bvstone

Email Address Spoofing with MAILTOOL

Posted:

Email Address Spoofing with MAILTOOL

Now that a lot of our IBM i customers are moving to the cloud for their email servers (ie, Google, Microsoft Office 365, Godaddy, etc) we are finding that some "tricks" have been played up until now that just won't cut the mustard with these new email services.

The main trick we're seeing is that of email address "spoofing".  This means the FROM address you are specifying doesn't match the Account (AUTHUSER) parameter on the MAILTOOL command.

When using a cloud service you're required, in most cases, to provide an account ID and password.  In most cases this should match the FROM address (ie, FROMADDR should be the same as AUTHUSER).  

Examine this scenario:

You just set up your new cloud server through GMail.  You supply an account id of joe@yourcompany.com along with the associated password.  But, for the "from" address you specify "replytome@yourcompany.com".  With most cloud providers one of two things will happen:

  1. The "from" address will automatically get changed to the account id, overriding the specified "from" address.
  2. The email will not be delivered because the "from" address and the account ID do not match.

I ran a couple of examples and am including the results of the SMTP debug file created by MAILTOOL to show exactly how this works:

Test 1: Using GMail

​The following command was run to perform this test:

MAILTOOL TOADDR(bvstone@yahoo.com) FROMADDR(notme@bvstools.com) 
SUBJECT(Test) MESSAGE('Test Email') CONFIG('/bvstools/bvstools_test2.json') 
DEBUG(*YES)

The following configuration file settings were used:

{
	"variables": [
	{
		"name":"send_with_server_type",
		"default":"*MAILTOOL"
	},
	{
		"name":"mail_router",
		"default":"smtp.gmail.com"
	},
	{
		"name":"use_mail_router",
		"default":"*ONLY"
	},
	{
		"name":"use_ssl",
		"default":"*YES"
	},
	{
		"name":"smtp_port",
		"default":"465"
	},
	{
		"name":"smtp_auth_user",
		"default":"bvstone@bvstools.com"
	},
	{
		"name":"smtp_auth_password",
		"default":"*********"
	}	]
}

The resulting email headers are as follows:

From: bvstone@bvstools.com
X-Google-Original-From: notme@bvstools.com
MIME-Version: 1.0
To: bvstone@yahoo.com
Subject: Test

  As you can see, in the case of GMail the From address is overridden.  Google does add it's own header showing what actually was used as the From address, though.

Test 2:  Using Outlook and Office 365

​The following command was run to perform this test:

MAILTOOL TOADDR(bvstone@yahoo.com) FROMADDR(notme@outlook.com) 
SUBJECT(Test) MESSAGE('Test Email') 
CONFIG('/bvstools/bvstone_outlook_test.json') DEBUG(*YES)

The following configuration file settings were used:

{
	"variables": [
	{
		"name":"send_with_server_type",
		"default":"*MAILTOOL"
	},
	{
		"name":"mail_router",
		"default":"smtp-mail.outlook.com"
	},
	{
		"name":"use_mail_router",
		"default":"*ONLY"
	},
	{
		"name":"perform_mx_lookup",
		"default":"*NO"
	},
	{
		"name":"use_ssl",
		"default":"*TLS"
	},
	{
		"name":"smtp_port",
		"default":"587"
	},
	{
		"name":"smtp_auth_user",
		"default":"bvstone@outlook.com"
	},
	{
		"name":"smtp_auth_password",
		"default":"*************"
	}	]
}

The resulting email headers are as follows:

From: Brad Stone <bvstone@outlook.com>
To: "bvstone@yahoo.com" <bvstone@yahoo.com>
Subject: Test

So, as you can see the outlook also does allow the email through but again it updates the From address to the same as the account used.

I have also run into the following error from a customer trying to use a different From address and Office 365:

03/16/2016 17:06:07 <SMTP.OFFICE365.COM says:> 550 5.7.60 SMTP; Client does not have permissions to send as this sender

In this case it is pretty obvious what the error is.  Either this can't be done or somewhere in Office 365 there are settings to allow different senders for different accounts.

