LUCY

User Tools

Site Tools

Trace:
mail_settings

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
mail_settings [2019/03/26 15:10] lucymail_settings [2019/05/22 17:42] lucy
Line 35: Line 35:
  
  
-  * **Malware Simulation**: compile and attach a file based malware simulation to the mail message. Learn more [[create_a_phishing_campaign_with_malware_simulations|here]].+  * **Malware Simulation**: compile and attach a file-based malware simulation to the mail message. Learn more [[create_a_phishing_campaign_with_malware_simulations|here]].
   * **Attachments**: upload your own custom attachment or payload   * **Attachments**: upload your own custom attachment or payload
   * **General Mail Settings**: define mail header settings   * **General Mail Settings**: define mail header settings
Line 45: Line 45:
 ==== Creating the Link to the Landing Page within the message template (mail body) ==== ==== Creating the Link to the Landing Page within the message template (mail body) ====
  
-Within the email, you will be able to place the link to the Landing Page (or awareness elearning site). Each user will get a unique link (it might look like http://www.example-phishing.com/aea43bc8fa2a3dc78f987ed5db94ba1a1ff39ba13e9ed228f2c6eff73d787040) in their e-mail so LUCY will be able to analyze a recipient's clicking behavior. +Within the email, you will be able to place the link to the Landing Page (or awareness eLearning site). Each user will get a unique link (it might look like http://www.example-phishing.com/aea43bc8fa2a3dc78f987ed5db94ba1a1ff39ba13e9ed228f2c6eff73d787040) in their e-mail so LUCY will be able to analyze a recipient's clicking behavior. 
  
 **Alternative 1: Use the %link% variable in the text:** **Alternative 1: Use the %link% variable in the text:**
Line 52: Line 52:
 {{ 43.jpg?direct&600 }} {{ 43.jpg?direct&600 }}
  
-As a result user will get a mail containing the link that points to your Landing- or Awareness page:+As a resultuser will get a mail containing the link that points to your Landing- or Awareness page:
  
 {{ 107.jpg?600 }} {{ 107.jpg?600 }}
Line 62: Line 62:
  
 **Alternative 2: Hide the %link% variable behind a word** **Alternative 2: Hide the %link% variable behind a word**
-As a second alternative you could also hide the randomized link and place the hyperlink behind a text, button, image etc. +As a second alternativeyou could also hide the randomized link and place the hyperlink behind a text, button, image etc. 
  
 Example "hiding behind text":  Example "hiding behind text": 
Line 69: Line 69:
  
 This opens a pop-up where you need to define (3): This opens a pop-up where you need to define (3):
-  * Protocol: Custom (LUCY displays the host name or IP of your admin UI)+  * Protocol: Custom (LUCY displays the hostname or IP of your admin UI)
   * URL: %link%   * URL: %link%
   * Then save the changes by clicking "OK".   * Then save the changes by clicking "OK".
Line 77: Line 77:
 **Alternative 3: Hide the %link% variable behind another link** **Alternative 3: Hide the %link% variable behind another link**
  
-Please make sure the link variable is set in the HTML codeif you hide it behind another Link. If you type a hyperlink instead a word, the editor will automatically detect that, and create the link in the code. But this link will be wrong: If you type http://www.example.com in the editor, LUCY will automatically create a hyperlink to http://www.example.com in the HTML code (1) and underline the URL. But if you want http://www.example.com pointing to your LUCY URL, please remove the link pointing to http://www.example.com in the source code directly, or remove it by clicking on the "unlink" symbol (2), and then select the text "http://www.example.com" and click on the link symbol again and insert %link% in the HTML code (3).+Please make sure the link variable is set in the HTML code if you hide it behind another Link. If you type a hyperlink instead of a word, the editor will automatically detect that, and create the link in the code. But this link will be wrong: If you type http://www.example.com in the editor, LUCY will automatically create a hyperlink to http://www.example.com in the HTML code (1) and underline the URL. But if you want http://www.example.com pointing to your LUCY URL, please remove the link pointing to http://www.example.com in the source code directly, or remove it by clicking on the "unlink" symbol (2), and then select the text "http://www.example.com" and click on the link symbol again and insert %link% in the HTML code (3).
  
 {{ link_behind_l.png?600 }} {{ link_behind_l.png?600 }}
Line 136: Line 136:
 ==== Embedding images ==== ==== Embedding images ====
  
-Within the message template you can embed images. Please visit [[embed_image_in_mail|this chapter]] for your options.+Within the message templateyou can embed images. Please visit [[embed_image_in_mail|this chapter]] for your options.
  
