mirror of https://github.com/MISP/mail_to_misp
introduction of fake-smtp
parent
c351d5e821
commit
10e1e5802e
|
@ -0,0 +1,36 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
try:
|
||||||
|
configfile = os.path.basename(sys.argv[0]).split(".py")[0] + "_config"
|
||||||
|
except Exception as e:
|
||||||
|
print("Couldn't locate config file {0}".format(configfile))
|
||||||
|
sys.exit(-1)
|
||||||
|
try:
|
||||||
|
import smtpd
|
||||||
|
import asyncore
|
||||||
|
import subprocess
|
||||||
|
config = __import__(configfile)
|
||||||
|
except ImportError as e:
|
||||||
|
print("(!) Problem loading module:")
|
||||||
|
print(e)
|
||||||
|
sys.exit(-1)
|
||||||
|
|
||||||
|
smtp_addr = config.smtp_addr
|
||||||
|
smtp_port = config.smtp_port
|
||||||
|
binpath = config.binpath
|
||||||
|
|
||||||
|
print("Starting Fake-SMTP-to-MISP server")
|
||||||
|
|
||||||
|
class CustomSMTPServer(smtpd.SMTPServer):
|
||||||
|
def process_message(self, peer, mailfrom, rcpttos, data):
|
||||||
|
print('Receiving message from: {0}'.format(peer))
|
||||||
|
print('Message addressed from: {0}'.format(mailfrom))
|
||||||
|
print('Message addressed to : {0}'.format(rcpttos))
|
||||||
|
print('Message length : {0}'.format(len(data)))
|
||||||
|
subprocess.call([binpath, data])
|
||||||
|
return
|
||||||
|
|
||||||
|
server = CustomSMTPServer((smtp_addr, smtp_port), None)
|
||||||
|
|
||||||
|
asyncore.loop()
|
|
@ -10,6 +10,16 @@ nameservers = ['149.13.33.69']
|
||||||
email_subject_prefix = b'M2M - '
|
email_subject_prefix = b'M2M - '
|
||||||
attach_original_mail = True
|
attach_original_mail = True
|
||||||
|
|
||||||
|
# Paths (should be automatic)
|
||||||
|
bindir = os.path.dirname(os.path.realpath(__file__))
|
||||||
|
cfgdir = os.path.dirname(os.path.realpath(__file__))
|
||||||
|
scriptname = 'mail_to_misp.py'
|
||||||
|
binpath = os.path.join(bindir, scriptname)
|
||||||
|
|
||||||
|
# for the SPAM trap
|
||||||
|
smtp_addr = "127.0.0.1"
|
||||||
|
smtp_port = 25
|
||||||
|
|
||||||
excludelist = ('google.com', 'microsoft.com')
|
excludelist = ('google.com', 'microsoft.com')
|
||||||
externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net')
|
externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net')
|
||||||
internallist = ('internal.system.local')
|
internallist = ('internal.system.local')
|
||||||
|
|
Loading…
Reference in New Issue