Creating the simple mail server for penetration testing
Sometimes, your penetration testing requires the assembly of various additional tools. For example, a mail server will be possible to send phishing emails to check employees for social engineering attacks. This mail server should be able to send messages from any address and generally ask a minimum of questions when sending. As such a server we will use Postfix.
Postfix is a free and open-source mail transfer agent that routes and delivers electronic mail.
To install Postfix, you run the command below
apt-get install postfix
Our server is already ready to work, but it’s better to add small restrictions for senders (especially if it is accessible from external networks).
Therefore, open the file /etc/postfix/main.cf and make some minor changes to it:
Firstly, you can change the system mail name in the line:
Next, change the list of networks from which the sender can send mail without authorization, listing the space between addresses and subnets:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
service postfix restart
The SMTP server is ready. It allows you to send mail to anyone, filtering the sender only by IP address, which allows you to use it to send emails in the framework of penetration testing.