LUCY

User Tools

Site Tools

Trace:
mail_settings

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
mail_settings [2018/05/17 12:34] – [Catching Email Replies] lucymail_settings [2019/03/26 15:10] lucy
Line 69: Line 69:
  
 This opens a pop-up where you need to define (3): This opens a pop-up where you need to define (3):
-  * Protocol: LUCY URL+  * Protocol: Custom (LUCY displays the host name or IP of your admin UI)
   * URL: %link%   * URL: %link%
   * Then save the changes by clicking "OK".   * Then save the changes by clicking "OK".
Line 153: Line 153:
 If you want to catch email replies you have three options: If you want to catch email replies you have three options:
  
-{{ mail_forward.png?600 }}+{{ forwardsemails.png?600 }}
  
   * (1) Define a **Reply-to header**. Please define that under the "scenario settings/message template" at the bottom under "advanced mail settings". The reply to address is the address where email replies should be sent, instead of ‘From’. This is used if, for some reason, your ‘From’ address cannot receive replies (e.g. you do not control that domain or don't have a mail server setup for that domain). In the screenshot below you see that the email is sent from the user "mitchel@guysfromrolla.com". If the user clicks on the reply-to button in the mail, the actual reply-to address set in the header is used then (billg@microsoft.com). You should use a reply-to adress which you can actually receive. Typically phishers use generic mail adresses from gmail, yahoo etc.   * (1) Define a **Reply-to header**. Please define that under the "scenario settings/message template" at the bottom under "advanced mail settings". The reply to address is the address where email replies should be sent, instead of ‘From’. This is used if, for some reason, your ‘From’ address cannot receive replies (e.g. you do not control that domain or don't have a mail server setup for that domain). In the screenshot below you see that the email is sent from the user "mitchel@guysfromrolla.com". If the user clicks on the reply-to button in the mail, the actual reply-to address set in the header is used then (billg@microsoft.com). You should use a reply-to adress which you can actually receive. Typically phishers use generic mail adresses from gmail, yahoo etc.
Line 174: Line 174:
  
 Lucy uses the file under /etc/postfix/virtual.db for email forwarding, when you check "Forward emails to" checkbox in scenario's message settings. When you enable email handing feature in incident settings, Lucy adds email domain to /etc/postfix/main.cf, to the line with "mydestination" option, and that makes Lucy to intercept all emails that arrive to emails on that domain. Lucy uses the file under /etc/postfix/virtual.db for email forwarding, when you check "Forward emails to" checkbox in scenario's message settings. When you enable email handing feature in incident settings, Lucy adds email domain to /etc/postfix/main.cf, to the line with "mydestination" option, and that makes Lucy to intercept all emails that arrive to emails on that domain.
 +
 +===== Issues with Line Breaks in Outlook =====
 +
 +It is possible that certain Outlook versions do not render line breaks correctly. So HTML tags like <br> or <p></p> do not work very often. A workaround is to use tables or to define a distance within a SPAN tag:
 +
 +<p class="MsoNormal"> 
 +   <span>&nbsp;</span> 
 +</p> 
 +
mail_settings.txt · Last modified: 2021/04/08 10:27 by lucy