intelmq.bots.outputs.templated_smtp package¶
Submodules¶
intelmq.bots.outputs.templated_smtp.output module¶
Templated SMTP output bot
SPDX-FileCopyrightText: 2021 Linköping University <https://liu.se/> SPDX-License-Identifier: AGPL-3.0-or-later
Sends a MIME Multipart message built from an event and static text using Jinja2 templates.
Templates are in Jinja2 format with the event provided in the variable “event”. E.g.:
mail_to: “{{ event[‘source.abuse_contact’] }}”
See the Jinja2 documentation at https://jinja.palletsprojects.com/ .
Attachments are template strings, especially useful for sending structured data. E.g. to send a JSON document including “malware.name” and all other fields starting with “source.”:
- attachments:
content-type: application/json text: |
- {
“malware”: “{{ event[‘malware.name’] }}”, {%- set comma = joiner(“, “) %} {%- for key in event %}
{%- if key.startswith(‘source.’) %}
- {{ comma() }}”{{ key }}”: “{{ event[key] }}”
{%- endif %}
{%- endfor %}
}
name: report.json
You are responsible for making sure that the text produced by the template is valid according to the content-type.
SMTP authentication is attempted if both “smtp_username” and “smtp_password” are provided.
Parameters:
- attachments: list of objects with structure:
content-type: string, templated, content-type to use. text: string, templated, attachment text. name: string, templated, filename of attachment.
- body: string, optional, default see below, templated, body text.
The default body template prints every field in the event except ‘raw’, in undefined order, one field per line, as “field: value”.
mail_from: string, templated, sender address.
mail_to: string, templated, recipient addresses, comma-separated.
- smtp_host: string, optional, default “localhost”, hostname of SMTP
server.
- smtp_password: string, default null, password (if any) for
authenticated SMTP.
smtp_port: integer, default 25, TCP port to connect to.
- smtp_username: string, default null, username (if any) for
authenticated SMTP.
- tls: boolean, default false, whether to use use SMTPS. If true, also
set smtp_port to the SMTPS port.
- starttls: boolean, default true, whether to use opportunistic STARTTLS
over SMTP.
- subject: string, optional, default “IntelMQ event”, templated, e-mail
subject line.
- verify_cert: boolean, default true, whether to verify the server
certificate in STARTTLS or SMTPS.
-
intelmq.bots.outputs.templated_smtp.output.
BOT
¶ alias of
intelmq.bots.outputs.templated_smtp.output.TemplatedSMTPOutputBot
-
class
intelmq.bots.outputs.templated_smtp.output.
TemplatedSMTPOutputBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)¶ Bases:
intelmq.lib.bot.Bot
-
attachments
: List[str] = []¶
-
body
: str = "{%- for field in event %}\n {%- if field != 'raw' %}\n{{ field }}: {{ event[field] }}\n {%- endif %}\n{%- endfor %}\n"¶
-
init
()¶
-
mail_from
: Optional[str] = None¶
-
mail_to
: Optional[str] = None¶
-
password
: Optional[str] = None¶
-
process
()¶
-
smtp_host
: str = 'localhost'¶
-
smtp_port
: int = 25¶
-
ssl
: bool = False¶
-
starttls
: bool = False¶
-
subject
: str = 'IntelMQ event'¶
-
username
: Optional[str] = None¶
-
verify_cert
: bool = True¶
-