pom-ng:analyzer:imap
Table of Contents
Analyzer imap
This analyzer listens for events from proto_imap. It parses the command, response and payload and issue various events.
Events
Name | Payload associated | Description |
---|---|---|
imap_msg | yes | Generated when a message or part of a message is found. |
imap_id | no | Contains information about client and server ID commands. |
imap_auth | no | Contains authentication attempts. |
imap_msg
This event is generated each time a message or part of it are found. If only headers are transmitted, the headers will be parsed and contained in the event.
Field | Type | Description |
---|---|---|
client_addr | ipv4 or ipv6 | Client address. |
server_addr | ipv4 or ipv6 | Server address. |
server_port | uint16 | Port on the server. |
server_host | string | Hostname of the server if found in the DNS cache. |
mailbox | string | Mailbox in which the message resides. |
seq | uint64 | Message sequence number. |
uid | uint64 | Message UID. |
part | string | Identified the part of the message parsed from the FETCH BODY[] command. |
headers | string list | Headers parsed from the message or the corresponding part. |
imap_id
This event is generated each time a client and a server exchange their ID.
Field | Type | Description |
---|---|---|
client_addr | ipv4 or ipv6 | Client address. |
server_addr | ipv4 or ipv6 | Server address. |
server_port | uint16 | Port on the server. |
server_host | string | Hostname of the server if found in the DNS cache. |
client_params | string list | Client ID parameters. |
server_params | string list | Server ID parameters. |
imap_auth
This even is generated for each authentication attempt.
Field | Type | Description |
---|---|---|
client_addr | ipv4 or ipv6 | Client address. |
server_addr | ipv4 or ipv6 | Server address. |
server_port | uint16 | Port on the server. |
server_host | string | Hostname of the server if found in the DNS cache. |
type | string | Authentication type (LOGIN, PLAIN, …), |
params | string list | Authentication parameters, usually contains the user and password. |
success | bool | If the authentication succeeded or not. |
pom-ng/analyzer/imap.txt · Last modified: 2020/05/26 21:59 by 127.0.0.1