sunhux
asked on
script to extract emails originating IP, attachments & embedded links
Someone from another organization told me he has an
in-house developed script that could read incoming emails
(in particular those originating from outside the organization)
for URLs/links, originating IP & attachments: the script will
extract the links, IP & attachments, check them in virustotal
& hold back the email if it's a known IOC by any of the
security products in VT.
I have a tool from VT (vt.exe) that could post IP, hashes
& links to VT but I don't know how to extract the links,
attachments & originating IP of emails.
The acquaintance cant share the script as their intellectual
property: they used in on their on-prem Exchange.
Anyone can share any free tools, batch or VB scripts ?
Ideally not a PS script but if it has to be a PS script, then
I'll take it as well.
We are using MS Exchange Online.
One more feature to add in:
will be nice if the script could check if the originating
IP belongs to the sender's domain (which is visible
to the email recipient) & if not hold back the email
as well & notify our IT support by email
in-house developed script that could read incoming emails
(in particular those originating from outside the organization)
for URLs/links, originating IP & attachments: the script will
extract the links, IP & attachments, check them in virustotal
& hold back the email if it's a known IOC by any of the
security products in VT.
I have a tool from VT (vt.exe) that could post IP, hashes
& links to VT but I don't know how to extract the links,
attachments & originating IP of emails.
The acquaintance cant share the script as their intellectual
property: they used in on their on-prem Exchange.
Anyone can share any free tools, batch or VB scripts ?
Ideally not a PS script but if it has to be a PS script, then
I'll take it as well.
We are using MS Exchange Online.
One more feature to add in:
will be nice if the script could check if the originating
IP belongs to the sender's domain (which is visible
to the email recipient) & if not hold back the email
as well & notify our IT support by email
ASKER
https://www.datanumen.com/blogs/auto-export-information-incoming-emails-excel-file-outlook-vba/
Something like what's described in above link looks promising, but it did not specify how to
extract the originating IP of the email & how to export out the attachments (typically PDF,
MSOffice & zip)
Something like what's described in above link looks promising, but it did not specify how to
extract the originating IP of the email & how to export out the attachments (typically PDF,
MSOffice & zip)
much depends on what you are after, commonly it is less of a script than an intermediary SMTP server
Similar to the services you can pass your email through.
I.e. Use postfix on a Linux system with spamassassin, clamav, RBL filtering, tied into the AD domain to reject messages destined to non-existent addresses...
There are additional option that would quaranteen.
Depending on your Exchange version, within you can set mail flow processing rules.......noting, running things on the exchange will add to system load.
Similar to the services you can pass your email through.
I.e. Use postfix on a Linux system with spamassassin, clamav, RBL filtering, tied into the AD domain to reject messages destined to non-existent addresses...
There are additional option that would quaranteen.
Depending on your Exchange version, within you can set mail flow processing rules.......noting, running things on the exchange will add to system load.
While not impossible to do in Exchange, it would be rather different proposition to do in O365 Exchange Online.
As arnold has suggested a dedicated mail gateway would be a simpler solution, have that as your MX, and then forward to O365.
As arnold has suggested a dedicated mail gateway would be a simpler solution, have that as your MX, and then forward to O365.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
users can create a new email, attach the suspicious email to a
dedicated Helpdesk support email account & when that email
arrives in the Helpdesk support email, it will be auto-assessed
(by doing the checks indicated above) & then replied back to
the user, thus user have to make decision whether to delete
or click anything in that email: understand it may not be so
easy to write an email to read from Exchange & withhold emails.