intelmq.bots.outputs.templated_smtp package

Submodules

intelmq.bots.outputs.templated_smtp.output module

Templated SMTP output bot

SPDX-FileCopyrightText: 2021 Linköping University <https://liu.se/> SPDX-License-Identifier: AGPL-3.0-or-later

Sends a MIME Multipart message built from an event and static text using Jinja2 templates.

Templates are in Jinja2 format with the event provided in the variable “event”. E.g.:

mail_to: “{{ event[‘source.abuse_contact’] }}”

See the Jinja2 documentation at https://jinja.palletsprojects.com/ .

Attachments are template strings, especially useful for sending structured data. E.g. to send a JSON document including “malware.name” and all other fields starting with “source.”:

attachments:
  • content-type: application/json text: |

    {

    “malware”: “{{ event[‘malware.name’] }}”, {%- set comma = joiner(“, “) %} {%- for key in event %}

    {%- if key.startswith(‘source.’) %}

    {{ comma() }}”{{ key }}”: “{{ event[key] }}”

    {%- endif %}

    {%- endfor %}

    }

    name: report.json

You are responsible for making sure that the text produced by the template is valid according to the content-type.

SMTP authentication is attempted if both “smtp_username” and “smtp_password” are provided.

Parameters:

attachments: list of objects with structure:
  • content-type: string, templated, content-type to use. text: string, templated, attachment text. name: string, templated, filename of attachment.
body: string, optional, default see below, templated, body text.
The default body template prints every field in the event except ‘raw’, in undefined order, one field per line, as “field: value”.

mail_from: string, templated, sender address.

mail_to: string, templated, recipient addresses, comma-separated.

smtp_host: string, optional, default “localhost”, hostname of SMTP
server.
smtp_password: string, default null, password (if any) for
authenticated SMTP.

smtp_port: integer, default 25, TCP port to connect to.

smtp_username: string, default null, username (if any) for
authenticated SMTP.
tls: boolean, default false, whether to use use SMTPS. If true, also
set smtp_port to the SMTPS port.
starttls: boolean, default true, whether to use opportunistic STARTTLS
over SMTP.
subject: string, optional, default “IntelMQ event”, templated, e-mail
subject line.
verify_cert: boolean, default true, whether to verify the server
certificate in STARTTLS or SMTPS.
intelmq.bots.outputs.templated_smtp.output.BOT

alias of intelmq.bots.outputs.templated_smtp.output.TemplatedSMTPOutputBot

class intelmq.bots.outputs.templated_smtp.output.TemplatedSMTPOutputBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)

Bases: intelmq.lib.bot.Bot

attachments = []
body = "{%- for field in event %}\n {%- if field != 'raw' %}\n{{ field }}: {{ event[field] }}\n {%- endif %}\n{%- endfor %}\n"
init()
mail_from = None
mail_to = None
password = None
process()
smtp_host = 'localhost'
smtp_port = 25
ssl = False
starttls = False
subject = 'IntelMQ event'
username = None
verify_cert = True

Module contents