-
Notifications
You must be signed in to change notification settings - Fork 297
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Deployed d4ea2ad to develop with MkDocs 1.5.3 and mike 2.0.0
- Loading branch information
intelmq-bot
committed
Apr 9, 2024
1 parent
9f00dcc
commit ec6eede
Showing
3 changed files
with
3 additions
and
3 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -301,7 +301,7 @@ | |
| <a id=__codelineno-87-2 name=__codelineno-87-2 href=#__codelineno-87-2></a>yourdomain.eu. CERT.XX Response Policy Zones (RPZ) ; Last updated: 2021-05-26 06:01:41 (UTC) ; ; Terms Of | ||
| <a id=__codelineno-87-3 name=__codelineno-87-3 href=#__codelineno-87-3></a>Use: https://rpz.yourdomain.eu ; For questions please contact rpz [at] yourdomain.eu ; *.maliciousdomain.com CNAME | ||
| <a id=__codelineno-87-4 name=__codelineno-87-4 href=#__codelineno-87-4></a>rpz.yourdomain.eu. *.secondmaliciousdomain.com CNAME rpz.yourdomain.eu. | ||
| </code></pre></div></p> <p><strong>Module:</strong> <code>intelmq.bots.outputs.rpz_file.output</code></p> <p><strong>Parameters:</strong></p> <p><strong><code>cname</code></strong></p> <p>(optional, string) example rpz.yourdomain.eu</p> <p><strong><code>organization_name</code></strong></p> <p>(optional, string) Your organisation name</p> <p><strong><code>rpz_domain</code></strong></p> <p>(optional, string) Information website about RPZ</p> <p><strong><code>hostmaster_rpz_domain</code></strong></p> <p>() Technical website</p> <p><strong><code>rpz_email</code></strong></p> <p>() Contact email</p> <p><strong><code>ttl</code></strong></p> <p>() Time to live</p> <p><strong><code>ncachttl</code></strong></p> <p>() DNS negative cache</p> <p><strong><code>serial</code></strong></p> <p>() Time stamp or another numbering</p> <p><strong><code>refresh</code></strong></p> <p>() Refresh time</p> <p><strong><code>retry</code></strong></p> <p>() Retry time</p> <p><strong><code>expire</code></strong></p> <p>() Expiration time</p> <p><strong><code>test_domain</code></strong></p> <p>() For test domain, it's added in first rpz file (after header)</p> <hr> <h3 id=smtp-batch>SMTP Batch <div id=intelmq.bots.outputs.smtp_batch.output /></h3> <p>Aggregate events by e-mail addresses in the <code>source.abuse_contact</code> field and batch send them at once as a zipped CSV file attachment in a GPG signed message.</p> <p>When the bot is run normally by IntelMQ, it just aggregates the events for later use into a custom Redis database. If run through CLI (by a cron or manually), it shows e-mail messages that are ready to be sent and let you send them to the tester's e-mail OR to abuse contact e-mails. E-mails are sent in a zipped CSV file, delimited by a comma, while keeping strings in double quotes. Note: The field "raw" gets base64 decoded if possible. Bytes <code>\n</code> and <code>\r</code> are replaced with "\n" and "\r" strings in order to guarantee best CSV files readability both in Microsoft Office and LibreOffice. (A multiline string may be stored in "raw" which completely confused Microsoft Excel.)</p> <p>Launch it like this: <div class=highlight><pre><span></span><code><a id=__codelineno-88-1 name=__codelineno-88-1 href=#__codelineno-88-1></a></usr/local/bin executable> <bot-id> cli [--tester tester's email] | ||