  
Line 155: Line 155:
 {{ forwardsemails.png?600 }} {{ forwardsemails.png?600 }}
  
-  * (1) Define a **Reply-to header**. Please define that under the "scenario settings/message template" at the bottom under "advanced mail settings". The reply to address is the address where email replies should be sent, instead of ‘From’. This is used if, for some reason, your ‘From’ address cannot receive replies (e.g. you do not control that domain or don't have a mail server setup for that domain). In the screenshot below you see that the email is sent from the user "mitchel@guysfromrolla.com". If the user clicks on the reply-to button in the mail, the actual reply-to address set in the header is used then (billg@microsoft.com). You should use a reply-to adress which you can actually receive. Typically phishers use generic mail adresses from gmail, yahoo etc.+  * (1) Define a **Reply-to header**. Please define that under the "scenario settings/message template" at the bottom under "advanced mail settings". The reply to address is the address where email replies should be sent, instead of ‘From’. This is used if, for some reason, your ‘From’ address cannot receive replies (e.g. you do not control that domain or don't have a mail server setup for that domain). In the screenshot below you see that the email is sent from the user "mitchel@guysfromrolla.com". If the user clicks on the reply-to button in the mail, the actual reply-to address set in the header is used then (billg@microsoft.com). You should use a reply-to address which you can actually receive. Typically phishers use generic mail addresses from gmail, yahoo etc.
  
 {{ reply_to.png?600 }} {{ reply_to.png?600 }}
  
-  * (2) Define a **Forward Mail**: LUCY is able to forward the Returning/Answering emails to an email address specified in that field. However this requires a DNS entry (MX record) on a DNS server for the sender's domain that points to LUCY. Example: You send emails as attacker@phishing-test.com and LUCY’s IP is 201.35.77.12. Then you need to define MX record like "phishing-test.com  MX  10  201.35.77.12". Within the forward mail field you can enter your own custom mail address (user@example.com). If a user replies to "attacker@phishing-test.com" LUCY will accept this mail and then forward it to "user@example.com" (note: most register services already offer free mail/DNS packages. So if you register a phishing domain you can already setup an email forwarder for that domain and you don’t need LUCY for that).+  * (2) Define a **Forward Mail**: LUCY is able to forward the Returning/Answering emails to an email address specified in that field. Howeverthis requires a DNS entry (MX record) on a DNS server for the sender's domain that points to LUCY. Example: You send emails as attacker@phishing-test.com and LUCY’s IP is 201.35.77.12. Then you need to define an MX record like "phishing-test.com  MX  10  201.35.77.12". Within the forward mail fieldyou can enter your own custom mail address (user@example.com). If a user replies to "attacker@phishing-test.com" LUCY will accept this mail and then forward it to "user@example.com" (note: most register services already offer free mail/DNS packages. So if you register a phishing domain you can already set up an email forwarder for that domain and you don’t need LUCY for that).
  
-  * **Using a catch-all mail account for your registered domain that forwards to another mail address**: If you registered the domain through LUCY you have the ability to define for one specific mail address one mail forwarder ([[domain_configuration|see domain registration settings]]). If you want to have all mail addresses forwarded we can activate a catch all account. This Email Forwarding feature will accept all email addresses on the provider side (using the providers mail server) for a domain and forward emails to other email addresses of your choice. +  * **Using a catch-all mail account for your registered domain that forwards to another mail address**: If you registered the domain through LUCY you have the ability to define for one specific mail address one mail forwarder ([[domain_configuration|see domain registration settings]]). If you want to have all mail addresses forwarded we can activate a catch-all account. This Email Forwarding feature will accept all email addresses on the provider side (using the provider'mail server) for a domain and forward emails to other email addresses of your choice. 
  
  
 ===== Create a HTTPS link (use SSL) ===== ===== Create a HTTPS link (use SSL) =====
  
-By default LUCY will use HTTP connection to your landing page. If you want the phishing or awareness website to be accessed via SSL, you first need to create the link in your message template (1) using the default LUCY variable (%link%). Next you need to click on the scenario settings. A submenu called SSL settings (2) will open. Please enable the checkbox and create the certificate. LUCY will then automatically create https link to your landing page:+By defaultLUCY will use an HTTP connection to your landing page. If you want the phishing or awareness website to be accessed via SSL, you first need to create the link in your message template (1) using the default LUCY variable (%link%). Nextyou need to click on the scenario settings. A submenu called SSL settings (2) will open. Please enable the checkbox and create the certificate. LUCY will then automatically create an https link to your landing page:
  
 {{ link_ssl.png?600 }} {{ link_ssl.png?600 }}
Line 173: Line 173:
 ===== Technical Background Info ===== ===== Technical Background Info =====
  
-Lucy uses the file under /etc/postfix/virtual.db for email forwarding, when you check "Forward emails to" checkbox in scenario's message settings. When you enable email handing feature in incident settings, Lucy adds email domain to /etc/postfix/main.cf, to the line with "mydestination" option, and that makes Lucy to intercept all emails that arrive to emails on that domain.+Lucy uses the file under /etc/postfix/virtual.db for email forwarding, when you check "Forward emails to" checkbox in scenario's message settings. When you enable email handing feature in incident settings, Lucy adds email domain to /etc/postfix/main.cf, to the line with "mydestination" option, and that makes Lucy intercept all emails that arrive to emails on that domain.
  
 ===== Issues with Line Breaks in Outlook ===== ===== Issues with Line Breaks in Outlook =====
mail_settings.txt · Last modified: 2021/04/08 10:27 by lucy