intelmq.bots.outputs.templated_smtp package

Submodules

intelmq.bots.outputs.templated_smtp.output module

Templated SMTP output bot

SPDX-FileCopyrightText: 2021 Linköping University <https://liu.se/> SPDX-License-Identifier: AGPL-3.0-or-later

Sends a MIME Multipart message built from an event and static text using Jinja2 templates.

Templates are in Jinja2 format with the event provided in the variable “event”. E.g.:

mail_to: “{{ event[‘source.abuse_contact’] }}”

See the Jinja2 documentation at https://jinja.palletsprojects.com/ .

Attachments are template strings, especially useful for sending structured data. E.g. to send a JSON document including “malware.name” and all other fields starting with “source.”:

attachments:
  • content-type: application/json text: |

    {

    “malware”: “{{ event[‘malware.name’] }}”, {%- set comma = joiner(”, “) %} {%- for key in event %}

    {%- if key.startswith(‘source.’) %}

    {{ comma() }}”{{ key }}”: “{{ event[key] }}”

    {%- endif %}

    {%- endfor %}

    }

    name: report.json

You are responsible for making sure that the text produced by the template is valid according to the content-type.

SMTP authentication is attempted if both “smtp_username” and “smtp_password” are provided.

Parameters:

attachments: list of objects with structure:
  • content-type: string, templated, content-type to use. text: string, templated, attachment text. name: string, templated, filename of attachment.

body: string, optional, default see below, templated, body text.

The default body template prints every field in the event except ‘raw’, in undefined order, one field per line, as “field: value”.

mail_from: string, templated, sender address.

mail_to: string, templated, recipient addresses, comma-separated.

smtp_host: string, optional, default “localhost”, hostname of SMTP

server.

smtp_password: string, default null, password (if any) for

authenticated SMTP.

smtp_port: integer, default 25, TCP port to connect to.

smtp_username: string, default null, username (if any) for

authenticated SMTP.

tls: boolean, default false, whether to use use SMTPS. If true, also

set smtp_port to the SMTPS port.

starttls: boolean, default true, whether to use opportunistic STARTTLS

over SMTP.

subject: string, optional, default “IntelMQ event”, templated, e-mail

subject line.

verify_cert: boolean, default true, whether to verify the server

certificate in STARTTLS or SMTPS.

intelmq.bots.outputs.templated_smtp.output.BOT

alias of intelmq.bots.outputs.templated_smtp.output.TemplatedSMTPOutputBot

class intelmq.bots.outputs.templated_smtp.output.TemplatedSMTPOutputBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.Bot

attachments: List[str] = []
body: str = "{%- for field in event %}\n    {%- if field != 'raw' %}\n{{ field }}: {{ event[field] }}\n    {%- endif %}\n{%- endfor %}\n"
init()
mail_from: Optional[str] = None
mail_to: Optional[str] = None
password: Optional[str] = None
process()
smtp_host: str = 'localhost'
smtp_port: int = 25
ssl: bool = False
starttls: bool = False
subject: str = 'IntelMQ event'
username: Optional[str] = None
verify_cert: bool = True

Module contents