| </code></pre></div></p> <p><strong>Module:</strong> <code>intelmq.bots.outputs.rpz_file.output</code></p> <p><strong>Parameters:</strong></p> <p><strong><code>cname</code></strong></p> <p>(optional, string) example rpz.yourdomain.eu</p> <p><strong><code>organization_name</code></strong></p> <p>(optional, string) Your organisation name</p> <p><strong><code>rpz_domain</code></strong></p> <p>(optional, string) Information website about RPZ</p> <p><strong><code>hostmaster_rpz_domain</code></strong></p> <p>() Technical website</p> <p><strong><code>rpz_email</code></strong></p> <p>() Contact email</p> <p><strong><code>ttl</code></strong></p> <p>() Time to live</p> <p><strong><code>ncachttl</code></strong></p> <p>() DNS negative cache</p> <p><strong><code>serial</code></strong></p> <p>() Time stamp or another numbering</p> <p><strong><code>refresh</code></strong></p> <p>() Refresh time</p> <p><strong><code>retry</code></strong></p> <p>() Retry time</p> <p><strong><code>expire</code></strong></p> <p>() Expiration time</p> <p><strong><code>test_domain</code></strong></p> <p>() For test domain, it's added in first rpz file (after header)</p> <hr> <h3 id=smtp-batch>SMTP Batch <div id=intelmq.bots.outputs.smtp_batch.output /></h3> <p>Aggregate events by e-mail addresses in the <code>source.abuse_contact</code> field and batch send them at once as a zipped CSV file attachment in a GPG signed message.</p> <p>When the bot is run normally by IntelMQ, it just aggregates the events for later use into a custom Redis database. If run through CLI (by a cron or manually), it shows e-mail messages that are ready to be sent and let you send them to the tester's e-mail OR to abuse contact e-mails. E-mails are sent in a zipped CSV file, delimited by a comma, while keeping strings in double quotes. Note: The field "raw" gets base64 decoded if possible. Bytes <code>\n</code> and <code>\r</code> are replaced with "\n" and "\r" strings in order to guarantee best CSV files readability both in Microsoft Office and LibreOffice. (A multiline string may be stored in "raw" which completely confused Microsoft Excel.)</p> <p>Launch it like this: <div class=highlight><pre><span></span><code><a id=__codelineno-88-1 name=__codelineno-88-1 href=#__codelineno-88-1></a></usr/local/bin executable> <bot-id> --cli [--tester tester's email] | ||
| </code></pre></div> Example: <div class=highlight><pre><span></span><code><a id=__codelineno-89-1 name=__codelineno-89-1 href=#__codelineno-89-1></a>intelmq.bots.outputs.smtp_batch.output<span class=w> </span>smtp-batch-output<span class=w> </span>--cli<span class=w> </span>--tester<span class=w> </span>[email protected] | ||
| </code></pre></div></p> <p>CLI flags: <div class=highlight><pre><span></span><code><a id=__codelineno-90-1 name=__codelineno-90-1 href=#__codelineno-90-1></a>-h, --help show this help message and exit | ||
| <a id=__codelineno-90-2 name=__codelineno-90-2 href=#__codelineno-90-2></a>--cli initiate CLI interface | ||
|
|
@@ -313,7 +313,7 @@ | |
| <a id=__codelineno-90-8 name=__codelineno-90-8 href=#__codelineno-90-8></a> Just send first N mails. | ||
| <a id=__codelineno-90-9 name=__codelineno-90-9 href=#__codelineno-90-9></a>--send Sends now, without dialog. | ||
| </code></pre></div></p> <p>You can schedule the batch sending easily with a cron script, I.E. put this into <code>crontab -e</code> of the <code>intelmq</code> user:</p> <div class=highlight><pre><span></span><code><a id=__codelineno-91-1 name=__codelineno-91-1 href=#__codelineno-91-1></a># Send the e-mails every day at 6 AM | ||
| <a id=__codelineno-91-2 name=__codelineno-91-2 href=#__codelineno-91-2></a>0 6 * * * /usr/local/bin/intelmq.bots.outputs.smtp_batch.output smtp-batch-output-cz cli --ignore-older-than-days 4 --send > /tmp/intelmq-send.log | ||
| <a id=__codelineno-91-2 name=__codelineno-91-2 href=#__codelineno-91-2></a>0 6 * * * /usr/local/bin/intelmq.bots.outputs.smtp_batch.output smtp-batch-output-cz cli --ignore-older-than-days 4 --send &> /tmp/intelmq-send.log | ||
