AnsweredAssumed Answered

simple mail parser for extra headers?

Question asked by Vladimir Previn on Jan 30, 2017
Latest reply on Jan 30, 2017 by Vladimir Previn

hello other RSA customers and RSA people, 

 

don't really know much about writing custom packet decoder parsers or want to engage PS but wondering what other people have done for extracting custom mail headers. 

 

Ideally we'd want to run it alongside the RSA mail or rather SMTP parser not cloning customer_custom_smtp_lua 

 

 

Basically we want to parse 2 things:

a) texty headers from https://www.ietf.org/rfc/rfc2822.txt   - e.g. message-id/ References:/ In-Reply-To:

(these don't seem environment specific, perhaps they can become part of the standard parser ? )  

b) value headers passed by mail gateway to our mail server 

e.g.

i) simple flag headers : X-ExecAttachment: True

ii) texty type headers: X-MailSandbox-StatusOrVerdict: e.g. unknown,pending, malicious, etc. 

 

 

 

 

Wondering what other people have done for similar problems parser and meta key wise. 

Outcomes