Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent spoof mail #40

Open
fadedshadowx opened this issue Oct 30, 2020 · 0 comments
Open

Prevent spoof mail #40

fadedshadowx opened this issue Oct 30, 2020 · 0 comments
Labels
Feature request

Comments

@fadedshadowx
Copy link

fadedshadowx commented Oct 30, 2020
edited
Loading

You should add additional attributes to your code.

I've just send email with spoofed sender and look for the header:

Webklex\PHPIMAP\Header {#671 ▼
  +raw: b"""
    Return-Path: <real_sender@sender_domain.pl>
    Delivered-To: receipent@receipent_domain.pl
    Received: from h2.server.pl
    \tby h2.server.pl with LMTP
    \tid 4IDTIEUkm18ZSSkA87l24w
    \t(envelope-from <real_sender@sender_domain.pl>)
    \tfor <receipent@receipent_domain.pl>; Thu, 29 Oct 2020 21:21:25 +0100
    Return-path: <real_sender@sender_domain.pl>
    Envelope-to: receipent@receipent_domain.pl
    Delivery-date: Thu, 29 Oct 2020 21:21:25 +0100
    Received: from sender_domain.pl ([server ip])
    \tby h2.server.pl with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    \t(Exim 4.94)
    \t(envelope-from <real_sender@sender_domain.pl>)
    \tid 1kYEQG-00BPgD-S0
    \tfor receipent@receipent_domain.pl; Thu, 29 Oct 2020 21:21:25 +0100
    Received: by sender_domain.pl (Postfix, from userid 1000)
    \tid 57DADAB; Thu, 29 Oct 2020 21:21:23 +0100 (CET)
    DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sender_domain.pl; s=default;
    \tt=1604002883; bh=CsZufJouWdjY/W12No6MSSMwbp0VaS8EOMGg9WptEaI=;
    \th=From:To:Subject:Date;
    \tb=v0NAncnNT/w+gInANxAkMt20ktM4LZquuwlokUmLpPyO3++8dy112olu63Dkn9L2E
    \t GwfHGqW+8f7g494UK6asUKqTx8fHxlEJbHqAiEV5QrlynSeZDFXsKvGDW8XNMFBKop
    \t sAjvp8NTUiNcA4MTbFaZ7RX15A/9d9QVEynU8MaNP2ZYKnq9J/JXgUjjMnx+FiULqf
    \t xJN/5rjwHRx7f6JQoXXUxuck6Zh4tSDiLLnDFasrSxed6sTNfnZMAggCyb1++estNk
    \t q6HNBwp85Az3ELo10RbBF/WM2FhxxFz1khncRtCyLXLUZ2lzhjan765KXpeYg7FUa9
    \t zItPWVTaTzTEg==
    From: faked_sender@sender_domain.pl
    To: receipent@receipent_domain.pl
    Subject: Zly from
    Message-Id: <20201029202123.57DADAB@sender_domain.pl>
    Date: Thu, 29 Oct 2020 21:21:01 +0100 (CET)
    Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on server ip, -10 Spam score
    SPFCheck: Server passes SPF test, -30 Spam score
    X-DKIM: signer='sender_domain.pl' status='pass' reason=''
    DKIMCheck: Server passes DKIM test, -20 Spam score
    X-Spam-Score: -0.2 (/)
    """
  #attributes: array:25 [▼
    "from" => array:1 [▼
      0 => {#674 ▼
        +"mailbox": "faked_sender"
        +"host": "sender_domain.pl"
        +"personal": false
        +"mail": "faked_sender@sender_domain.pl"
        +"full": "faked_sender@sender_domain.pl"
      }
    ]
    "to" => array:1 [▼
      0 => {#673 ▼
        +"mailbox": "receipent"
        +"host": "receipent_domain.pl"
        +"personal": false
        +"mail": "receipent@receipent_domain.pl"
        +"full": "receipent@receipent_domain.pl"
      }
    ]
    "reply_to" => array:1 [▼
      0 => {#675 ▼
        +"mailbox": "faked_sender"
        +"host": "sender_domain.pl"
        +"personal": false
        +"mail": "faked_sender@sender_domain.pl"
        +"full": "faked_sender@sender_domain.pl"
      }
    ]
    "sender" => array:1 [▼
      0 => {#676 ▼
        +"mailbox": "faked_sender"
        +"host": "sender_domain.pl"
        +"personal": false
        +"mail": "faked_sender@sender_domain.pl"
        +"full": "faked_sender@sender_domain.pl"
      }
    ]
    "subject" => "Bad from example"
    "message_id" => "20201029202123.57DADAB@sender_domain.pl"
    "date" => Carbon\Carbon @1604002861 {#677 ▶}
    "return-path" => "<real_sender@sender_domain.pl>"
    "delivered-to" => "receipent@receipent_domain.pl"
    "received" => "by sender_domain.pl (Postfix, from userid 1000) id 57DADAB"
    "envelope-to" => "receipent@receipent_domain.pl"
    "delivery-date" => "Thu, 29 Oct 2020 21:21:25 +0100"
    "dkim-signature" => array:9 [▶]
    "message-id" => "<20201029202123.57DADAB@sender_domain.pl>"
    "forward-confirmed-reversedns" => "Reverse and forward lookup success on server ip, -10 Spam score"
    "spfcheck" => "Server passes SPF test, -30 Spam score"
    "x-dkim" => "signer='sender_domain.pl' status='pass' reason=''"
    "dkimcheck" => "Server passes DKIM test, -20 Spam score"
    "x-spam-score" => "-0.2 (/)"
    "x-spam-report" => array:21 [▶]
    "spamtally" => "Final spam score: -61"
    "toaddress" => "receipent@receipent_domain.pl"
    "fromaddress" => "faked_sender@sender_domain.pl"
    "reply_toaddress" => "faked_sender@sender_domain.pl"
    "senderaddress" => "faked_sender@sender_domain.pl"
  ]
  #config: array:9 [▶]
  +fallback_encoding: "UTF-8"
}

Atrribute sender detected fake data.
Maili server detected in Return-Path and envelope-from position real sender. In attributes envelope-from doesn't exist. Can you add this?

https://en.wikipedia.org/wiki/Email_spoofing

"webklex/php-imap": "^2.2",
php 7.4.11
debian 9.13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Webklex @fadedshadowx