Header Manipulation
To check if our email will triger any anti-spam software, we use SpamAssassin (https://spamassasin.apache.org). ProtonMail uses SpamAssassin combine with comemercial blacklists to flag junk emails. We will simply send test phising emails to a free ProtonMail accont we create. Whithin ProtonMail appends headers to an email detailing the various checks and tests it has applied, as well as the global score attributed to the email.
*We can use an email sending platform like Mailchimp or Amazon SES to set up this options through an user interface.
- Routing Emails
We will rely on a local Postfix mail server installed on both the redirector and the phising backend to distribute our emails:
apt-get install postfix
service postfix restart
All emails will be sent from our phishing server, but they will neccessarily go through Postfic on the phishing relay to mask our first IP address. If the target blokcs our public redirector's IP address, we only need to redirect our traffic through another Postfix relay.
We need to Instruct Postfix to establish TLS connections, set the hostname to {buyed domain} and allow the phishing server to use this Postfix instance as a relay.
We configure this settings on the public redirector in the file /etc/postfix/main.cf:
Correspondingly, in the /etc/postfix/main.cf on the backend Postfix server, we point to our public redirector as an email relay server and force encryption as well:
Then we send a quick test to a throwable inbox. Th eemail's headers should only display the relay's IP address:
echo "Test" \ | mail -s "Subjetc Test" {email}
- Setting up the Sender Policy Framework
Setting up the SPF: we just need to add a new TXT DNS record that authprizeds our public redirector to send emails on behalf of the @{buyed_domain} domain. In the Domain Dashboard we add the following DNS record:
v=spf1 ip4:{redirector_ip} -all
- Generating a Public Key for DKIM
On the phishing server, we install OpenDKIM:
sudo apt-get install opendkim opendkim-tools
OpenDKIM intercepts all the Postfix outgoing emails, signs the body, then forwards them to their destination. First we need to replace the content of /etc/opendkim.conf with:
We then set up the port on which OpenDKIM receives outgoing emails to sign by updating the file /etc/default/opendkim like so:
Next we instruct Postfix to relay all outgoing emails to the DKIM daemon. In /etc/postfix/main.cf we add the follwing:
Finally, we move to the /etc/opendkim/ directory, which is where we generate and store the domain's private key:
cd /etc/opendkim/
opendkim-genkey -s mail -d {buyed_domain}
chown opendkim:opendkim mail.private
These commands create a public key mail.txt and a private key mail.private.
The public key mail.txt is published in a TXT DNS record that we set up on the Domain Dashboard.
Once this setup is done, we restart OpenDKIM and Postfix on the phishing server:
service postfix restart
service opendkim restart
We can check the final configuration of our email server by sending a test mail.
Last updated