E-mail is a forensic challenge that was part of the MetaRed CTF 2022 (5th STAGE). The description says:

Our users received a phishing email.

The email requires change the password. Help us to find out which is the original account where the phishing was sent.

Flag{xxx@yyy.zz}

and we are given a file called correo.

File

$ file correo
correo: RFC 822 mail, ASCII text, with very long lines (8230), \
    with no line terminators

Solution

To solve this challenge, it would be useful to add some line breaks to the file. We can do this with sed by adding one for each space:

$ sed 's/ /\n/g' correo > correo_with_linebreaks

Now we can look for something like mailfrom in the new file with grep:

$ grep -i mailfrom correo_with_linebreaks
smtp.mailfrom=cinecafes.com;

The final step is to find the email address:

$ grep -i cinecafes.com correo_with_linebreaks | grep @
<franchise.enquiry@cinecafes.com>)
franchise.enquiry@cinecafes.com
franchise.enquiry@cinecafes.com
franchise.enquiry@cinecafes.com

Flag

The flag is “flag{franchise.enquiry@cinecafes.com}”.