TKCERT · jrunu · Jul 24, 2023
diff --git a/mail-tester.py b/mail-tester.py
@@ -81,7 +81,8 @@ def convert_arg_line_to_args(self, line : str):
 argparser.add_argument("--log", "-L", help="Test result log in CSV format")
 argparser.add_argument("--output", "-o", help="Dump tests into files in this path. By default one plain file is created per message. Further formats can be created by usage of --mbox and --maildir.")
 argparser.add_argument("--backconnect-domain", "-b", default="localhost", help="Domain that is used for test cases where a communication backchannel is required. This should be a domain that allows the recognition of DNS queries.")
-argparser.add_argument("--spoofed-sender", "-F", help="Mail address used for testing of internal sender spoofing from the Internet. If this is not set, the first recipient address is used.")
+argparser.add_argument("--spoofed-sender", "-F", default=None, help="Mail address used for testing of internal sender spoofing from the Internet. If this is not set, the first recipient address is used.")
+argparser.add_argument("--spoofed-sender-list", default=None, help="File to read emails from for testing internal sender spoofing. See --spoofed-sender")
 argparser.add_argument("--blacklist", "-B", action=BlacklistArgumentParser, default=list(), nargs="+", help="Files containing black lists. One mail address per line. Entries beginning with @ are prepended with local part 'test'.")
 argparser.add_argument("--spam-folder", "-j", nargs="+", default=list(), help="Folder with spam messages in EML format")
 argparser.add_argument("--malware-folder", "-w", default=list(), nargs="+", help="Folder with malware samples that are sent as attachment")

diff --git a/tests/impostor.py b/tests/impostor.py
@@ -87,16 +87,19 @@ class LocalSenderTest(MailTestBase):
     name = "Spoofed Sender Address"
     description = "Mail with internal sender address sent from the Internet"
 
-    subject = "Spoofed Sender"
+    subject = "Spoofed Sender from {}"
     body = "This is s test mail with spoofed sender address"
 
     def generateTestCases(self):
-        if self.args.spoofed_sender is None:
-            spoofed_sender = self.recipient
+        if self.args.spoofed_sender:
+            spoofed_senders = [self.args.spoofed_sender]
+        elif self.args.spoofed_sender_list:
+            spoofed_senders = open(self.args.spoofed_sender_list).readlines()
         else:
-            spoofed_sender = self.args.spoofed_sender
+            spoofed_senders = [self.recipient]
 
-        msg = MIMEText(self.body)
-        msg["Subject"] = self.subject
-        msg["From"] = spoofed_sender
-        yield msg
+        for spoofed_sender in spoofed_senders:
+            msg = MIMEText(self.body)
+            msg["Subject"] = self.subject.format(spoofed_sender)
+            msg["From"] = spoofed_sender
+            yield msg