Mail Flow Rules (Transport Rules)

To support Prevent (Inline) protection mode for policies, Avanan creates Mail Flow rules (Transport rules). These rules allow Avanan to scan and perform remediation before the email is delivered to the recipient’s mailbox.

Avanan creates these Mail Flow rules (Transport rules).

Avanan - Protect Outgoing Rule

When is this rule applied?

What does this rule do?

Exceptions

  • Email is sent Outside the organization.

  • Email is received from a avanan_inline_outgoing@[portal domain] group member.

  • Routes the email using Avanan DLP Outbound Connector.

  • Sets the message header X-CLOUD-SEC-AV-Info with the [portal],office365_emails,sent,inline value.

  • Stops processing more rules.

Sender IP address belongs to one of the relevant IP addresses for Avanan - Protect Outgoing rule. See IP Addresses for Avanan - Protect Outgoing Rule.

Note - [portal] refers to the unique identifier of your Avanan tenant.

  • 3.101.216.128/28

  • 3.101.216.144/28

  • 3.214.204.181

  • 18.97.17.224/28

  • 35.174.145.124

  • 44.211.178.96/28

  • 44.211.178.112/28

  • 3.40.131.0/28

  • 3.252.108.160/28

  • 3.252.108.176/28

  • 13.39.103.0/28

  • 13.39.103.16/28

  • 52.17.62.50

  • 52.212.19.177

  • 3.27.51.160/28

  • 3.27.51.176/28

  • 3.27.51.178/28

  • 3.105.224.60

  • 13.211.69.231

  • 18.98.196.176/28

  • 18.143.136.64/28

  • 18.143.136.80/28

  • 15.222.110.90

  • 52.60.189.48

  • 3.101.216.128/28

  • 3.101.216.144/28

  • 3.99.253.64/28

  • 3.99.253.80/28

  • 18.96.227.0/28

  • 3.41.0.160/28

*

  • 3.29.194.128/28

  • 3.29.194.144/28

  • 18.96.97.192/28

* These regions are relevant only for tenants created using the Avanan MSP portal.

  • 3.44.1.224/28

Avanan - Protect Internal Rule

When is this rule applied?

What does this rule do?

Exceptions

  • Recipient is inside the organization and is a member of the inline group. See, Avanan Inline Incoming Group.

  • Sender is inside the organization.
  • Routes the email using Outbound DLPAvananConnector.

  • Adds X-CLOUD-SEC-AV-Info to the header with [portal],office365_emails,internal,inline value.

Notes:

  • [portal] refers to the unique identifier of your Avanan tenant.

  • Manual changes made to the rule will not be retained unless the Configure excluded IPs manually in mail flow rule option is selected under the Protect rule in the Policy section.

Avanan - Protect Rule

When is this rule applied?

What does this rule do?

Exceptions

  • Email is received from Outside the organization.

  • Email is sent Inside the organization.

  • Email is sent to avanan_inline_incoming@[portal domain] group member.

  • Routes the email using Avanan Outbound Connector.

  • Sets the message header X-CLOUD-SEC-AV-Info with the [portal],office365_emails,inline value.

  • Stops processing more rules.

Sender IP address belongs to one of the relevant IP addresses for the Avanan - Protect rule. See IP Addresses for Avanan - Protect Rule.

Notes - [portal] refers to the unique identifier of your Avanan tenant.

Avanan - Whitelist Rule

When is this rule applied?

What does this rule do?

Exceptions

Sender IP address belongs to one of the relevant IP addresses for the Avanan - Whitelist rule. See IP Addresses for Avanan - Whitelist Rule.

Sets the Spam Confidence Level (SCL) to -1.

If the message header X-CLOUD-SEC-AV-SCL matches the following patterns: true.

Avanan - Junk Filter Low Rule

This rule is used to mark Microsoft that the email was detected as spam by Avanan and should be delivered to the Junk folder.

When is this rule applied?

What does this rule do?

Sets the Spam Confidence Level (SCL) to 6.

Avanan - Junk Filter Rule

This rule is used to mark Microsoft that the email was detected as spam by Avanan and should be delivered to the Junk folder.

When is this rule applied?

What does this rule do?

  • Sender IP address belongs to one of the relevant IP addresses for the Avanan - Junk Filter rule. See IP Addresses for Avanan - Junk Filter Rule.

  • X-CLOUD-SEC-AV-SPAM-HIGH header matches the following patterns: true

Sets the Spam Confidence Level (SCL) to 9.

Avanan - Encryption

When is this rule applied?

What does this rule do?

  • Email is sent Outside the organization.

  • X-CLOUD-SEC-AV-Encrypt-Microsoft header matches the following patterns: true

  • Email is received from Inside the Organization.

  • Rights protect message with RMS template: Encrypt

Notes - This rule is not created during onboarding. It is created only after a customer enables the Microsoft encryption workflow. See Encrypting Outgoing Emails.