mirror of https://github.com/MISP/mail_to_misp
Merge pull request #58 from SteveClement/main
commit
c95bd8b681
|
@ -13,7 +13,7 @@ python:
|
||||||
- "3.8-dev"
|
- "3.8-dev"
|
||||||
|
|
||||||
install:
|
install:
|
||||||
- pip install poetry
|
- pip install poetry chardet
|
||||||
- poetry install -E fileobjects -E openioc -E virustotal -E docs -E pdfexport -E email
|
- poetry install -E fileobjects -E openioc -E virustotal -E docs -E pdfexport -E email
|
||||||
- git submodule init
|
- git submodule init
|
||||||
- git submodule update
|
- git submodule update
|
||||||
|
|
11
README.md
11
README.md
|
@ -1,4 +1,4 @@
|
||||||
[![Build Status](https://travis-ci.com/MISP/mail_to_misp.svg?branch=main)](https://travis-ci.com/MISP/mail_to_misp)
|
[![Build Status](https://app.travis-ci.com/MISP/mail_to_misp.svg?branch=main)](https://app.travis-ci.com/MISP/mail_to_misp)
|
||||||
[![codecov](https://codecov.io/gh/MISP/mail_to_misp/branch/main/graph/badge.svg)](https://codecov.io/gh/MISP/mail_to_misp)
|
[![codecov](https://codecov.io/gh/MISP/mail_to_misp/branch/main/graph/badge.svg)](https://codecov.io/gh/MISP/mail_to_misp)
|
||||||
|
|
||||||
# mail_to_misp
|
# mail_to_misp
|
||||||
|
@ -100,11 +100,12 @@ You should now be able to send your IoC-containing mails to misp_handler@YOURDOM
|
||||||
|
|
||||||
#### Bonus: Fake-SMTPD spamtrap
|
#### Bonus: Fake-SMTPD spamtrap
|
||||||
|
|
||||||
If you want to process all incoming junk mails automatically and collect the contained information in a (separate?) MISP instance, you could use the fake_smtp.py script. It listens on port 25, accepts all mails and pushes them through mail_to_misp to a MISP instance.
|
If you want to process all incoming junk mails automatically and collect the contained information in a separate throw-away MISP instance, you could use the fake_smtp.py script. It listens on port 25, accepts all mails and pushes them through mail_to_misp to a MISP instance.
|
||||||
|
It can also be configured to listen on an SSL port. (465)
|
||||||
|
|
||||||
1. Configure mail_to_misp_config.py
|
1. Configure mail_to_misp_config.py
|
||||||
|
|
||||||
2. ln -s mail_to_misp_config.py fake_smtp_config.py
|
2. cp mail_to_misp_config.py fake_smtp_config.py
|
||||||
|
|
||||||
3. Make port 25 accessible to normal users
|
3. Make port 25 accessible to normal users
|
||||||
|
|
||||||
|
@ -172,10 +173,10 @@ Obviously, you would like to filter mails based on subject or from address and p
|
||||||
### The easy way
|
### The easy way
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
(sudo) pip install (--user) poetry
|
pip install --user poetry
|
||||||
|
|
||||||
# Install other python requirements
|
# Install other python requirements
|
||||||
poetry install
|
poetry install -E fileobjects -E openioc -E virustotal -E email -E url
|
||||||
|
|
||||||
# Test if the script is working
|
# Test if the script is working
|
||||||
./mail_to_misp.py -h
|
./mail_to_misp.py -h
|
||||||
|
|
|
@ -44,7 +44,7 @@ sighting_source = "YOUR_MAIL_TO_MISP_IDENTIFIER"
|
||||||
|
|
||||||
# Remove "Re:", "Fwd:" and {Spam?} from subject
|
# Remove "Re:", "Fwd:" and {Spam?} from subject
|
||||||
# add: "[\(\[].*?[\)\]]" to remove everything between [] and (): i.e. [tag]
|
# add: "[\(\[].*?[\)\]]" to remove everything between [] and (): i.e. [tag]
|
||||||
removelist = (r'Re:', r'Fwd:', r'\{Spam?\}')
|
removelist = (r'Re:', r'Fwd:', r'\{Spam\?\}')
|
||||||
|
|
||||||
# TLP tag setup
|
# TLP tag setup
|
||||||
# Tuples contain different variations of spelling
|
# Tuples contain different variations of spelling
|
||||||
|
|
Loading…
Reference in New Issue