Hi all,

I'm using TKLLAMP to run SPToolkit at my company. we have around 20k employees that I need to phish. I tried sending a campaign to 1000 users, but the would not send. I changed the group to 50 people and it sent. Changed it to 51 and no go. I looked into it a bit and found that a suggestion to change the default_destination_recipient_limit number in Postfix. The default was 50. I changed it to 1000 and still couldn't send more than 50 at a time. My boss wants all employees phished asap. With 20k employees, I'd have to make 400 mail groups. I really, really don't want to have to do that. Any suggestions for how I could get this working? What am I missing?

Thanks.

Troy

Forum: 
Jeremy Davis's picture

But did you restart it? As a general rule, adjustments to Linux services aren't applied until the services are restarted.

Otherwise I'm not sure. Perhaps there might be something useful in the logs (in /var/log)?

Yes, I rebooted several times.

The logs show:

NOQUEUE: reject: RCPT from mysmtpserver.mycompany.com[10.1.x.x]: 454 4.7.1 <www-data@myphishingserver.org>: Relay access denied; from=<www-data@myphishingserver.org> to=<www-data@myphishingserver.org> proto=ESMTP helo=<mysmtpserver.mycompany.com>

Troy

 

Jeremy Davis's picture

I just googled "NOQUEUE: reject: 454 RCPT from Relay access denied localhost" (FWIW 454 is the error code) and found a couple of links that suggest that you may need to tweak your postfix config a bit.

From what I can gather it appears that your config is not quite right for the way that you are trying to send mail. I think that you may need to add "myphishingserver.org" to 'mydestination' in your postfix/main.cf (and restart postfix).

By default 'mydestination' should look like this:

mydestination = localdomain, localhost, localhost.localdomain, localhost
TBH I would expect that if you have your server set up so that it was a member of the myphishingserver.org domain (i.e. edit /etc/hosts and /etc/hostname apporpriately) then it should probably just work (i.e. localhost.localdomain should map to servername.myphishingserver.org). Althogh perhaps my assumption is wrong?

Maybe just try adjusting it to look like this (and restart postfix):

mydestination = localdomain, localhost, localhost.localdomain, localhost, myphishingserver.org
Although like I said I have no idea really when it comes to postfix so if that still doesn't work I can only recommend that you google, fiddle, test, rinse, repeat until you get it to work. The only other option would be to read up on postfix config. The version included in v14.x appliances is v2.11.3

FYI a reboot isn't required; you just need to restart postfix:

service postfix restart

THe other thing that I have just realised is that you are sending as the www-data user. As of Debian Jessie (the basis of TurnKey v14.x) there are additional restrictions applied to system user accounts (such as the www-data user). Perhaps that is the issue? Maybe try sending as an alternate user and see if that works?

I hope some of that helps at least a little. Good luck with it and please post back on your progress. If you crack this I imagine that it will be very helpful for other users.

I tried reading through the postfix pages but it's a bit confusing to me. I'm no expert either, obviously. I had the mydestination set up with the defaults, but I just added the suggestions you made. I'll give it a try and see how it goes. Thanks for your help.

Troy

ps - just for clarification, when I reduce the list to 50 recipients, everything sends just fine and I don't get that error.

Jeremy Davis's picture

You are right, postfix is a bit of a pain to configure... However, I just read something interesting; apparently the "default_destination_recipient_limit" is probably not your issue. According to this page:
If an email message has more than $default_destination_recipient_limit recipients at the same destination, the list of recipients will be broken up into smaller lists, and multiple copies of the message will be sent.

Perhaps you could test that by lowering it (e.g. 20) and see if it sends 20 emails; then 20 more etc.

So maybe there is some other setting that is the cause of your troubles? THe link above might give you some other ideas to fiddle with?

A little more reading I discovered that error 454 is a "temporary" error (as opposed to a "permanent" one) so in combo with better understanding of what "default_destination_recipient_limit" does it made me think that perhaps the issue is actually something to do with the receiving mail server (i.e. MTA) blocking the mass email? Maybe it thinks it's being DDOSed with the flood of email? Maybe reducing the amount of emails sent at one time might help? Perhaps you should also check the log of your MTA? Although TBH I'm clutching at straws, I have no idea really...

FWIW whilst postfix config is a pain I found this page in the postfix docs about default config which might also be worth consultation.

Keep us posted on your progress (sorry about the bad pun).

Add new comment