How do I configure the email relay?

To send an email between servers, you'll need to configure an email relay using Simple Mail Transfer Protocol (SMTP). Once you've provided Metasploit Pro with the SMTP settings for your mail server, you'll be able to build your phishing campaign.

Setting up SMTP for your mail server

Before you define the SMTP server, make sure that the port that your mail server uses is not blocked by the Metasploit instance. Generally, ports 25 and 587 are recommended SMTP ports.

If you intend to use the same mail server to send emails from Metasploit Pro, then you should set up your mail server through the global settings. After you globally define the SMTP settings for your mail server, Metasploit Pro will automatically fill the mail server information for your campaign.

  1. Go to Configure Email Server under Administration > Global Settings, not in the campaign itself.
  2. Enter the following information to configure your SMTP settings:
    • Address - The fully qualified mail server address (e.g., mail.domain.com).
    • Port - The port that the mail server runs on.
    • Domain - The hosted domain name for your mail server (e.g., domain.com)
    • Username - The username that the system uses to authenticate the mail server.
    • Password - The password that the system uses to authenticate the mail server.
    • Authentication - The authentication type that the mail server uses.
  3. Click the Update Settings button.

Is it possible to use servers from Google, Yahoo, or other email service providers?

Yes. The mail server can be provided by anyone, you'll just need the information listed in Step 2 to set up your email relay.

What are some restrictions that may prevent me from using my mail server to send email through Metasploit?

  • Reverse DNS - Your mail server performs reverse DNS checks and has rejected mail from Metasploit because it thinks that the email is spam. If this is the case, you need to use a mail server that has less restrictive checks for spam, malicious files, and any type of email abuse. Although these checks are in place to ensure that your email infrastructure is secure, they prevent you from sending emails from Metasploit Pro.
  • Blocked SMTP port - The port that you are using to send mail is blocked. The most common port used to send mail is port 25. If this port is blocked, try ports 465, 587, or 2525.
  • Unable to authenticate login - The mail server is unable to authenticate the login. Check the authentication type configured for your mail server. By default, Metasploit uses the plain auth type.

Why isn't my mail server sending emails?

To troubleshoot this issue, you need to take a look at the task log. To access the task log, click the Tasks tab. Find the campaign task and click on the task name. When the task log appears, search for any text highlighted in red.

Any red text indicates that Metasploit encountered an error while processing the task. Errors like “Server refused our mail” indicates an issue with the mail server being able to authenticate the login or send the email.

Does Metasploit provide an MTA (Message Transfer Agent)?

No, Metasploit does not provide a message transfer agent. You will need to provide Metasploit with the credentials and SMTP settings for a locally hosted mail server or an SMTP relay service.

How do I configure the email relay?