User Tools

Site Tools


mail_settings

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
mail_settings [2019/03/26 15:10] lucymail_settings [2021/04/08 10:27] (current) – new variables lucy
Line 5: Line 5:
 ===== Where to find the message template settings? ===== ===== Where to find the message template settings? =====
  
-A campaign can have multiple scenario's. Each scenario has its own message template. To configure the message template please click on your campaign name--> on "BASE SETTINGS" (1) --> select the scenario template which you want to configure (2--> click on "message template": +A campaign can have multiple scenarios. Each scenario - phishing or awareness- has its own **Message Template**. To configure the message template please choose the Campaign and navigate to Configuration -> under the **Attack (1)** or **Awareness (2) Settings** --> select the Scenario template which you want to configure -> **Edit the Scenario Settings (3)** -> click on **Message template/Email template**:
- +
-{{ message_where.png?600 }} +
  
 +{{::message_where.png|}}
 ===== Message template configuration ===== ===== Message template configuration =====
  
 The message template is split into different configuration sections: The message template is split into different configuration sections:
  
-  * **Top Part:** In the message template top part you can choose your language (1) sender's name (2), email address (3) and subject (4) together with the actual message (content). You also have the ability to selectif the message is sent via mail or SMS (1)+{{:exp_message_template.png|}} 
 + 
 +Choose your: 
 + 
 +  * **Message Type (1)**Email or SMS 
 +  * **Сhoose the language (2)** for each group. If you configured an English landing pagethen select English also within that recipient group. If you have different groups with different languages within your company you can simply create a group and select a language for each recipient. LUCY then will direct each user to an individual landing page that [[dealing_with_multiple_languages_in_your_recipient_group|matches that language]]. 
 +  * **Sender Name (3)**: The sender name equals the "from" line in the SMTP message header and it is only used for display purposes. You can just write a name in there (like "Jon Smith"). If you just want to display a different name together with an e-mail address, write the e-mail address with the display name in brackets as such: <Joe Example> joe@example.com. 
 +  * **Sender Email (4)** address: Note: The most common reason for emails not arriving at your Recipient's Inbox are SPAM filtersWhen using a known email domain like test@microsoft.com or a non-existing email domain like test@nonexistant.com, your email might get deleted by SPAM filters. Some public email providers are very restrictive and might not even forward emails to your Recipient's SPAM folder. To verify this you can use LUCY's built-in SPAM Checker. 
 +  * **Recipient Header (5)**: Lucy also provides an ability to send all mails with fake CC or BCC. 
 +  * **Subject (7)**: Create a Unique Subject Title In your e-mail headerinclude something unique to the recipient that's unlikely to be in a Spam message. Examples could include your company name, the name of one of your target's competitors, or the name of a person with whom the target is already familiar.
  
-{{ message_whatii.png?600 }} 
  
 ** Q: Can I use any sender name?** Yes - the sender name equals the "from" line in the SMTP message header and it is only used for display purposes. You can just write a name in there (like "Jon Smith"). If you just want to display a different name together with an e-mail address, write the e-mail address with the display name in brackets as such: <Joe Example> joe@example.com. Depending on your mail client the recipient might only see the name field in the mail preview. But in most cases he will see the real "MAIL FROM" address when he opens the mail: ** Q: Can I use any sender name?** Yes - the sender name equals the "from" line in the SMTP message header and it is only used for display purposes. You can just write a name in there (like "Jon Smith"). If you just want to display a different name together with an e-mail address, write the e-mail address with the display name in brackets as such: <Joe Example> joe@example.com. Depending on your mail client the recipient might only see the name field in the mail preview. But in most cases he will see the real "MAIL FROM" address when he opens the mail:
Line 28: Line 34:
 **Solution**: You can either  **Solution**: You can either 
  
-  -  insert a mail sender domain that is NOT SPF protected (you can check here: https://mxtoolbox.com/spf.aspx) or  +  * Insert a mail sender domain that is NOT SPF protected (you can check here: https://mxtoolbox.com/spf.aspx) or  
-  -  use a mail domain that is owned by you (see [[domain_configuration|domain config]]) or  +  * Use a mail domain that is owned by you (see [[domain_configuration|domain config]]) or  
-  -  whitelist LUCY and the domains used in LUCY at the client side.+  * Whitelist LUCY and the domains used in LUCY at the client side.
  
