How to spoof a MIME-level email address

Question

As a sysadmin, I need to send spoofed emails to ensure that the spoofing protection (DMARC, etc) is working.

I think Emkei's Fake Mailer can be used to send emails spoofed at the SMTP / 5321.MailFrom level but how does one send emails spoofed at the MIME / 5322.From level?

 

2018/10/30 11:45 update:

Upon further testing, I've tried using Steffen Ullrich's answer using 3 different recipient SMTP systems (The Email Laundry, Office 365, and https://www.mail-tester.com/) but it doesn't actually seem to work.

Sending domain name details:

• sendingsmtp.example:
  • SPF policy: v=spf1 ip4:1.2.3.4 -all
  • DMARC policy: None
• sendingmime.example:
  • SPF policy: v=spf1 ip4:5.6.7.8 -all
  • DMARC policy: None

 

PuTTY output:

220 miniRelay Server v0.9.77d ready
helo Test
500 Syntax Error
helo Test
250 Hello Test
mail from:test@sendingsmtp.example
250 test@sendingsmtp.example Address Okay
rcpt to:test@recipient.example
250 test@recipient.example Address Okay
data
354 Start mail input; end with <CRLF>.<CRLF>
from:"MIME Test" <test@sendingmime.example>
to:test@recipient.example
Subject: Test

Test email.
.
250 Ok

 

MiniRelay output when sending to The Email Laundry:

11:22:40 Command: MAIL FROM <test@sendingsmtp.example>
11:22:44 Command: RCPT TO <test@recipient.example>
11:23:10 [1] Looking for MX domain of recipient.example
11:23:10 [1] Connected with array1.theemaillaundry.net
11:23:11 [1] Sending message
11:23:12 [1] Error 5.7.1 <test@recipient.example>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=test@sendingmime.example;ip=1.2.3.4;r=test@recipient.example
11:23:12 [1] Connected with array1.theemaillaundry.net
11:23:13 [1] Error 5.7.1 <test@recipient.example>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=test@sendingmime.example;ip=1.2.3.4;r=test@recipient.example
11:23:13 [1] Connected with array1.theemaillaundry.net
11:23:13 [1] Error 5.7.1 <test@recipient.example>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=test@sendingmime.example;ip=1.2.3.4;r=test@recipient.example
11:23:13 [1] Connected with array2.theemaillaundry.net
11:23:14 [1] Sending message
11:23:14 [1] Error 5.7.1 <test@recipient.example>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=test@sendingmime.example;ip=1.2.3.4;r=test@recipient.example
11:23:14 [1] Connected with array2.theemaillaundry.net
11:23:15 [1] Error 5.7.1 <test@recipient.example>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=test@sendingmime.example;ip=1.2.3.4;r=test@recipient.example
11:23:15 [1] Connected with array2.theemaillaundry.net
11:23:16 [1] Error 5.7.1 <test@recipient.example>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=test@sendingmime.example;ip=1.2.3.4;r=test@recipient.example
11:23:16 [1] ERROR: 3 times retried, returning message

MiniRelay output when sending to Office 365 and https://www.mail-tester.com/:

11:30:55 Command: MAIL FROM <test@sendingsmtp.example>
11:31:11 Command: RCPT TO <test@recipient.example>
11:31:26 [3] Looking for MX domain of recipient.example
11:31:26 [3] Connected with recipient.example
11:31:26 [3] Sending message
11:31:26 [3] Message successfully sent

 

Office 365 authentication result headers:

Authentication-Results: spf=fail (sender IP is 1.2.3.4)
 smtp.mailfrom=sendingmime.example; recipient.example; dkim=none (message not
 signed) header.d=none;recipient.example; dmarc=none action=none
 header.from=sendingmime.example;compauth=fail reason=001

https://www.mail-tester.com/ SPF results:

[SPF] sendingmime.example does not allow your server 1.2.3.4 to use test@sendingmime.example

 

2018/10/30 12:10 update:

I suspected MiniRelay so I tried the same thing using hMailServer which worked fine.

PuTTY output:

220 hMailServer ESMTP
helo Test
503 Bad sequence of commands
helo Test
250 Hello.
AUTH LOGIN
334 VXNlcm5hbWU6
<Base64-encoded username>
334 UGFzc3dvcmQ6
<Base64-encoded password>
235 authenticated.
mail from:test@sendingsmtp.example
250 OK
rcpt to:test@recipient.example
250 OK
data
354 OK, send.
from:"MIME Test" <test@sendingmime.example>
to:test@recipient.example
Subject: Test

Test email.
.
250 Queued (22.784 seconds)

 

Office 365 authentication result headers:

Authentication-Results: spf=pass (sender IP is 1.2.3.4)
 smtp.mailfrom=sendingsmtp.example; recipient.example; dkim=none (message not signed)
 header.d=none;recipient.example; dmarc=none action=none
 header.from=sendingmime.example;compauth=fail reason=001

https://www.mail-tester.com/ SPF results:

[SPF] Your server 1.2.3.4 is authorized to use test@sendingsmtp.example

 

2018/10/30 12:22 update:

Free SMTP Server (http://www.softstack.com/freesmtp.html) seems to be a decent, free, local / portable replacement for MiniRelay that works correctly in this regard.

Answer 1

You can for example use telnet and speak the SMTP protocol:

> shell-prompt$ telnet some.mail.server 25
< 220 some.mail.server welcome
> helo its.me
< 250 ...
> mail from: sender@to.spoof
< 250 ...
> rcpt to: recipient..
< 250 ...
> data
< 354 ...
> Subject: some fake mail
> From: sender@to.spoof
> To: recipient
> 
> some mail body
> .
< 250 ok

Or you could use swaks:

swaks --to recipient --from sender@to.spoof

Or you could the SMTP library for the programming language of your choice to implement it: languages like Python, Perl, Ruby, ... all have libraries which let you do such things easily.