UPDATE:  Here is another example from Office 365:

<SMTP.OFFICE365.COM says:> 554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message Cannot submit message. 

In the end, it's best to set up accounts for email and use the appropriately instead of trying to take the quick and easy way out.  Normally this just results in spending 3 or 4 times more resources on the project that just doing it right the first time.

Feel free to contact us with any questions regarding these issues.  Thanks!

Brad
www.bvstools.com


Last edited 02/21/2019 at 15:00:41



Latest Posts:

What Objects Should I Omit from Replication to Ensure My License Keys Work on my HA/DR System? What Objects Should I Omit from Replication to Ensure My License Keys Work on my HA/DR System?
Posted by June 27, 2022
BVSTools >> BVSTools Software Discussion
GreenTools for Google Apps (G4G) v15.00 Now Offers Functions to Bypass Registration Command and BVSTools Landing Page GreenTools for Google Apps (G4G) v15.00 Now Offers Functions to Bypass Registration Command and BVSTools Landing Page
Posted by May 3, 2022
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
How Do I Switch From MAILTOOL Plus to GreenTools for Google or Microsoft Office 365? How Do I Switch From MAILTOOL Plus to GreenTools for Google or Microsoft Office 365?
Posted by April 18, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
PTFs Issued for SSL/TLS Issues PTFs Issued for SSL/TLS Issues
Posted by March 12, 2022
IBM Power Systems >> PTF Watch
Google Dropping Support for Google Dropping Support for "Less Secure Apps" May 30th, 2022. What Does This Mean for Your IBM i Email?
Posted by March 4, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Have You Installed a New Version of MAILTOOL and Now Things Are Acting Different?  Check the Command Defaults! Have You Installed a New Version of MAILTOOL and Now Things Are Acting Different? Check the Command Defaults!
Posted by February 28, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Using MAILTOOL Plus on V7R1, or Any OS Using TLS 1.1 or Older Using MAILTOOL Plus on V7R1, or Any OS Using TLS 1.1 or Older
Posted by January 27, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
BVSTools ILE Functions Being Updated to Remove Hashtag (#) from Function Names BVSTools ILE Functions Being Updated to Remove Hashtag (#) from Function Names
Posted by December 30, 2021
BVSTools >> BVSTools Announcements
GETURI v12.00 Released Removing Beginning # (Hashtag) From Function Names GETURI v12.00 Released Removing Beginning # (Hashtag) From Function Names
Posted by December 28, 2021
BVSTools >> BVSTools Announcements >> Get URI (GETURI) Specific Announcements
Is any of BVSTools Software Affected by the log4j exploit? Is any of BVSTools Software Affected by the log4j exploit?
Posted by December 20, 2021
BVSTools >> BVSTools Software Discussion
GreenTools for Microsoft Apps (G4MS) Updated to Allow Downloads, Deletes, and Sharing of Files GreenTools for Microsoft Apps (G4MS) Updated to Allow Downloads, Deletes, and Sharing of Files
Posted by December 17, 2021
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
SSL Handshake Errors with GETURI, MAILTOOL and GreenTools Products SSL Handshake Errors with GETURI, MAILTOOL and GreenTools Products
Posted by October 18, 2021
BVSTools >> BVSTools Software Discussion
MAILTOOL Updated to Retry Sending when GSK SSL Handshake Error 415 (GSK_ERROR_BAD_PEER) is Encountered MAILTOOL Updated to Retry Sending when GSK SSL Handshake Error 415 (GSK_ERROR_BAD_PEER) is Encountered
Posted by August 19, 2021
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
MAILTOOL Updated to Allow List-Unsubscribe and User Defined Headers MAILTOOL Updated to Allow List-Unsubscribe and User Defined Headers
Posted by August 13, 2021
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
AWS signing process in as400 AWS signing process in as400
Posted by August 13, 2021
Programming >> Web Programming

Reply




Copyright 1983-2020 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).