User Tools

Site Tools


pom-ng:analyzer:imap
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


Previous revision
pom-ng:analyzer:imap [2020/05/26 21:59] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== Analyzer imap ======
 +
 +This analyzer listens for events from [[pom-ng:proto:imap|proto_imap]]. It parses the command, response and payload and issue various events.
 +
 +===== Events =====
 +
 +^ Name ^ Payload associated ^ Description ^
 +|imap_msg|yes|Generated when a message or part of a message is found.|
 +|imap_id|no|Contains information about client and server ID commands.|
 +|imap_auth|no|Contains authentication attempts.|
 +
 +==== imap_msg ====
 +This event is generated each time a message or part of it are found. If only headers are transmitted, the headers will be parsed and contained in the event.
 +
 +^ Field ^ Type ^ Description ^
 +|client_addr|ipv4 or ipv6|Client address.|
 +|server_addr|ipv4 or ipv6|Server address.|
 +|server_port|uint16|Port on the server.|
 +|server_host|string|Hostname of the server if found in the DNS cache.|
 +|mailbox|string|Mailbox in which the message resides.|
 +|seq|uint64|Message sequence number.|
 +|uid|uint64|Message UID.|
 +|part|string|Identified the part of the message parsed from the FETCH BODY[] command.|
 +|headers|string list|Headers parsed from the message or the corresponding part.|
 +
 +
 +==== imap_id ====
 +This event is generated each time a client and a server exchange their ID.
 +
 +^ Field ^ Type ^ Description ^
 +|client_addr|ipv4 or ipv6|Client address.|
 +|server_addr|ipv4 or ipv6|Server address.|
 +|server_port|uint16|Port on the server.|
 +|server_host|string|Hostname of the server if found in the DNS cache.|
 +|client_params|string list|Client ID parameters.|
 +|server_params|string list|Server ID parameters.|
 +
 +
 +==== imap_auth ====
 +This even is generated for each authentication attempt.
 +^ Field ^ Type ^ Description ^
 +|client_addr|ipv4 or ipv6|Client address.|
 +|server_addr|ipv4 or ipv6|Server address.|
 +|server_port|uint16|Port on the server.|
 +|server_host|string|Hostname of the server if found in the DNS cache.|
 +|type|string|Authentication type (LOGIN, PLAIN, ...),|
 +|params|string list|Authentication parameters, usually contains the user and password.|
 +|success|bool|If the authentication succeeded or not.|
  
pom-ng/analyzer/imap.txt · Last modified: 2020/05/26 21:59 by 127.0.0.1