-Please also take a look at the legal aspect here: https://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=legal_aspects_of_phishing_spoofing_etc +Pleasealso take a look at the legal aspect here: https://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=legal_aspects_of_phishing_spoofing_etc 
  
 +===== Add mail attachments in the message template =====
 +LUCY allows you to insert an image in an email within the message template:
  
-  * **Malware Simulation**: compile and attach a file based malware simulation to the mail message. Learn more [[create_a_phishing_campaign_with_malware_simulations|here]].+  * You can choose between different **embedding types**: CID Embedded Images, Linked Images (on LUCY or externally). To find more information, please, consult [[embed_image_in_mail | this chapter]]. 
 +  * **Malware Simulation**: compile and attach a file-based malware simulation to the mail message. Learn more [[create_a_phishing_campaign_with_malware_simulations|here]].
   * **Attachments**: upload your own custom attachment or payload   * **Attachments**: upload your own custom attachment or payload
   * **General Mail Settings**: define mail header settings   * **General Mail Settings**: define mail header settings
   * **Advanced Mail Settings**: send mail as plain text, use an external mail service provider that creates a randomized mail sender, define a hostname for the mail server etc.   * **Advanced Mail Settings**: send mail as plain text, use an external mail service provider that creates a randomized mail sender, define a hostname for the mail server etc.
  
-{{ messageoptions.png?600 }}+{{::screenshot_from_2020-08-23_17-33-07.png|}}
  
  
-==== Creating the Link to the Landing Page within the message template (mail body) ====+===== Creating the Link to the Landing Page within the message template (mail body) =====
  
-Within the email, you will be able to place the link to the Landing Page (or awareness elearning site). Each user will get a unique link (it might look like http://www.example-phishing.com/aea43bc8fa2a3dc78f987ed5db94ba1a1ff39ba13e9ed228f2c6eff73d787040) in their e-mail so LUCY will be able to analyze a recipient's clicking behavior. +Within the email, you will be able to place the link to the Landing Page (or awareness eLearning site). Each user will get a unique link (it might look like http://www.example-phishing.com/aea43bc8fa2a3dc78f987ed5db94ba1a1ff39ba13e9ed228f2c6eff73d787040) in their e-mail so LUCY will be able to analyze a recipient's clicking behavior. 
  
-**Alternative 1: Use the %link% variable in the text:** +==== Alternative 1: Use the %link% variable in the text: ==== 
-To insert that link, you can simply type %link% at the place where it should appear.+To insert that link, you can simply type **%link%** at the place where it should appear.
  
-{{ 43.jpg?direct&600 }}+{{:link_variable.png|}}
  
-As a result user will get a mail containing the link that points to your Landingor Awareness page:+As a result, the user will get a mail containing the link that points to your Landing or Awareness page:
  
-{{ 107.jpg?600 }}+{{::screenshot_from_2020-08-24_02-29-44.png|}}
  
-The link is dynamically generated: +**The link is dynamically generated:** 
-  * It will automatically add the http:// or https:// prefix (if you want https prefix you need to [[ssl_configuration|enable SSL]])+  * It will automatically add the http:// or https:// prefix (if you want an https prefix you need to [[ssl_configuration|enable SSL]])
   * It will automatically use the domain or IP in your scenario configuration (example: if you selected the domain "www.example.com" within the scenario settings, LUCY will create a link like "http://www.example.com/28shFG/"   * It will automatically use the domain or IP in your scenario configuration (example: if you selected the domain "www.example.com" within the scenario settings, LUCY will create a link like "http://www.example.com/28shFG/"
  
  
-**Alternative 2: Hide the %link% variable behind a word** +==== Alternative 2: Hide the %link% variable behind a word ==== 
-As a second alternative you could also hide the randomized link and place the hyperlink behind a text, button, image etc. +As a second alternativeyou could also hide the randomized link and place the hyperlink behind a text, button, imageetc. 
  
-Example "hiding behind text":  +**Example**: Hiding behind text:  
-  * select the text which should contain the link (1)  +  * Select the** text which should contain the link (1)**  
-  * and then press the hyperlink symbol (2).  +  * And then press the **hyperlink symbol (2)**.   
 +  * This opens a pop-up where you need to define: 
 +  * **Protocol (3)**: Custom (LUCY displays the hostname or IP of your admin UI. 
 +  * **URL (4)**: %link% 
 +  * Then save the changes by clicking **OK**.
  
