Exchange mail filter

Plugin with which you can filter emails and the number of emails that match the filters used.

Introduction

Ver. 15-02-2023

Plugin with which you can filter mails and the number of mails that match the filters used.

Type: Server plug-in.

Compatibility matrix

Systems where tested

exchange 2016, exchange online

Systems where it should work

Any version of exchange

Pre requisites

Steps to enable OAuth in online exchange:

Parameters

--server Server name
--smpt_address Mailing Address
--user Exchange user
--client_id Client id
--tenant_id Tenant id
--secret secret
--password User password
--smtp_address User account from which emails will be filtered.
--subject To filter word or phrase in the subject.
--sender To filter by e-mail
--date_start Each date must be separated by a hyphen and enclosed in quotation marks, with the following format: 'year-month-day-day-hour-minute'. example: '2021-1-12-0-0'.
--date_end Each date must be separated by a hyphen and enclosed in quotation marks, with the following format: 'year-month-day-hour-minute'. example: '2021-1-12-0-0'.
--mail_list To create a new module with a list of matching mails.
--transfer_modo Transfer mode
--tentacle_port Tentacle port in case you want to send data in this way
--tentacle_address Tentacle address in case you want to send the data in this way
--agent_prefix Name of the agent that will contain the modules
--module_prefix To add a prefix to the module, "Exchange" is the default prefix.
--group Target group in pandora
--interval Time creation interval for the agent
--temporal Temporary file directory.
--data_dir Data destination address
--log_file Log file path
--auth Authentication mode. The two possible options are 0Auth and basic. The basic authentication is required in exchange online.

Manual execution

The plugin creates an agent with two modules for each execution, one with the number of emails that match the filtering and another with the list of these emails. The filtering parameters are as follows:

--subject

--sender

--date_start

--date_end

You can filter by any of these or you can combine them as follows:

subject + sender

subject + sender + date_start-date_end

Manual execution example

./exchange_mail \
--auth <oauth> \
--server <server> \
--smtp_address <smtp_address> \
--client_id <client_id> \
--tenant_id <tenant_id> \
--secret <secret> \
[--user <user>] \
[--password <password>] \
[--subject <subject>] \
[--sender <sender>] \
[--date_start <date_start>] \
[--date_end <date_end>] \
[--mail_list <mail_list>] \
[--module_prefix <module_prefix>] \
[--agent_prefix <agent_prefix>] \
[--group <group>] \
[--interval <interval>] \
[--temporal <temporal>] \
[--data_dir <data_dir>] \
[--transfer_mode <transfer_mode>] \
[--tentacle_client <tentacle_client>] \
[--tentacle_opts <tentacle_opts>] \
[--tentacle_port <tentacle_port>] \
[--tentacle_address <tentacle_address>] \
[--log_file <log_file>]

Help example 

image.png

Configuration in PandoraFMS

Manual installation

Go to servers > plugins:

image-1629974405286.png

Click on add:

image-1629974430627.png

We put the name and description of your choice:

image-1658834125705.png

We enter as command the execution with the path of the plugin:

</path_exchange_mail>

Remember that the recommended path for the use of the server plugins is: /usr/share/pandora_server/util/plugin/

And in plugin parameters we will introduce these followed by the macro "_field<N>_", the mandatory ones for the plugin to work are --server, --auth, --smtp_address and depending on the authentication method, user and password in the basic one and client_id, tenant_id and secret in OAuth authentication.

Although it is not mandatory, the use of the --agent_name parameter is highly recommended, since it allows us to customize the name of the agent that will contain the created modules.

Once this is done, we will click on "create".

Once this is done, the only thing left to do is to call it, so we will go to some agent's view and create an add-in module:

image-1646741530197.png

We will give it a name and in the section "plugin" we will put the one we have just configured.

Once this is done, click on create.

If the module is shown with 1, it means that it is running correctly.

Modules generated by the plugin