TheHive-Project
TheHive4 mailer responder issue
Hi guys,
I had issues getting the mailer responder work as intended. The phish feedback v1.0 also do not work as designed. Anyone have had similar issues and get it fixed and mind share the solutions ? Much appreciated with the help! Thanks
Hello,
the issue for us on a modified version of the mailer responder was due to the way TheHive4 automatically transform case tags.
from mail:[email protected] to mail="[email protected]".
Because of that the responder was not able to find the mail address
https://github.com/TheHive-Project/Cortex-Analyzers/blob/master/responders/Mailer/mailer.py
- Line 43 :
mail_tags = [t[5:] for t in tags if t.startswith("mail:")]
Has to be replaced by:
-
mail_tags = [t[5:].strip('"') for t in tags if t.startswith('mail:') or t.startswith('mail=')]
regards,
Emilien
Hi Emilien,
With this replacement, mail_tags = [t[5:].strip('"') for t in tags if t.startswith('mail:') or t.startswith('mail=')]
You got it work on your end?
Yes, it worked for us. but as I said it is a modified version of the responder. Can you put here the full error msg from Cortex ?
I modified as what you advised and got this error:.. in my case i use gmail account to send an email to the recipient which is already been set.
Traceback (most recent call last): File "/opt/Cortex-Analyzers/responders/Mailer/mailer.py", line 82, in
Yes, it worked for us. but as I said it is a modified version of the responder. Can you put here the full error msg from Cortex ?
Another one , this one is pretty odd.. i setup everything in the config as it supposed to be and got this error:
Missing auth pass