sending a mail with fake „from:“ to dwaves.de

telnet dwaves.de 25
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
220 dwaves.de ESMTP Exim 4.84_2 Mon, 31 Jul 2017 11:41:29 +0200
EHLO SMTP.example.net
250-dwaves.de Hello hsi-kbw-5-158-158-169.hsi19.kabel-badenwuerttemberg.de [5.158.158.169]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
MAIL FROM: test@test.com
250 OK
RCPT TO: admin2@dwaves.de
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
Subject: Testmail

This is the body of the mail.
.
250 OK id=1dc7Db-000757-Dj

QUIT
221 dwaves.de closing connection

if you get: „530 Authentication required“

you will have to login with Base64 encoded username and password first…

if you get:

AUTH LOGIN
530 Must issue a STARTTLS command first
openssl s_client -starttls smtp -connect smtp.gmail.com:587

CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = smtp.gmail.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgDCCA2igAwIBAgIIBXQdGfG3zUIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTcwNzE5MTEzMDAwWhcNMTcxMDExMTEzMDAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbkt94
OcE9EU+nC8hq7PVrA1BPMeeV/AD35C5PcC6Lj+BoLQl0U/cOxHEjrvyhEr23eSq7
A2g+D+TCx2CaHZ79oD/WoIl03lbx6OvrdQpTAbvT8/N8x7p4Y0XNd0wPi2rYUVvt
wZYDg7m9SztxkXip2I/eJ863ZBlcFNZSq9AOYv1HoW6NMwgOEf5f5zy6Xbb3taQd
OoGrA4psCk29AC2uQMFkl7as5Kzl6pVaNWEtgBQAekYzG2nQQU+h6hkl8D0vetpN
OPOiYC+Jt2q7IqQiIprrTAmme71YChk2ynQ7U7+3SwDFY2KBuckyxHQFcJQox2eo
vyP8zFQp3iOb/tdzAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBQAovwq+KOEMnjaPE5LEcPQQzFfCjAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW
eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n
bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAgFaV1aZ6ii3HEw+Y
FvMV1Ng5wXM8ogbSWn2ZYtK3JEjo766YlHAAq1Fs+ki4FtOEDp6/+SwDHZeQXRe5
swMtkQD6L+BCFE+bfKpPXGSn51SavY2/q9OyaSjQG5Vg5IiNYpH4h4757cB/gs5f
ePq0anTa5nkVeue71XVZ1D1dMpnk+n+F5hTzC7NHIYCrJh1oeCA4mp3ZZOG/WmeT
TVM4//xafs4lw5seHhil+AJlBcvnCUQwcNC9aO6DFjynqG+eTWFxF+l+rfRiiOBA
TzaDVc6cNsH/mSm+3WcPegI+A3vHWmbJdkKQy9gDfV3LBEy9DDC65foYmsjHqLaq
4W6Clg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4083 bytes and written 408 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 60241281660C541C094A1CBA63BA0BE6F171597370C6D87FE4BA53C81A0500B9
    Session-ID-ctx:
    Master-Key: 941CFEC2C3A8A320BEE89E0EE6CCDACEDEB02BC1926663726C85598DA8E391E320ED4FCD2CF9BA1AA521FEA6526BA768
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 96 08 f0 64 1a 5f 10-09 02 e1 59 99 37 01 5d   ....d._....Y.7.]
    0010 - a3 f4 52 e4 38 88 08 14-04 29 b0 e4 74 47 fe 33   ..R.8....)..tG.3
    0020 - d9 d8 19 b5 99 a9 79 b0-79 f8 8b d6 87 1b 9d 76   ......y.y......v
    0030 - d1 68 48 86 25 5c 4c b0-9d 49 da b6 07 5a a0 e6   .hH.%\L..I...Z..
    0040 - b3 28 34 72 ad b7 e6 fc-1e 4b 82 62 d6 52 f5 02   .(4r.....K.b.R..
    0050 - 89 37 10 d3 a0 c3 b6 03-e4 c0 34 4c ad 45 09 26   .7........4L.E.&
    0060 - 73 14 ba f7 9e ee da c5-15 e9 01 03 8c 97 3a 21   s.............:!
    0070 - 92 15 3c ca 3d 72 eb 71-35 fa 0f f8 0f 7f c6 77   ..<.=r.q5......w
    0080 - 57 41 ab fc 53 71 62 52-b5 6d 7e db b5 a8 d7 28   WA..SqbR.m~....(
    0090 - 65 e2 86 e6 aa 4d ee 23-7b 21 3a 26 81 c3 e1 07   e....M.#{!:&....
    00a0 - 01 ec 7d 36 2f 25 c5 ee-e9 e4 f3 b0 6b 46 b5 be   ..}6/%......kF..
    00b0 - 2b 2a 56 2f 9d fb 09 ac-7f e0 9d 0d ee 22 05 64   +*V/.........".d
    00c0 - 59 c1 16 df 22 03 e4 0e-90 7d dc db b5 44 0b 5e   Y..."....}...D.^
    00d0 - 6f a5 b9 5f 6d                                    o.._m

    Start Time: 1501495890
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 SMTPUTF8
EHLO test.domain.com
250-smtp.gmail.com at your service, [5.158.158.169]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8

Links:

https://debian-administration.org/article/280/HowTo_Setup_Basic_SMTP_AUTH_in_Exim4

admin