-This opens a pop-up where you need to define (3): +{{::links_variable_hyperlink.png|}}
-  * ProtocolCustom (LUCY displays the host name or IP of your admin UI) +
-  * URL: %link% +
-  * Then save the changes by clicking "OK".+
  
-{{ select_link.png?600  }}+==== Alternative 3: Hide the %link% variable behind another link ====
  
-**Alternative 3: Hide the %link% variable behind another link** +Pleasemake sure the link variable is set in the HTML code if you hide it behind another Link. If you type a hyperlink instead of a word, the editor will automatically detect that, and create the link in the code. But this link will be wrong: If you type http://www.example.com in the editor, LUCY will automatically create a hyperlink to http://www.example.com in the HTML code (1) and underline the URL. But if you want http://www.example.com pointing to your LUCY URL, please remove the link pointing to http://www.example.com in the source code directly, or remove it by clicking on the "unlink" symbol (2), and then select the text "http://www.example.com" and click on the link symbol again and insert %link% in the HTML code (3).
- +
-Please make sure the link variable is set in the HTML codeif you hide it behind another Link. If you type a hyperlink instead a word, the editor will automatically detect that, and create the link in the code. But this link will be wrong: If you type http://www.example.com in the editor, LUCY will automatically create a hyperlink to http://www.example.com in the HTML code (1) and underline the URL. But if you want http://www.example.com pointing to your LUCY URL, please remove the link pointing to http://www.example.com in the source code directly, or remove it by clicking on the "unlink" symbol (2), and then select the text "http://www.example.com" and click on the link symbol again and insert %link% in the HTML code (3).+
  
 {{ link_behind_l.png?600 }} {{ link_behind_l.png?600 }}
Line 92: Line 100:
 ==== Manual Link Creation ==== ==== Manual Link Creation ====
  
-If you don't want to use LUCY's randomized URLs, you can also create your own customized links. You will still need to use the %link% variable in the email template. Regarding the recipients, you can define your own links that LUCY will use for the campaign. More info can be found:[[configuration_for_clients_that_cannot_click_on_links_in_mails|here]].+If you don't want to use LUCY's randomized URLs, you can also create your own customized links. You will still need to use the %link% variable in the email template. Regarding the recipients, you can define your own links that LUCY will use for the campaign. More info can be found [[configuration_for_clients_that_cannot_click_on_links_in_mails|here]].
  
  
 ==== Automatic Link Creation with a shortened randomized string ==== ==== Automatic Link Creation with a shortened randomized string ====
  
-As mentioned before LUCY will create a randomized URL with a string to identify the user (e.g. http://www.example-phishing.com/aea43bc8fa2a3dc78f987ed5). If you want a shortened randomized string because you feel that the long string might look suspicious to a user you can tell LUCY to use a short version within the advanced settings: +As mentioned before LUCY will create a **randomized URL** with a string to identify the user (e.g. http://www.example-phishing.com/aea43bc8fa2a3dc78f987ed5). If you want a shortened randomized string because you feel that the long string might look suspicious to a user you can tell LUCY to use a short version under the menu **Settings -> Advanced Settings -> Recipients**:
- +
-{{ short_r_link.png?600 }}+
  
 +{{::adv_set_recipients.png|}}
  
 ===== Variables you can use within the message template ===== ===== Variables you can use within the message template =====
  
-Lucy allows you to use multiple variables within the message template. The variables pull the information from the [[add_mail_recipients|recipient]] in the associated group. The message variables may be used in the mail body and also within the mail header elements:+Lucy allows you to use multiple variables within the message template. The variables pull the information from the [[add_mail_recipients|recipient]] in the associated group. The message variables may be used in the mail body and also within the **mail header elements**:
  
-{{ messagefieldsheader.png?600 }}+{{::messagefieldsheader.png|}}
  
-You may use the following variables in the message template: +You may use the following **variables** in the **message template**
  
