Gophish documentation

How to set up a working SMTP Email Server for Phish Testing in 2022

Are you considering setting up your own phish testing campaign this year?

Social Engineering has grown into an even greater threat in 2022 and you’re thinking of ways to tackle it.

Yet mitigations that industry has put in place have made this harder than ever.


To get started you’ll need a few things.

You need a valid SMTP email server.

This can be challenging since most cloud providers block SMTP traffic.

You also need a dashboard to track, and analyze your social engineering findings.

This will allow you to watch progress and report back to the executive team.

Setting these up can take weeks of work plus testing, adding up to thousands of dollars in labor.


That’s why we’ve created this guide to show you how you can set up an SMTP server on hosting providers that don’t block SMTP.

By the end of this guide you’ll know how to configure and secure that server so it’s able to send messages.


Plus you’ll know how to warm the IP address the server is using so that messages deliver.

We’ll be using a tool called to assist in the mail server configuration.

We’ll also show you how to set up a phishing dashboard that you can use to track and analyze your findings.

We have a dashboard leveraging GoPhish on Amazon Web Services ready to launch.

You can turn this dashboard on and off as you need to manage and analyze your phish testing campaigns.

How to set up your SMTP Server

First off you’ll need to get a VPS from a provider that allows SMTP traffic.


That means Contabo, Hetzner, LunaNode, BuyVM, or Scaleway.


We’ll be using Contabo in this example.


  1. Create an account at Contabo with at least 4GB of RAM and 80 GB of storage space.
Configure contabo for SMTP Server

Click here to open up a Contabo VM with the settings pre-selected.


  1. You can choose the term that suits your use case.
Select contabo term length for smtp server

Our team uses monthly terms unless we have a longer use-case agreement for phish testing.


  1. Next you’ll want to choose a region that is closest to the organization you’ll be testing. 
Select the region for contabo

In this case, I’ll be using US East in Contabo.


  1. The VPS you use for hosting your SMTP server should have at least 4 GB of RAM and at least 80GB of storage space.
  1. Then you’ll want to choose the Operating System, select Ubuntu 20.04 to ensure compatibility.
Select the ubuntu operating system

6. Select a password that you’ll use for accessing your server via SSH. You can generate a strong password here:

Create a login for your server

Make sure to store this in a password manager like LastPass for future reference.


  1. Make sure that you’re allocated at least one public IP address!
Allocate a public IP address

8. You can leave the defaults for Addons and Server Quantity in Contabo.

leave the addons set to default on contabo
  1. After that you’ll have to login or create an account.


  1. Once you log in, pay the monthly fee for the service.


  1. After you pay, you’ll receive a confirmation email once your server is set up.


  1. Next we’ll log in to the server and begin setting up your SMTP server using
Set up server using

You’ll need to use the username (root) and the password you generated earlier to login to the server via SSH.

13. You can connect with your preferred SSH client, such as MobaXTerm or PuTTY.

connect to an ssh client

Once you’ve logged in to the server, you’ll want to navigate to and run the following steps:


  1. Install Docker Engine on your Ubuntu server using the instructions with the quickstart script here:
install docker engine on the ubuntu server

 curl -fsSL -o

 sudo sh


  1. You can also install Docker Engine using the following commands if the quickstart script doesn’t work for your Ubuntu distribution:

sudo apt-get update

sudo apt-get install \

    ca-certificates \

    curl \

    gnupg \


 curl -fsSL | sudo gpg –dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

 echo \

  “deb [arch=$(dpkg –print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \

  $(lsb_release -cs) stable” | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null    

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli docker-compose-plugin


  1. Verify Docker Engine is running with the following command which should output Hello World and then shutdown the Docker container: 

sudo docker run hello-world

17. Download and run the Dockerfile from from using the command below. set up

$ docker run \

    –net=host \

    -e TZ=America/ New_York \

    -v /your-data-dir/data:/data \

    –name “mailserver” \

    -h “” \

    -t analogic/


There are a few modifications you’ll want to make to this command:

  • -e TZ=America/ New_York Set timezone for correct datetime
  • -v /your-data-dir/data:/data Mounts data directory from host system. User database, emails, logs, all will end up in this directory for easy backup.
  • –name “mailserver Run as container with defined name
  • -h “” Hostname for your phish testing mail server will handle setting up the latest security measures, TLS, SPF, DKIM, and DMARC on your behalf.


  1. Use an IP Warming tool for at least 72 hours before phish testing campaigns.


Lemlist is $29/mo, and WarmupInbox is $9/mo, refer to IP Warming SOP for details.

IP warming

Please refer to our “How to Warm an IP” guide for IP warming considerations.

SOP: How to warm an IP for a new email server

  1. Track IP reputation using, or
Email Server blacklist check

20. Test mail server and email templates using to improve deliverability.

mail tester

How To Set Up Your Phish Testing Dashboard

21. Create or log in to your AWS Account


22. Visit the GoPhish marketplace listing

Gophish AWS listing

23. Start a free trial with the marketplace listing

Subscribe to Gophish

24. Accept the terms and provision a GoPhish server within your AWS account. If you’re creating a brand new account, Amazon will verify your account and sent you the verification by email.

Accept Gophish terms of use

25. Log in to your GoPhish dashboard using your username and instance ID.


26. Configure your Sending Profile to use your new SMTP server on Contabo.

SMTP Connection Details

  • host:
  • port: 465 (TLS required), 587 alternatively (STARTTLS required)
  • authentication required
  • username is whole email address


  • 27. Set up your first Campaign.


  • 28. Send your first Campaign

Have questions? You can see our GoPhish documentation here, or reach out to us for help at


  • host:
  • port: 465 (TLS required), 587 alternatively (STARTTLS required)
  • authentication required
  • username is whole email address


  • 27. Set up your first Campaign.


  • 28. Send your first Campaign

Have questions? You can see our GoPhish documentation here, or reach out to us for help at

Are You Ready To gophish?

Gophish documentation

Gophish documentation