Header Manipulation

To check if our email will triger any anti-spam software, we use SpamAssassin (https://spamassasin.apache.org). ProtonMail uses SpamAssassin combine with comemercial blacklists to flag junk emails. We will simply send test phising emails to a free ProtonMail accont we create. Whithin ProtonMail appends headers to an email detailing the various checks and tests it has applied, as well as the global score attributed to the email.

*We can use an email sending platform like Mailchimp or Amazon SES to set up this options through an user interface.

- Routing Emails

We will rely on a local Postfix mail server installed on both the redirector and the phising backend to distribute our emails:

apt-get install postfix

service postfix restart

All emails will be sent from our phishing server, but they will neccessarily go through Postfic on the phishing relay to mask our first IP address. If the target blokcs our public redirector's IP address, we only need to redirect our traffic through another Postfix relay.

We need to Instruct Postfix to establish TLS connections, set the hostname to {buyed domain} and allow the phishing server to use this Postfix instance as a relay.

We configure this settings on the public redirector in the file /etc/postfix/main.cf:

myhostname = {buyed domain}
mynetworks = {Outgoing IP Phishing Server} 127.0.0.0/8
inet_interfaces = all
smtp_enforce_tls = yes
smtp_tls_security_level = encrypt

Correspondingly, in the /etc/postfix/main.cf on the backend Postfix server, we point to our public redirector as an email relay server and force encryption as well:

relayhost = {Redirector IP}
smtp_enforce_tls = yes
smtp_tls_security_level = encrypt

Then we send a quick test to a throwable inbox. Th eemail's headers should only display the relay's IP address:

echo "Test" \ | mail -s "Subjetc Test" {email}

- Setting up the Sender Policy Framework

Setting up the SPF: we just need to add a new TXT DNS record that authprizeds our public redirector to send emails on behalf of the @{buyed_domain} domain. In the Domain Dashboard we add the following DNS record:

v=spf1 ip4:{redirector_ip} -all

- Generating a Public Key for DKIM

On the phishing server, we install OpenDKIM:

sudo apt-get install opendkim opendkim-tools

OpenDKIM intercepts all the Postfix outgoing emails, signs the body, then forwards them to their destination. First we need to replace the content of /etc/opendkim.conf with:

#On the phishing server (/etc/opendkim.conf)
	
Domain {buyed_domain}
KeyFile /etc/opendkim/mail.private
Selector mail

We then set up the port on which OpenDKIM receives outgoing emails to sign by updating the file /etc/default/opendkim like so:

#On the phishing server (/etc/default/opendkim)
	
#SOCKET="local:/var/run/opendkim/opendkim.sock"
SOCKET="inet:12301@localhost"

Next we instruct Postfix to relay all outgoing emails to the DKIM daemon. In /etc/postfix/main.cf we add the follwing:

#On the phishing server (/etc/postfix/main.cf)
	
milter_ptrotocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

Finally, we move to the /etc/opendkim/ directory, which is where we generate and store the domain's private key:

cd /etc/opendkim/

opendkim-genkey -s mail -d {buyed_domain}

chown opendkim:opendkim mail.private

These commands create a public key mail.txt and a private key mail.private.

The public key mail.txt is published in a TXT DNS record that we set up on the Domain Dashboard.

Once this setup is done, we restart OpenDKIM and Postfix on the phishing server:

service postfix restart

service opendkim restart

We can check the final configuration of our email server by sending a test mail.