-  * %link% — unique page URL for the recipient. +  * **%link%** — unique page URL for the recipient. 
-  * %link-awareness% — link to awareness website. You should configure & enable awareness website in campaign settings for this feature to work. +  * **%link-awareness%** — link to awareness website. You should configure & enable awareness website in campaign settings for this feature to work. 
-  * %name% — recipient name +  * **%name%** — recipient name 
-  * %email% — recipient e-mail address +  * **%firstname%** — recipient first name 
-  * %division% +  * **%lastname%** — recipient last name 
-  * %location% +  * **%email%** — recipient e-mail address 
-  * %staff-type% +  * **%division%** 
-  * %comment% — recipient related information. +  * **%location%** 
-  * %gender("MALE ADDRESSING", "FEMALE ADDRESSING")% — recipient gender +  * **%staff-type%** 
-  * %time(FORMAT, OFFSET, ZONE)% — Time based variables +  * **%comment%** — recipient related information. 
 +  * **%gender("MALE ADDRESSING", "FEMALE ADDRESSING", "NO GENDER")%** — recipient gender 
 +  * **%subject%** — subject of the phishing mail 
 +  * **%sender%** — sender name of the phishing mail 
 +  * **%sender-email%** — e-mail address of the phishing mail 
 +  * **%time(FORMAT, OFFSET, ZONE)%** — Time based variables 
  
 **More info about the time variable**  **More info about the time variable** 
-  * FORMAT - date/time format +  * **FORMAT** - date/time format 
-  * OFFSET - date/time offset in minutes, can be negative. Example: "-60" - means 60 minutes prior to mail submit time, "20160" - 20160 minutes = 14 days +  * **OFFSET** - date/time offset in minutes, can be negative. Example: "-60" - means 60 minutes prior to mail submit time, "20160" - 20160 minutes = 14 days 
-  * ZONE - time zone name. Example: US/Central  +  * **ZONE** - time zone name. Example: US/Central  
-  * EXAMPLES: %time("l, H:i", "0", "Europe/Zurich")% — will output "Monday, 09:20" - exact time of mail submission in Europe/Zurich zone | %time("Y/m/d H:i:s", "60")% — will output "2016/12/12 10:20:30" - 1 hour ahead of mail submit time+  * EXAMPLES: **%time("l, H:i", "0", "Europe/Zurich")%** — will output "Monday, 09:20" - exact time of mail submission in Europe/Zurich zone | %time("Y/m/d H:i:s", "60")% — will output "2016/12/12 10:20:30" - 1 hour ahead of mail submit time
  
 You can also use the dropdown in the message template to insert the variables at the right place: You can also use the dropdown in the message template to insert the variables at the right place:
  
-{{ links_variable.png?600 }}+{{::links_variable.png|}}
  
 Please note, that these variables are not available in CSS and Javascript files. Please note, that these variables are not available in CSS and Javascript files.
  
  
-==== Embedding images ====+===== Embedding images =====
  
-Within the message template you can embed images. Please visit [[embed_image_in_mail|this chapter]] for your options.+Within the message templateyou can embed images. Please visit [[embed_image_in_mail|this chapter]] for your options.
  
  
Line 153: Line 165:
 If you want to catch email replies you have three options: If you want to catch email replies you have three options:
  
-{{ forwardsemails.png?600 }}+{{::forwardsemails.png|}}
  
-  * (1) Define a **Reply-to header**. Please define that under the "scenario settings/message template" at the bottom under "advanced mail settings". The reply to address is the address where email replies should be sent, instead of ‘From’. This is used if, for some reason, your ‘From’ address cannot receive replies (e.g. you do not control that domain or don't have a mail server setup for that domain). In the screenshot below you see that the email is sent from the user "mitchel@guysfromrolla.com". If the user clicks on the reply-to button in the mail, the actual reply-to address set in the header is used then (billg@microsoft.com). You should use a reply-to adress which you can actually receive. Typically phishers use generic mail adresses from gmailyahoo etc.+  * (1) Define a **Reply-to header**. Please define that under the **Scenario Settings -> Message Template** at the bottom under **Advanced Mail Settings**. The reply-to address is the address where email replies should be sent, instead of ‘From’. This is used if, for some reason, your ‘From’ address cannot receive replies (e.g. you do not control that domain or don't have a mail server setup for that domain). In the screenshot below you see that the email is sent from the user "mitchel@guysfromrolla.com". If the user clicks on the reply-to button in the mail, the actual reply-to address set in the header is used then (billg@microsoft.com). You should use a reply-to address that you can actually receive. Typically phishers use generic mail addresses from Gmail, Yahoo, etc.
  
