Mail Server side Configuration

One of the highlights of our testing logic is that it doesn't require you to widen your attack vector by enabling legacy protocols such as POP3 or IMAP or create additional users and divulge credentials. The use of redirection, forwarding, or a replying rule together with SMTP/TLS removes the need.

Microsoft Exchange

There are a few approaches that can be used to configure DIGIT ERT for Microsoft Exchange environments.

Mailbox Rule Method
Configuring a mailbox rule to forward or redirect messages can be accomplished via Outlook or Outlook Web Access. This method allows you to use an existing mailbox, however will require some form of periodic maintenance to delete received messages as permanently deleting messages cannot be accomplished though server side rules alone

Note: This is the recommended method as it most closely simulates Exchange message flow. Additionally, this method allows you to configure a monitor for each Storage Group you wish to monitor.

  1. Open Outlook or OWA (must be in Internet Explorer for access to rules)
  2. In Outlook -> Manage Rules and Alerts,
  3. Create the following a rule for OWA -> Options ->Create an Inbox rule
  4. - Apply this rule after Messages arrive
  5. - From ert-send@digitconsulting.net
  6. - Redirect it to ert@digitconsulting.net
  7. - Delete it
  8. In Exchange Management Console create a new Remote Domain for digitconsulting.net in the Exchange Management Console under Oganisation Transport
  9. Ensure the digitconsulting.net domain is configured to allow Automatic Forwarding or Automatic Replies to emails.

 

The following PowerShell commands can be run with the Exchange Snap-in to allow redirection of the ERT emails using a Remote Domain policy.

New-RemoteDomain -Name 'Allow Redirection for DIGIT ERT' -DomainName 'digitconsulting.net'

Set-RemoteDomain -AutoReplyEnabled $true -AutoForwardEnabled $true -Identity 'Allow Redirection for DIGIT ERT'

The following PowerShell commands can be run with the Exchange Snap-in to configure an Outlook Rule to redirect emails back to the ERT system.

New-InboxRule -name "ERT Redirection Rule" -Mailbox "MAILBOX_USED_FOR_ERT" -RedirectTo ert@digitconsulting.net -From ert-send@digitconsulting.net -DeleteMessage $true

The following PowerShell script can be run with the Exchange Snap-in on a recurring schedule to delete ERT messages that remain in the your mailbox after redirection (Note this does not happen / is not required if you use the transport rule approach above).

New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "MAILBOX_USED_FOR_ERT"

Search-Mailbox -Identity "MAILBOX_USED_FOR_ERT" -SearchQuery From:ert-send@digitconsulting.net -DeleteContent -Confirm:$false

Exchange Transport Rule Method
This method is configured directly in the Exchange System Manager but requires a little more exchange experience as we need to configure an Exchange Transport Rule.

Warning: Unlike the Mailbox Rules method detailed below, this redirection method doesn't actually deliver ERT messages to your Exchange Server's Storage Groups and therefore doesn't truly test mail-flow like your users would experience. Eg messages will continue to be redirected if a Storage Group is dismounted.

  1. Create an alias for the address which you will be receiving ERT emails to. This can be on any utility mailbox and only serves to allow inbound address validation.
  2. Configure an Active Directory contact with the address ert@digitconsulting.net (this is required for all versions prior to Exchange 2010)
  3. Create a new Transport Rule under Hub Transport
  4. Choose mail coming in from "people" and change that field to "external address" and type in the email address ert-send@digitconsulting.net
  5. Then choose to forward to a particular person/address and choose the right contact that you created in step 1.
  6. Create a new Remote Domain for digitconsulting.net in the Exchange Management Console under Oganisation Transport
  7. Ensure the digitconsulting.net domain is configured to allow Automatic Forwarding or Automatic Replies to emails.

The following PowerShell commands can be run with the Exchange Snap-in to configure the Transport Rules and ERT mail redirection.

New-TransportRule -Name 'DIGIT ERT Redirection' -Comments 'Used to redirect email from DIGIT Email Round Trip' -Priority '0' -Enabled $true -From 'ert-send@digitconsulting.net' -RedirectMessageTo 'ert@digitconsulting.net' -DeleteMessage $false

New-RemoteDomain -Name 'Allow Redirection for DIGIT ERT' -DomainName 'digitconsulting.net'

Set-RemoteDomain -AutoReplyEnabled $true -AutoForwardEnabled $true -Identity 'Allow Redirection for DIGIT ERT'

Exchange Mailbox Redirection Method
This method is configured directly in the Exchange System Manager and utilizes the Mailbox redirection feature. One benefit of this configuration type is the ability not to store messages locally, thus removing the need to perform any mailbox maintenance. However, one drawback is that it requires a dedicated mailbox and potentially an additional license if you use an external mail filtering product (Note: MS licensing makes allowance for administrative accounts and mailboxes).

Warning: Unlike the Mailbox Rules method detailed below, this redirection method doesn't actually deliver ERT messages to your Exchange Server's Storage Groups and therefore doesn't truly test mail-flow like your users would experience. Eg messages will continue to be redirected if a Storage Group is dismounted.

  1. Create a Mail Contact using the Exchange Management Console
  2. Expand Recipient Configuration | Mail Contact
  3. In the Action pane, click New Mail Contact
  4. To create a new Contact object, leave the default (New Contact) selected | click Next
  5. Type First name, Last name (DIGIT, ERT)
  6. Click Edit to add the external email address of ert@digitconsulting.net
  7. Click New to complete creation of new Mail Contact
  8. Configure Mailbox re-direction in Exchange Management Console
  9. Expand Recipient Configuration | Mailbox | select mailbox | properties | Mail Flow Settings tab | Delivery Options
  10. Under Forwarding address, select Forward to
  11. Click Browse to select the Mail Contact you created in step 1.
  12. Uncheck Deliver messages to both Forwarding Address and Mailbox
  13. Create a new Remote Domain for digitconsulting.net in the Exchange Management Console under Oganisation Transport
  14. Ensure the digitconsulting.net domain is configured to allow Automatic Forwarding or Automatic Replies to emails.

The following PowerShell commands can be run with the Exchange Snap-in to create a Remote Domain policy to enable redirection.

New-RemoteDomain -Name 'Allow Redirection for DIGIT ERT' -DomainName 'digitconsulting.net'

Set-RemoteDomain -AutoReplyEnabled $true -AutoForwardEnabled $true -Identity 'Allow Redirection for DIGIT ERT'

Postfix or Sendmail

To forward all mail received to an alias (in the following example yourmailbox). Add an alias to your \etc\aliases file in the following format

yourmailbox: ert@digitconsulting.net

Don't forget to run newaliases to rebuild aliases.db and restart your MTA

If you want to forward only email received from ert-send@digitconsulting.net to ert@digitconsulting.com you should investigate using virtual address rewriting.

Useful Links