LUCY

User Tools

Site Tools

Trace:
troubleshooting_known_issues

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
troubleshooting_known_issues [2015/11/05 10:27] lucytroubleshooting_known_issues [2015/11/10 18:12] – [Mail communication issues] lucy
Line 25: Line 25:
    * LUCY is sending mails in most cases via SMTP (port 25). If you place LUCY in a company LAN keep in mind that in most cases port 25 to your official MX (mail server) is not opened from the LAN to the DMZ or wherever your mail server is located. LUCY also needs to be able to resolve DNS (port 53) to make that MX lookup.    * LUCY is sending mails in most cases via SMTP (port 25). If you place LUCY in a company LAN keep in mind that in most cases port 25 to your official MX (mail server) is not opened from the LAN to the DMZ or wherever your mail server is located. LUCY also needs to be able to resolve DNS (port 53) to make that MX lookup.
   * Did you define your own company domain as a sender? Example: you try to phish your employees with the domain mycompany.com, which actually is the official domain for your company? Problem is: there might be a DNS record (example SPF) that defines, which mail server is allowed to send mails on behalf of this domain. If such a record exists your mail server will deny mails coming from a different server using this domain. The solution here: if you still want to perform a phishing test with a domain like the one from your company we recommend reserving a similar domain like “my-company.com” or place a typo in there like “myconpany.com”. Most users won’t recognize the difference and you have an additional feature to test the awareness.   * Did you define your own company domain as a sender? Example: you try to phish your employees with the domain mycompany.com, which actually is the official domain for your company? Problem is: there might be a DNS record (example SPF) that defines, which mail server is allowed to send mails on behalf of this domain. If such a record exists your mail server will deny mails coming from a different server using this domain. The solution here: if you still want to perform a phishing test with a domain like the one from your company we recommend reserving a similar domain like “my-company.com” or place a typo in there like “myconpany.com”. Most users won’t recognize the difference and you have an additional feature to test the awareness.
-* Did you also modify your DNS entries to match the scenario? Some SPAM filters for example will test if there is a valid PTR (reverse DNS) set for the host that sends a mail. If it doesn't exist, it will be rejected. Most providers allow you to define MX, TXT, A records for your domain/host.+  * Did you also modify your DNS entries to match the scenario? Some SPAM filters for example will test if there is a valid PTR (reverse DNS) set for the host that sends a mail. If it doesn't exist, it will be rejected. Most providers allow you to define MX, TXT, A records for your domain/host. But not only the PTR is required. Your SMTP banner sometimes also gets checked, if it matches the hostname. To change the hostname within the mail service you can set the hostname within /etc/postfix/main.cf  like this: "myhostname=server.example.com". Then restart the mailserver: "postfix stop && postfix start"
  
 ==== LUCY says “mail test failed” when I start a campaign ==== ==== LUCY says “mail test failed” when I start a campaign ====
Line 69: Line 69:
  
  
-==== Statistics Page: I see way more link clicks or page views than send out mails ====+==== Statistics Page: I see way more page views than send out mails ====
  
   * It is possible a user forwards the mail or clicks on the same link more than one time   * It is possible a user forwards the mail or clicks on the same link more than one time
 +  * It is possible the user re-visits/re-fresh's the page
   * Page views are always higher than the amount of mails send since each page (login page, account page or refresh of the browser counts as a page view).   * Page views are always higher than the amount of mails send since each page (login page, account page or refresh of the browser counts as a page view).
 +
 +==== Statistics Page: I see way more link clicks than send out mails ====
 +
 +  * There are circumstances where automated SPAM filters on a mail gateway will first visit and test all the links before sending out the mail. LUCY records those links as visited, even though the mail might not have arrived at the user yet.
 +
  
 ==== Running a Campaign: the link does not work anymore ==== ==== Running a Campaign: the link does not work anymore ====
Line 80: Line 86:
  
 ==== Running a Campaign: It takes me automatically to the “authenticated” account page when I click on the URL in the mail ==== ==== Running a Campaign: It takes me automatically to the “authenticated” account page when I click on the URL in the mail ====
- 
  
   * This means that you have already clicked on that URL in the mail before and authenticated. As an authenticated user you will have a session cookie stored in your browser which takes you automatically to the authenticated page. This is intended since we don’t want users to authenticate twice. By deleting your browser cache you will get to the login page again after clicking on the link in the URL   * This means that you have already clicked on that URL in the mail before and authenticated. As an authenticated user you will have a session cookie stored in your browser which takes you automatically to the authenticated page. This is intended since we don’t want users to authenticate twice. By deleting your browser cache you will get to the login page again after clicking on the link in the URL
Line 90: Line 95:
 ==== Awareness Website: the awareness website is not working. ==== ==== Awareness Website: the awareness website is not working. ====
  
-Opposite to the phishing website the awareness website has to be started manually in order to work (has to be published and started)+Opposite to the phishing website the awareness website has to be started manually in order to work (has to be published and started). Sometimes the automatic sending of the awareness site also depends, if LUCY has recorded an successful attack. This depends on the scenario type. Example: if you create a file based campaign and then use a data entry template LUCY won’t consider the login from the user as a “success”. Only the file download from a user would be a “success” and start the automatic awareness mail.
  
 ==== Infrastructure Issue: Links in mails in my company cannot be opened ==== ==== Infrastructure Issue: Links in mails in my company cannot be opened ====
Line 112: Line 117:
  
 ==== When you perform a test run with your campaign the SPAM check hangs ==== ==== When you perform a test run with your campaign the SPAM check hangs ====
-If you’re using Debian 7 and installing the software through the shell script, then you might need to reboot the system for Spam Assassin to start. It may fail to start automatically sometimes - that’s why the Spam Check may hang. That behavior has been fixed in 2.2.+If you’re using Debian 7 and installing the software through the shell script, then you might need to reboot the system for Spam Assassin to start. It may fail to start automatically sometimes - that’s why the Spam Check may hang. That behavior has been fixed in 2.2. In LUCY 2.2-2.5 the SPAM check will verify over 200 online DB's. This takes at least 10-15 minutes for this check to be finished! Starting from 2.6 the SPAM check is optional and not enabled by default.
  
-In LUCY 2.2-2.5 the SPAM check will verify over 200 online DB's. This takes at least 10-15 minutes for this check to be finished! 
troubleshooting_known_issues.txt · Last modified: 2020/04/26 16:35 by lucy