Merge branch 'master' of https://github.com/rommelfs/mail_to_misp

README.md

@@ -26,11 +26,15 @@ For the moment, the implemented workflow is:
 
 1. Apple Mail
 
-`Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
+`Email -> Apple Mail -> Mail rule -> AppleScript -> mail_to_misp -> PyMISP -> MISP`
 
 2. Mozilla Thunderbird
 
-`Email -> Thunderbird -> Mail rule -> filterscript -> thunderbird_wrapper -> python script -> PyMISP -> MISP`
+`Email -> Thunderbird -> Mail rule -> filterscript -> thunderbird_wrapper -> mail_to_misp -> PyMISP -> MISP`
+
+3. Postfix and others
+
+`Email -> mail_to_misp`
 
 ## Installation
 
@@ -81,6 +85,20 @@ pythoncom.PumpMessages()
 
 Obviously, you would like to filter mails based on subject or from address and pass subject and body to mail_to_misp.py in order to do something useful. Pull-requests welcome for actual implementations :) 
 
+### Postfix (or other MTA)
+
+1. Setup a new email address in the aliases file (e.g. /etc/aliases) and configure the correct path:
+
+`misp_handler: "|/path/to/mail_to_misp.py"`
+
+2. Rebuild the DB:
+
+`$ sudo newaliases`
+
+3. Configure mail_to_misp_config.py
+
+You should now be able to send your IoC-containing mails to misp_handler@YOURDOMAIN.
+
 
 ## Requirements
 

mail_to_misp_config.py-example

@@ -4,7 +4,7 @@ misp_url = 'YOUR_MISP_URL'
 misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web interface under the automation section
 misp_verifycert = True
 
-debug = True
+debug = False
 debug_out_file = '/tmp/mail_to_misp-debug.txt'
 nameservers = ['149.13.33.69']