Team: Huntress Managed Security Awareness Training (SAT)
Product: Barracuda email filtering
Environment: Barracuda and Managed SAT management portals
Summary: If you are using the Email Security Gateway from Barracuda (cloud or self-hosted), you can add SAT to Barracuda's Allow-list to allow our services to run on your network.
For an up-to-date list of addresses and domains, visit Generic Mail Server Allow-listing.
You can access the full list of Managed SAT IP addresses and domains to allow-list by logging into your Admin dashboard.
After logging in, select 'Settings' and then 'Phishing' from the vertical menu on the left-hand side to navigate to the 'Phishing' tab.
To allow-list SAT with Barracuda please follow the instructions provided in the 3 sections below. Standard allow-list, Phishing allow-list Intent Analysis, and Sender Authentication
Standard Allow-list Barracuda Cloud Control:
- Log in to your Barracuda Cloud Control
- Go to Email Security Inbound Settings IP Address Policies
- In the IP Blocking / Exemption section, use the top line to enter one of our IP addresses. This process will need to be repeated for each IP address.
- In the Netmask field, type 255.255.255.255
- Set the Policy field to Exempt
- In the Comment field add SAT Phishing Simulation
- Click Add to allow-list the IP address
- Repeat steps for any other necessary Managed SAT domains and IP Addresses.
- 18.205.140.116 (Managed SAT Phishing Server)
- 168.245.36.66 (Managed SAT Training Server)
Standard Allow-list Email Security Gateway (on-premises):
- Sign into the admin portal
- Navigate to the BLOCK/ACCEPT IP Filters page
- Under Allowed IP/Range, enter the first SAT mail server IP in the IP/Network Address field.
- Enter 255.255.255.255 into the netmask field
- Optional: Add a note describing what this entry is for. For example, SAT Phishing Server
- Select Add to allow-list
- Repeat steps for any other necessary SAT domains and IP Addresses.
- 18.205.140.116 (Managed SAT Phishing Server)
- 168.245.36.66 (Managed SAT Training Server)
Phishing Allow-list Intent Analysis
It may be necessary to allow-list Managed SAT in Barracuda's Intent Analysis feature to prevent the links in our phishing tests from being changed, or potentially adding bias to phishing test results. More information on this can be found in Barracuda's Knowledge Base
If you are using Barracuda's Email Security Service (Cloud), follow these steps to allow-list Barracuda's Intent Analysis:
- Log in to your Barracuda Cloud Control
- Navigate to Email Security Inbound Settings Anti-Phishing
- Under the Intent section, add Huntress Managed SAT's hostnames. Make sure the Policy drop-down is set to Ignore
If you are using Barracuda's Email Security Gateway (on-premises), follow these steps to allow-list Barracuda's Intent Analysis:
- Log in to your Barracuda Email Security Gateway web interface
- Navigate to Email Security Gateway Basic Spam Checking
- Under the Intent Analysis section, add Huntress Managed SAT's hostnames to the URI Exemptions: text box field
- phish.mycurricula.com
- securitynotifications.org
- security-updater.com
- amazonsecurity.org
- breach-notice.com
- filesharingnow.com
- mailbox-quota.com
- passwordsnotification.com
- securelinkedin.com
- fraud-assistance.com
- payment-process.com
- news-article.com
- invite-meeting.com
- feedback-collect.com
- businessnotice.org
- databoxonline.com
- electronic-hr.com
- emailtransaction.com
- employee-services.org
- governmentnotice.org
- notificationservices.org
Sender Authentication (SPF)
As an added feature, you can exempt Trusted Forwarder IP addresses from SPF checks to fake your own domain while using our Phishing Tests. More information can be located in Barracuda's Knowledge Base
If you are using Barracuda's Email Security Service (Cloud), follow these steps to allow-list Barracuda's Sender Authentication:
- Log in to your Barracuda Cloud Control
- Navigate to Email Security Inbound Settings Sender Authentication
- In the Use Sender Policy Framework center enter SAT's IP addresses in the SPF exemptions table
If you are using Barracuda's Email Security Gateway (on-premises), follow these steps to allow-list Barracuda's Sender Authentication:
- Log in to your Barracuda Email Security Gateway web interface
- Navigate to Email Security Block/Accept tab and select Sender Authentication
- Under Sender Policy Framework (SPF) Configuration section, select Yes
- Add SAT's IP addresses to the exemption list.
- 18.205.140.116 (Managed SAT Phishing Server)
- 168.245.36.66 (Managed SAT Training Server)