MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #58 from SteveClement/main

pull/62/head
Steve Clement 2021-09-30 13:54:03 +09:00 committed by GitHub
parent b5e6515e05 35683e8bbe
commit c95bd8b681
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -13,7 +13,7 @@ python:
- "3.8-dev"
install:
- pip install poetry
- pip install poetry chardet
- poetry install -E fileobjects -E openioc -E virustotal -E docs -E pdfexport -E email
- git submodule init
- git submodule update

11
README.md
View File

@ -1,4 +1,4 @@
[![Build Status](https://travis-ci.com/MISP/mail_to_misp.svg?branch=main)](https://travis-ci.com/MISP/mail_to_misp)
[![Build Status](https://app.travis-ci.com/MISP/mail_to_misp.svg?branch=main)](https://app.travis-ci.com/MISP/mail_to_misp)
[![codecov](https://codecov.io/gh/MISP/mail_to_misp/branch/main/graph/badge.svg)](https://codecov.io/gh/MISP/mail_to_misp)
# mail_to_misp
@ -100,11 +100,12 @@ You should now be able to send your IoC-containing mails to misp_handler@YOURDOM
#### Bonus: Fake-SMTPD spamtrap
If you want to process all incoming junk mails automatically and collect the contained information in a (separate?) MISP instance, you could use the fake_smtp.py script. It listens on port 25, accepts all mails and pushes them through mail_to_misp to a MISP instance.
If you want to process all incoming junk mails automatically and collect the contained information in a separate throw-away MISP instance, you could use the fake_smtp.py script. It listens on port 25, accepts all mails and pushes them through mail_to_misp to a MISP instance.
It can also be configured to listen on an SSL port. (465)
1. Configure mail_to_misp_config.py
2. ln -s mail_to_misp_config.py fake_smtp_config.py
2. cp mail_to_misp_config.py fake_smtp_config.py
3. Make port 25 accessible to normal users
@ -172,10 +173,10 @@ Obviously, you would like to filter mails based on subject or from address and p
### The easy way
```bash
(sudo) pip install (--user) poetry
pip install --user poetry
# Install other python requirements
poetry install
poetry install -E fileobjects -E openioc -E virustotal -E email -E url
# Test if the script is working
./mail_to_misp.py -h

2
tests/config_carrier.py
View File

@ -44,7 +44,7 @@ sighting_source = "YOUR_MAIL_TO_MISP_IDENTIFIER"
# Remove "Re:", "Fwd:" and {Spam?} from subject
# add: "[\(\[].*?[\)\]]" to remove everything between [] and (): i.e. [tag]
removelist = (r'Re:', r'Fwd:', r'\{Spam?\}')
removelist = (r'Re:', r'Fwd:', r'\{Spam\?\}')
# TLP tag setup
# Tuples contain different variations of spelling