| </code></pre></div> <p><strong>Module:</strong> <code>intelmq.bots.outputs.smtp_batch.output</code></p> <p><strong>Parameters:</strong></p> <p><strong><code>alternative_mails</code></strong></p> <p>(optional, string) Path to CSV in the form <code>[email protected],[email protected]</code>. Needed when some of the recipients ask you to forward their e-mails to another address.</p> <p><strong><code>attachment_name</code></strong></p> <p>(optional, string) Attachment file name for the outgoing messages. May contain date formatting like this <code>%Y-%m-%d</code>. Example: "events_%Y-%m-%d" will appear as "events_2022-12-01.zip". Defaults to "intelmq_%Y-%m-%d".</p> <p><strong><code>bcc</code></strong></p> <p>(optional, array of strings) An array of e-mails to be put in the <code>Bcc</code> field for every mail.</p> <p><strong><code>email_from</code></strong></p> <p>(required, string) Sender's e-mail of the outgoing messages.</p> <p><strong><code>gpg_key</code></strong></p> <p>(optional, string) The Key or the fingerprint of a GPG key stored in ~/.gnupg keyring folder.</p> <p><strong><code>gpg_pass</code></strong></p> <p>(optional, string) Password for the GPG key if needed.</p> <p><strong><code>mail_template</code></strong></p> <p>(required, string) Path to the file containing the body of the mail for the outgoing messages.</p> <p><strong><code>ignore_older_than_days</code></strong></p> <p>(optional, integer) Skips events with time.observation older than now-N. (If your queue gets stuck for a reason, you do not want to send old and probably already solved events.) Defaults to 0 (allow all).</p> <p><strong><code>limit_results</code></strong></p> <p>(optional, integer) Intended as a debugging option, allows loading just first N e-mails from the queue.</p> <p><strong><code>redis_cache_db</code></strong></p> <p>(required, integer) Redis database used for event aggregation. As the databases < 10 are reserved for the IntelMQ core, recommended is a bigger number.</p> <p><strong><code>redis_cache_host</code></strong></p> <p>(required, string) Hostname of the Redis database.</p> <p><strong><code>redis_cache_port</code></strong></p> <p>(required, string) Port of the Redis database.</p> <p><strong><code>redis_cache_ttl</code></strong></p> <p>(required, integer) TTL in seconds used for caching. Recommended 1728000 for 20 days.</p> <p><strong><code>smtp_server</code></strong></p> <p>(required, string/array/object) SMTP server information and credentials. See <a href=https://github.com/CZ-NIC/envelope#sending>SMTP parameter</a> of the envelope module.</p> <p>Examples: <div class=highlight><pre><span></span><code><a id=__codelineno-92-1 name=__codelineno-92-1 href=#__codelineno-92-1></a><span class=nt>smtp_server</span><span class=p>:</span><span class=w> </span><span class=s>"mailer"</span> | ||
| <a id=__codelineno-92-2 name=__codelineno-92-2 href=#__codelineno-92-2></a><span class=nt>smtp_server</span><span class=p>:</span><span class=w> </span><span class="p p-Indicator">{</span><span class=s>"host"</span><span class="p p-Indicator">:</span><span class=w> </span><span class=s>"mailer"</span><span class="p p-Indicator">,</span><span class=w> </span><span class=s>"port"</span><span class="p p-Indicator">:</span><span class=w> </span><span class=nv>587</span><span class="p p-Indicator">,</span><span class=w> </span><span class=s>"user"</span><span class="p p-Indicator">:</span><span class=w> </span><span class=s>"john"</span><span class="p p-Indicator">,</span><span class=w> </span><span class=s>"password"</span><span class="p p-Indicator">:</span><span class=w> </span><span class=s>"123"</span><span class="p p-Indicator">}</span> | ||
| <a id=__codelineno-92-3 name=__codelineno-92-3 href=#__codelineno-92-3></a><span class=nt>smtp_server</span><span class=p>:</span><span class=w> </span><span class="p p-Indicator">[</span><span class=s>"mailer"</span><span class="p p-Indicator">,</span><span class=w> </span><span class=nv>587</span><span class="p p-Indicator">,</span><span class=w> </span><span class=s>"john"</span><span class="p p-Indicator">,</span><span class=w> </span><span class=s>"password"</span><span class="p p-Indicator">]</span> | ||
|
|
||