# Ensure the module is available if (-NOT (Get-Module -ListAvailable -Name ExchangeOnlineManagement)) { Install-Module -Name ExchangeOnlineManagement -Force } Import-Module ExchangeOnlineManagement # Prompt for Exchange connection and header info $UserPrincipalName = Read-Host "UserPrincipalName" $HeaderValue = Read-Host "X-PHISHTEST Header Value (default: Become_More_Aware)" if ([string]::IsNullOrEmpty($HeaderValue)) { $HeaderValue = @("Become_More_Aware", "CyberHoot") } # Connect to Exchange Online Connect-ExchangeOnline -UserPrincipalName $UserPrincipalName # All CyberHoot-related IPs (original + new ones) $senderIps = @( "3.212.253.236/32", "34.235.208.123/32", "44.209.10.205/32", "52.200.160.242/32", "54.164.218.52/32", "54.240.125.36/32", "54.240.125.37/32", "23.20.251.170/32", "52.7.191.238/32", "52.6.6.155/32", "18.213.175.22/32", "34.226.89.171/32", "18.210.65.168/32", "54.159.125.85/32", "54.225.129.23/32", "3.234.113.11/32", "54.175.87.114/32" ) # Combine sender IPs into one transport rule for Spam bypass New-TransportRule -Name "CyberHoot - Bypass Spam by IP" ` -SenderIpRanges $senderIps ` -SetHeaderName "X-MS-Exchange-Organization-BypassClutter" ` -SetHeaderValue "true" ` -SetSCL "-1" # Combine sender IPs into one transport rule for Junk bypass New-TransportRule -Name "CyberHoot - Bypass Junk by IP" ` -SenderIpRanges $senderIps ` -SetHeaderName "X-Forefront-Antispam-Report" ` -SetHeaderValue "SFV:SKI;CAT:NONE" # Header-based rules (remain separate, no IP dependency) New-TransportRule -Name "CyberHoot - Bypass Spam by Header" ` -HeaderContainsMessageHeader "X-PHISHTEST" ` -HeaderContainsWords $HeaderValue ` -SetHeaderName "X-MS-Exchange-Organization-BypassClutter" ` -SetHeaderValue "true" ` -SetSCL "-1" New-TransportRule -Name "CyberHoot - Bypass Junk by Header" ` -HeaderContainsMessageHeader "X-PHISHTEST" ` -HeaderContainsWords $HeaderValue ` -SetHeaderName "X-Forefront-Antispam-Report" ` -SetHeaderValue "SFV:SKI;CAT:NONE"