User Tools

Site Tools


pom-ng:analyzer:imap

Analyzer imap

This analyzer listens for events from proto_imap. It parses the command, response and payload and issue various events.

Events

Name Payload associated Description
imap_msgyesGenerated when a message or part of a message is found.
imap_idnoContains information about client and server ID commands.
imap_authnoContains authentication attempts.

imap_msg

This event is generated each time a message or part of it are found. If only headers are transmitted, the headers will be parsed and contained in the event.

Field Type Description
client_addripv4 or ipv6Client address.
server_addripv4 or ipv6Server address.
server_portuint16Port on the server.
server_hoststringHostname of the server if found in the DNS cache.
mailboxstringMailbox in which the message resides.
sequint64Message sequence number.
uiduint64Message UID.
partstringIdentified the part of the message parsed from the FETCH BODY[] command.
headersstring listHeaders parsed from the message or the corresponding part.

imap_id

This event is generated each time a client and a server exchange their ID.

Field Type Description
client_addripv4 or ipv6Client address.
server_addripv4 or ipv6Server address.
server_portuint16Port on the server.
server_hoststringHostname of the server if found in the DNS cache.
client_paramsstring listClient ID parameters.
server_paramsstring listServer ID parameters.

imap_auth

This even is generated for each authentication attempt.

Field Type Description
client_addripv4 or ipv6Client address.
server_addripv4 or ipv6Server address.
server_portuint16Port on the server.
server_hoststringHostname of the server if found in the DNS cache.
typestringAuthentication type (LOGIN, PLAIN, …),
paramsstring listAuthentication parameters, usually contains the user and password.
successboolIf the authentication succeeded or not.
pom-ng/analyzer/imap.txt · Last modified: 2020/05/26 21:59 by 127.0.0.1