Pandora Imap

Plugin with which you can filter emails and the number of emails that match the filters used.

Introduction

Ver. 12-07-2022

Plug-in with which you can filter mails and the number of mails that match the filters used.

Type: Server or agent plug-in

Compatibility matrix

Systems where tested

Fedora
Systems where it should work

Any linux system 

Prerequisites

imap_tools
pip install imap_tools
python3 
pip3 install imap_tools

Cryptocode

pip install cryptocode

python3 

pip3 install cryptocode

 

Parameters

--server Example:
outlook.office365.com
--user User's e-mail address
--password User password
--list To list all mailboxes
--mailbox To choose mailbox to filter on (Inbox by default)
--subject To filter word or phrase in the subject.
--from_mail To filter by e-mail
--date To filter from a certain date (example: '2020,1,1')
--body To filter by a word in the body
--mail_list To create a new module with a list of matching mails.
--tentacle_port Tentacle port in case you want to send the data in this way
--tentacle_address Tentacle address in case you want to send the data in this way
--agent_name Name of the agent that will contain the modules
-g,--group Target group in pandora
--data_dir Data destination address
--as_agent_plugin Agent mode when activated with a 1

Manual execution

The plugin creates an agent with two modules for each execution, one with the number of emails that match the filtering and another with the list of these emails. The filtering parameters are the following:

--subject

--body

--from_mail

--date

You can filter by any of these or you can combine them as follows:

subject + body

subject + body + from_mail

subject + body + from_mail + date

You can select mails from any mailbox (inbox by default), to see a list of the mailboxes of the mail you can use the parameter

--list 1

The user and password will only need to be entered the first time, in a manual execution, then a file will be created that will store the encrypted credentials and the plugin will read them from this file.

python3 pandora_imap.py --server <server> --user <user> --password <password> --list 1

image-1658928329496.png

python3 pandora_imap.py --server <server> --user <user> --password <password> --subject <subject> --body <body> --as_agent_plugin 1

Manual execution example

image-1658928348665.png

Example help menu

image-1658928383815.png

Example with all filters

image-1658928418619.png

Configuration in PandoraFMS

Manual installation

Go to servers > plugins:

image-1629974405286.png

Click on add:

image-1629974430627.png

We put the name and description of your choice:

image-1658834125705.png

We enter as command the execution with the path of the plugin:

python3 </path_pandora_imap>

Remember that the recommended path for the use of the server plugins is: /usr/share/pandora_server/util/plugin/

image-1659089658886.png

Remember that you must run the plugin manually with user and password for the first time to create an imap_credentials.txt file that will save the encrypted credentials.

And in plugin parameters we will introduce these followed by the macro "_field<N>_", the mandatory ones for the plugin to work are --server, (--user, --password must be introduced in a first manual execution only the first time) and at least one of the parameters used for filtering. 

Although it is not mandatory, the use of the --agent_name parameter is highly recommended, since it allows us to customize the name of the agent that will contain the created modules.

--SERVER

image-1658834684259.png

--SUBJECT

image-1658834761517.png

--BODY

image-1658834783278.png

Once this is done, we will click on "create".

Once this is done, the only thing left to do is to call it, so we will go to some agent's view and create an add-in module:

image-1646741530197.png

We will give it a name and in the section "plugin" we will put the one we have just configured.

image-1658834560870.png

 

Once this is done, click on create.

If the module is shown with 1, it means that it is running correctly. 

Modules generated by the plugin

The plugin will create a module called "Coincidences_count" with the number of coincidences and if the ``--mail_list`` parameter is used it will also create a module with a list of coincidences. 

image-1658831113098.png

 List module view

image-1658831122550.png