How to setup a local SMTP mail server for testing tools
Running a local mail server can be extremely useful for testing tools that offer mailing functionality. For example, before using GoPhish (or any software that offers email functionality) on an engagement, an operator may have to test the tools locally to investigate the behavior of the tool and get an understanding of potential pitfals. This post describes the steps to install and configure all the required software packages for a local SMTP server.
The post is split in the following sections:
- Install and configure Unbound DNS resolver
- Install and configure Postfix mail server
- Access emails with Evolution mail client
- Acknowledgements
- References
Install and configure Unbound DNS resolver
Unbound [2] is an awesome project that is actually more than a DNS resolver. However, in this post it is only used as a DNS resolver and more specifically, to override internet zones.
Effectively, Unbound DNS is used for two reasons: a) to avoid changing the hostname of the host the SMTP is running on and b) to make a - as much as possible - real environment by using a valid internet domain that will resolve to 127.0.0.1 (localhost).
To install Postfix:
sudo apt install unbound
Pick a valid domain to mimic a valid email address, such as example.org.
To make example.org point to localhost (127.0.0.1) unbound is used to configure override settings. Edit /etc/unbound/unbound.conf and append the following configuration:
server:
local-zone: "example.org." static
local-data: "example.org. IN A 127.0.0.1"
local-data: "mail.example.org IN A 127.0.0.1"
local-data: "example.org. IN MX 10 mail.example.org."
local-data-ptr: "127.0.0.1 example.com."
If on a Debian distro and NetworkManager is managing the network configuration, it is required to change the DNS settings and set a static DNS at 127.0.0.1. This will ensure all the queries are directed to the unbound DNS server.
To set a static DNS server, edit the file /etc/NetworkManager/system-connections/<REPLACE_WITH_THE_NAME_OF_THE_CONNECTION> (for example /etc/NetworkManager/system-connections/Wired connection 1) and add the following settings at the IPv4 section of the configuration file:
dns=127.0.0.1
ignore-auto-dns=true
After the change restart the unbound service and NetworkManager by issuing the command systemctl restart unbound and systemctl restart NetworkManager (depending the operating system, the command to restart network manager may vary).
To confirm that the DNS server is now 127.0.0.1, resolve example.org by issuing a command like:
dig a example.org +short
If the response is: 127.0.0.1, this means that the zone has been successfully overridden. Likewise, any internet domain can be overridden to resolve to a custom IP address.
Install and configure Postfix mail server
Postfix is both great and complicated enough piece of software that offers mailing server functionality. To install it:
sudo apt install postfix
Thankfully, not much configuration is required if configuring Postfix to function as a local only SMTP server.
During installation, Postfix will ask how it will be configured in the dialog box “General type of mail configuration”. Simply select “Local Only” and proceed to the next steps without changing the default options (if any).
The next step is to configure a “catch all” address - an email address that catches all the coming in messages and delivers them to a valid user on the host. For example, a mail that is sent to donotreply@example.org will be delivere to a.user@example.org if a catch-all address has been configured for the user account a.user. So, a user account is required.
To enable the above functionality, create the file /etc/postfix/virtual and include the following (it is assumed the example.org domain and the a.user are used - replace them accordingly if interested in configuring different accounts):
@example a.user
@example.org a.user
To instruct postfix to enable this functionality, edit /etc/postfix/main.cf and append the line:
virtual_alias_maps = hash:/etc/postfix/virtual
Update the Postfix lookup table by:
sudo postmap /etc/postfix/virtual
Restart the postfix service to load the new configuration:
sudo systemctl restart postfix
The Postfix server should be up and running! If the Postfix service does not load upon every boot, do systemctl enable postfix.
Access emails with Evolution mail client
To retrieve (read) emails from the local SMTP server, a mail client that offers the option to read and store emails to spool files is required. Evolution mail client (available on Debian and other distributions) checks the box.
To configure the account navigate to Edit -> Preferences -> (left side) Mail Accounts -> (right side) Add.
Identity tab:
- Full Name: the full name recipient will see the message came from
- E-mail address: sender’s email address recipient sees
- At the bottom of the window uncheck the “Look up mail server details based on the entered e-mail address
Receiving E-mail tab:
- Server Type: select “Standard Unix mbox spool file”
- Spool file: navigate to /var/spool/mail/<USERNAME>
Receiving Options tab:
- Nothing mandatory to change
Sending E-mail tab:
- Server Type: SMTP
- Sever: 127.0.0.1
- Port: 25
Account Summary tab:
- No changes are required, review the information
At this point, anyone should be able to send an email to any email address @example.org. The emails are delivered to a.user@example.org.
Acknowledgements
A special thanks to:
- @sadreck for inspiring this post
- raelgc for sharing the initial gist [1] of this post
- @Qutluch for relentless mentoring/brainstorming/troubleshooting
- all the developers that have developed the tools mentioned in this post - without the software they created and maitain we wouldn’t have been able to use the functionality the tools offer
References
[1] https://gist.github.com/raelgc/6031274
[2] https://www.nlnetlabs.nl/projects/unbound/about/
[3] https://www.postfix.org
[4] https://getgophish.com
[5] https://wiki.gnome.org/Apps/Evolution
tags: #random