Posts Tagged ‘mimecast’


Latency Threshold – I would say to start with 50-60 Seconds to avoid any false positives.

Failure Counter threshold –  I would suggest to start with 5-6 for the same reasons.

Admin Notifications – I would suggest to notify via SMS as well, in case email is down. But if you are doing that, you will firstly have to make sure you are syncing the Mobile numbers from AD using the correct AD Attribute in Mimecast( Then you also have to make sure that you set that attribute up to be used as the mobile attribute for SMS notifications in Administration > Account > Account Settings > System Notification Options. Then, you also have to make sure that the admins that need these SMS notifications, subscribe to them. Guidance on subscribing here – Further details on using SMS in Continuity Here –

Affected Group – You have to select a group that covers all users. Otherwise when you get the notification, if you opt to start a Continuity Event from the dashboard, it will only affect the Admin group you have selected.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)


Recently I tried to setup a 365 Send connector to relay it through another third party Mimecast ( ) . Mimecast confirmed they had enabled the Tenant domains to relay through Mimecast.


The send connector was Failing as the last Step, however I was receiving the email. After numerous calls with office 365 support they came back with the reply “We don’t support technical help with Third Party SMTP Servers”

Checking the headers on the email that came through showed the validator wasn’t even relaying through Mimecast.

Enabling the Send Connector and trying again resolved the issue , however it’s a flawed design , because after enabling it during the validation if any user tries to send out and it doesn’t work they will produce an NDR

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a customer that was getting 15 – 20 minute delays in receiving emails from MailChimp. The same email to services such as Office 365 , Gmail and other email providers came through straight away.

We had whitelisted Mailchimps IP’s per below from Greylisting and Spam to no avail. The Message tracking proved that the message wasn’t hitting the Administration console for the 15 Minutes delay

Source IP Ranges (n.n.n.n/x):


We lodged a Mimecast support ticket and got this escalated to Level 2 and waited a week for a response. In the end a retry of the issue with the technician came through straight away which means there must have been a block somewhere in Mimecast

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Many internal companies use Newsletter services such as Mailchimp to email out internal newsletters. The From Address of this is usually an internal email address which means it will get rejected by the anti spoofing policy

Option 1

In Mimecast Administration Panel go to : 

Administration -> Gateway -> Policies -> Anti Spoofing SPF based Bypass

  1. Add the following Policy, this will only whitelist IP’s in your SPF Record,  so putting will not work , you will also have to put “ip4: ip4: ip4:” in your SPF record. If your SPF is over 255 characters : try option 2


Option 2

Administration -> Gateway -> Policies -> Anti Spoofing

Add the policy below , you can get a list of IP’s Mailchimp user here


VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Great a Computer Configuration Group Policy Object for Windows Firewall per below

Whitelist the below files Inbound and Outbound

C:\program files\mimecast\mimecast windows service\msddsk.exe ( 32 bit ) 

C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe  ( 64 bit ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently a email came in from a third party which wasn’t blocked by the Impersonation Protection

Administration > Gateway > Policies > Impersonation Protection Definitions  

Default Impersonation Protection for Mimecast 

  • Similar Internal Domain (Similarity Distance 2 ) 
  • Newly Observed Domain ( Checked ) 
  • Internal User Name ( Checked ) 
  • Reply-to Address Mismatch ( Uncheck ) 
  • Targeted Threat Dictionary ( Checked ) 
  • Mimecast Threat Dictionary ( Checked ) 
  • Number of Hits : 2
  • Ignore Signed Messages ( Unchecked ) 

For executives, particularly those who are disclosed on the company website I recommend implementing a hit score of 1 on emails with their name as a display name. 

Exec Impersonation Protection

  • Similar Internal Domain  ( Checked ) 
  • Newly Observed Domain  ( Checked ) 
  • Internal User name  ( Checked ) 
  • Number of Hits: 1 

Administration > Gateway > Policies > Impersonation Protection > New Policy 

Selection Option: Choose the new definition that was just created 
Addresses based on: Both 
Applies from: Header Display Name 
Specifically: INSERT NAME 
Applies To: Internal Addresses 
Save and Exit 

I would advise that display name checks are in place all high profile targets, particularly those disclosed on the company website or other public sources. You also may want to consider alternative spellings. An individual policy is required for each display name. 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a customer stop being able to send items to Mimecast with the following 

554 Email rejected due to security policies -

This was happening to Multiple emails and Mimecast Logs showed : Bounce – Message content not accepted

Also users trying to email the customer by replying to their email would get the same bounce back

So something generic in the content was causing this

Generic would be email signatures and Links in email signatures are usually the cause, removing one of the domains in the email signature fixed this , we lodged a Support case with Mimecast who removed this domain from their blocklist

The actual cause was the company was sending mass emails with using something like mailchimp so it did not have an unsubscribe button so domains in the email were blocked in third party lists like :

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Mimecast Guide

Azure Microsoft Guide

Create a Distribution Group in Office 365, this will be to Add the users to you want enable SSO on , add Users 

Make sure Mimecast is Synced with Office365 AD – Services -> Directory Synchronization ( Connect to 365 ) 

Perform manual sync in Mimecast to download user and group


On Azure – Got o Azure Active Directory, All Application find:  Mimecast Personal Portal

Next Single Sign-On

Sign on URL :

Identifier : ID% per Mimecase User Guide

Reply URL :

User Identifier : user.mail

Azure AD Properterties : User assignment  required No 


Configuring Mimecast-Personal-Portal for single sign-on

1.In a different web browser window, log into your Mimecast Personal Portal as an administrator.

2.Go to Services > Applications.

3.Click Authentication Profiles.

4.Click New Authentication Profile.

5.In the Authentication Profile section, perform the following steps:

a. In the Description textbox, type a name for your configuration.

b. Select Enforce SAML Authentication for Mimecast Personal

c. As Provider, select Azure Active Directory.

d. In Issuer URL textbox, paste the value of Azure AD SAML Entity ID : which you have copied from Azure portal.

e. In Login URL textbox, paste the value of Azure AD Single Sign-On Service URL : which you have copied from Azure portal.

f. In Logout URL textbox, paste the value of Sign-Out URL which you have copied from Azure portal.

g. Open your Downloaded Azure AD Signing Certificate (Base64 encoded) in notepad downloaded from Azure portal, copy the content of it into your clipboard, and then paste it to the Identity Provider Certificate (Metadata) textbox.

h. Select Allow Single Sign On.

i. Click Save.

Now Add a New Application Settings to Application and Link the Group you created in the first step to use this New Authentication Profile


reply address ‘’ does not match the reply addresses configured for the application: ‘’.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)