 {{ reply_to.png?600 }} {{ reply_to.png?600 }}
  
-  * (2) Define a **Forward Mail**: LUCY is able to forward the Returning/Answering emails to an email address specified in that field. However this requires a DNS entry (MX record) on a DNS server for the sender's domain that points to LUCY. Example: You send emails as attacker@phishing-test.com and LUCY’s IP is 201.35.77.12. Then you need to define MX record like "phishing-test.com  MX  10  201.35.77.12". Within the forward mail field you can enter your own custom mail address (user@example.com). If a user replies to "attacker@phishing-test.com" LUCY will accept this mail and then forward it to "user@example.com" (note: most register services already offer free mail/DNS packages. So if you register a phishing domain you can already setup an email forwarder for that domain and you don’t need LUCY for that).+  * (2) Define a **Forward Mail**: LUCY is able to forward the Returning/Answering emails to an email address specified in that field. Howeverthis requires a DNS entry (MX record) on a DNS server for the sender's domain that points to LUCY. Example: You send emails as attacker@phishing-test.com and LUCY’s IP is 201.35.77.12. Then you need to define an MX record like "phishing-test.com  MX  10  201.35.77.12". Within the forward mail fieldyou can enter your own custom mail address (user@example.com). If a user replies to "attacker@phishing-test.com" LUCY will accept this mail and then forward it to "user@example.com" (note: most register services already offer free mail/DNS packages. So if you register a phishing domain you can already set up an email forwarder for that domain and you don’t need LUCY for that).
  
-  * **Using a catch-all mail account for your registered domain that forwards to another mail address**: If you registered the domain through LUCY you have the ability to define for one specific mail address one mail forwarder ([[domain_configuration|see domain registration settings]]). If you want to have all mail addresses forwarded we can activate a catch all account. This Email Forwarding feature will accept all email addresses on the provider side (using the providers mail server) for a domain and forward emails to other email addresses of your choice. +  * **Using a catch-all mail account for your registered domain that forwards to another mail address**: If you registered the domain through LUCY you have the ability to define for one specific mail address one mail forwarder ([[domain_configuration|see domain registration settings]]). If you want to have all mail addresses forwarded we can activate a catch-all account. This Email Forwarding feature will accept all email addresses on the provider side (using the provider'mail server) for a domain and forward emails to other email addresses of your choice. 
  
  
 ===== Create a HTTPS link (use SSL) ===== ===== Create a HTTPS link (use SSL) =====
  
-By default LUCY will use HTTP connection to your landing page. If you want the phishing or awareness website to be accessed via SSL, you first need to create the link in your message template (1) using the default LUCY variable (%link%). Next you need to click on the scenario settings. A submenu called SSL settings (2) will open. Please enable the checkbox and create the certificate. LUCY will then automatically create https link to your landing page: +By defaultLUCY will use an HTTP connection to your landing page. If you want the phishing or awareness website to be accessed via SSL, you first need to create the link in your **Message Template (1)** using the default LUCY variable **%link%**. Nextyou need to click on the **Scenario Settings**. A submenu called **SSL Settings (2)** will open. Please enable the checkbox and create the certificate. LUCY will then automatically create an https link to your landing page:
- +
-{{ link_ssl.png?600 }}+
  
 +{{::link_ssl.png|}}
  
 ===== Technical Background Info ===== ===== Technical Background Info =====
  
-Lucy uses the file under /etc/postfix/virtual.db for email forwarding, when you check "Forward emails to" checkbox in scenario's message settings. When you enable email handing feature in incident settings, Lucy adds email domain to /etc/postfix/main.cf, to the line with "mydestination" option, and that makes Lucy to intercept all emails that arrive to emails on that domain.+Lucy uses the file under /etc/postfix/virtual.db for email forwarding, when you check "Forward emails to" checkbox in scenario's message settings. When you enable email handing feature in incident settings, Lucy adds email domain to /etc/postfix/main.cf, to the line with "mydestination" option, and that makes Lucy intercept all emails that arrive to emails on that domain.
  
 ===== Issues with Line Breaks in Outlook ===== ===== Issues with Line Breaks in Outlook =====
mail_settings.1553609430.txt.gz · Last modified: 2019/07/25 12:51 (external edit)