Table of Contents
Possible reasons for mail communication issues
There are many reasons for email communication errors. Example: In LUCY, emails appeared to be sent to your recipients. But sometimes emails never arrive or arrive very late. In this case, there are a few issues you can check:
- Existing 3rd party mail domain: Did you use an email address with a domain that points to a different MX record? If you use attacker@gmail.com as an example for the sender most email servers will block that email since LUCY is not the official email server for this service.
- Non-existant mail sender: Did you use an email address as a sender that does not exist? This will get rejected by most mail servers.
- You use a file based attack scenario: many SPAM filters filter mails that contain an executable (even if they are zipped). Therefore those mails won't arrive. Solution: switch to a file based scenario where the user can download the file from a webpage.
- Invalid recipient: Did you use a valid recipient address? If you uploaded a recipient like “info@domain_does_not_exist.com no email will arrive since there is no email server for the domain "domain_does_not_exist.com”
- SPAM issues: The email might have arrived in the Spam Inbox because some Spam filters may classify emails as Spam if the subject or body contains specific words. You can verify your email content by using a free service like https://www.mail-tester.com/ (german) or http://isnotspam.com/ (English). Please check out this WIKI on how to avoid SPAM issues.
- Incorrect mail domain: The email might have been rejected at the recipient's email server because many email servers reject emails from a server that has no valid MX record. You should see the status in the LUCY Error log.
- Firewall blocks port 25: LUCY is sending emails, in many cases, via SMTP (port 25). If you place LUCY in a company LAN, keep in mind that in many cases port 25 to your official MX (email server) is not opened from the LAN to the DMZ or wherever your email server is located. LUCY also needs to be able to resolve DNS (port 53) to do the MX lookup.
- Spoofing your own domain: Did you define your own company domain as a sender? Example: You try to phish your employees with the domain mycompany.com which is actually the official domain for your company? The problem is that there might be a DNS record (example SPF) that defines which mail server is allowed to send mails on behalf of this domain. If such a record exists your email server will deny emails coming from a different server using this domain. The solution is: If you still want to perform a phishing test, with a domain like the one from your company, we recommend reserving a similar domain like “my-company.com” or strategically place a typo like “myconpany.com”. Most users won’t recognize the difference and you'll have an additional feature to test awareness.
- Missing DNS entries (SPAM issues): Did you modify your DNS entries to match the scenario? Some SPAM filters will test if there is a valid PTR (reverse DNS) set for the host that sends an email. If it doesn't exist, it will be rejected. Most providers allow you to define MX, TXT, records for your domain/host. But not only the PTR is required. Your SMTP banner sometimes also gets checked, if it matches the hostname. To change the hostname in the email service, you can set the hostname within /etc/postfix/main.cf like this: "myhostname=server.example.com". Then restart the mail server: "postfix stop && postfix start".
What logs do I have to investigate the issue?
- First check if the mail got send by clicking on the message log in the left navigation panel within a campaign
- Then check if there was a communication error by clicking on the error log in the left navigation panel within a campaign
Please also take a look at the Postfix mail log to get a more detailed output.
How to investigate mail delivery issues?
There are a few possible scenario's:
- a) No mails send: then you won’t see anything in the message log. This could be caused by a misconfiguration of the campaign. Go check your settings.
- b) Mails send – but with error: then you will see an error in “Errors”. LUCY displays the error message of the remote SMTP server. Example: if you want to send a mail to john@company.com LUCY will lookup the MX record for "company.com" and communicate via SMTP (port 25) to the server. If the server rejects the mail delivery you will see the remote smtp server's status code in the error log.
- c) Mail send – no error: mail communication has been established and mails have been accepted for delivery, but no mail arrives. Try to send a test mail under support/test mail.
If the test mail arrives you know that the SMTP communication works and LUCY's IP is not filtered by any 3rd Party product. Therefore you experience a configuration issue in the campaign which causes the mail to get filtered (like using a spoofed sender domain which has an SPF record, using a sender domain that points to a different MX record or has no valid MX record at all or creating a campaign that gets filtered because of the SPAM score). Also make sure you even created a message template in the campaign).
If the test mail does not go through: make sure port 25 is opened on your router/firewall and mails do not get filtered by SPAM filters. In case the firewall configuration is not allowing LUCY to send mails, you might also configure LUCY to use an external mail server. See using_an_external_mail_server_or_web_proxy. Also please investigate your configuration
- d) Mails start sending - but it stops after a while. Please check this chapter.
How can you resend mails that generated an error?
Yes - please consult this chapter.