5.6.1 Stand-alone PoC environment

Design

Components

images/inline/e50ecba43496b8b72e0c6b8dfd38aff2ca72c5f6.png

Traffic flow

images/inline/cef07a6325dcf149b545e9570145d710d0b6e168.png

Domains

We will have two domains in the examples below:

  1. the domain local as the organization internal domain, for inbound email traffic and

  2. the domain other as the external domain, for outbound email traffic.

images/inline/61a431d63cb0d774eb1fc4226379efe7611042a2.png

Direction

Inbound

images/inline/77694670498bd2879dc9d63aaeb138653ba227ab.png

Outbound

images/inline/ed299e5af5ce31ed76a873cc201f603f742140e5.png

Prerequisites

Host

Any of the components above may be deployed to different, or to the same host.

In the examples of this page all components will be deployed to the same host, thus localhost or 127.0.0.1 will be used as host address.

Web client

Any web client that is supported by MetaDefender Core and MetaDefender Email Gateway Security can be used.

We assume that the web client is pre-installed on the host.

Email client

In the examples of this page Microsoft Mail will be used

We assume that the email client is pre-instaled on the host.

Mail server

In the examples of this page hMailServer will be used (https://www.hmailserver.com/).

MetaDefender Core and MetaDefender Email Gateway Security

The latest available version will be used.

Setup

MetaDefender Core

Install MetaDefender Core following the instructions in 1. Quick Start with MetaDefender Core.

hMailServer

Installation

Step

Description

Screenshot

1

  1. Download hMailServer from https://www.hmailserver.com/download

  2. Verify the integrity of the downloaded package

 

2

Launch the installer

images/download/attachments/2978815/image2017-6-22_8-36-57.png

3

Accept the License Agreement

images/download/attachments/2978815/image2017-6-22_8-37-32.png

4

Select destination directory

images/download/attachments/2978815/image2017-6-22_8-38-34.png

5

Select components. Do select both Server and Administrative tools

images/download/attachments/2978815/image2017-6-22_8-39-3.png

6

Select database type (default)

images/download/attachments/2978815/image2017-6-22_8-46-16.png

7

Specify Start Menu folder

images/download/attachments/2978815/image2017-6-22_8-46-40.png

8

Create Administrator account

images/download/attachments/2978815/image2017-6-22_8-47-5.png

9

Finalize installation

images/download/attachments/2978815/image2017-6-22_8-47-27.png

Configuration

Step

Description

Screenshot

1

Start hMailServer Administrator

Select the Administrator account and click Connect

images/download/attachments/2978815/image2017-6-22_8-48-48.png

2

Click Add domain and start adding our two domains local and other according to the 149495854

images/download/attachments/2978815/image2017-6-22_8-50-31.png

images/download/attachments/2978815/image2017-6-22_9-26-47.png

3

In each of local and other domains create one-one account for email sending and receiving one and two respectively:

  1. Select Domains / local / Accounts in the left tree view and click Add...

    1. Create account for one according to the screenshot. Remember to specify a password.

  2. Select Domains / other / Accounts in the left tree view and click Add...

    1. Create account for two according to the screenshot. Remember to specify a password.

  1. images/download/attachments/2978815/image2017-6-22_9-31-53.png
  2. images/download/attachments/2978815/image2017-6-22_9-32-39.png

MetaDefender Email Gateway Security

Installation and configuration

Install and configure MetaDefender Email Gateway Security following the instructions in 1 Quick start with MetaDefender Email Gateway Security.

Security rules

Modify the rules created in the previous section according to the following.

Inbound

Tab

 

Filter

Relay

Field

Direction

Sender IP

Recipient domain or address

Server IP/Domain

Port

Value

INBOUND

blank

.+@local

127.0.0.1

25

Outbound

Tab

 

Filter

Relay

Field

Direction

Sender IP

Recipient domain or address

Server IP/Domain

Port

Value

OUTBOUND

blank

.+@.+

(or optionally .+@other)

127.0.0.1

25

Email traffic redirection

Skip 1.6 Email traffic redirection as the appropriate settings will be configured with the email client.

Email client

The same email client will be the source and the final destination of emails. As a consequence it will receive emails from hMailServer and send emails towards MetaDefender Email Gateway Security.

Configure the two accounts one and two in Microsoft mail:

Step

Description

Screenshot

1

Click Accounts / Add account

images/download/attachments/2978815/image2017-6-22_10-11-41.png

2

Select Advanced setup

images/download/attachments/2978815/image2017-6-22_10-12-3.png

3

Select Internet email

images/download/attachments/2978815/image2017-6-22_10-12-33.png

4

Configure the account one

images/download/attachments/2978815/image2017-6-22_10-29-43.png

5

Repeat the previous step for the account two

images/download/attachments/2978815/image2017-6-22_10-31-8.png

6

Send a test email

images/download/attachments/2978815/image2017-6-22_10-17-25.png

7

Check if the email pops up in MetaDefender Email Gateway Security

images/download/attachments/2978815/image2019-5-24_10-25-10.png

8

Check if the email arrives to the recipient

images/download/attachments/2978815/image2017-6-22_10-52-4.png

images/download/attachments/2978815/image2017-6-22_10-51-28.png

Sending emails programatically

Bulk emails

The following Perl example sends 100 outbound emails using the example settings above.

use strict;
use warnings;
 
use Email::Sender::Simple qw(sendmail);
use Email::Sender::Transport::SMTP;
use Email::Simple;
use Email::Simple::Creator;
 
my $smtpserver = '127.0.0.1';
my $smtpport = 10025;
 
my $transport = Email::Sender::Transport::SMTP->new(
{
host => $smtpserver,
port => $smtpport,
}
);
 
my $email = Email::Simple->create(
header => [
To => 'one@local',
From => 'two@other',
Subject => "bulk email",
],
body => 'This is the message',
);
 
for ( my $i = 0 ; $i < 100 ; $i++ ) {
sendmail( $email, { transport => $transport } );
sleep(int(rand(60)));
}

Infected email

The previous Perl example can be modified to be potentially identified by some of the scan engines as Eicar infected.

The Eicar test string is not copied into this document as text to avoid being identified as threat. Here only images are used instead.

Most probably the resulted Perl program can be saved in the filesystem with no problem.

The email sent by the program will, however, be blocked by some of the engines in MetaDefender Core.

Step

Description

Screenshot

1

Go to https://2016.eicar.org/86-0-Intended-use.html

 

2

Copy the Eicar test string

images/download/attachments/2978815/image2017-6-29_14-21-25.png

3

Append the Eicar test string to the end of the body text in the previous example

images/download/attachments/2978815/image2017-6-29_14-23-3.png