.99.253.80/28

*

  • 3.29.194.128/28

  • 3.29.194.144/28

* These regions are relevant only for tenants created using the Avanan MSP portal.

Avanan - Protect Rule

When is this rule applied?

What does this rule do?

Exceptions

  • Email is received from Outside the organization.

  • Email is sent Inside the organization.

  • Email is sent to avanan_inline_incoming@[portal domain] group member.

  • Routes the email using Avanan Outbound Connector.

  • Sets the message header X-CLOUD-SEC-AV-Info with the [portal],office365_emails,inline value.

  • Stops processing more rules.

Sender IP address belongs to one of the relevant IP addresses for the Avanan - Protect rule. See IP Addresses for Avanan - Protect Rule.

Notes - [portal] refers to the unique identifier of your Avanan tenant.

Avanan - Whitelist Rule

When is this rule applied?

What does this rule do?

Exceptions

Sender IP address belongs to one of the relevant IP addresses for the Avanan - Whitelist rule. See IP Addresses for Avanan - Whitelist Rule.

Sets the Spam Confidence Level (SCL) to -1.

If the message header X-CLOUD-SEC-AV-SCL matches the following patterns: true.

Avanan - Junk Filter Low Rule

This rule is used to mark Microsoft that the email was detected as spam by Avanan and should be delivered to the Junk folder.

When is this rule applied?

What does this rule do?

Sets the Spam Confidence Level (SCL) to 6.

Avanan- Junk Filter Rule

This rule is used to mark Microsoft that the email was detected as spam by Avanan and should be delivered to the Junk folder.

When is this rule applied?

What does this rule do?

  • Sender IP address belongs to one of the relevant IP addresses for the Avanan - Junk Filter rule. See IP Addresses for Avanan - Junk Filter Rule.

  • X-CLOUD-SEC-AV-SPAM-HIGH header matches the following patterns: true

Sets the Spam Confidence Level (SCL) to 9.