From f110eb08b00995c7076976a1c0942e032d0dba88 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Wed, 22 Jan 2020 12:17:30 +0000
Subject: [PATCH] prepare for mailoney json logging

---
 docker/elk/logstash/dist/logstash.conf |  9 ++---
 docker/mailoney/Dockerfile             |  2 +-
 docker/mailoney/Dockerfile.old         | 52 ++++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 7 deletions(-)
 create mode 100644 docker/mailoney/Dockerfile.old

diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index bfffb463..3d118364 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -101,6 +101,7 @@ input {
 # Mailoney
   file {
     path => ["/data/mailoney/log/commands.log"]
+    codec => json
     type => "Mailoney"
   }
 
@@ -344,18 +345,14 @@ filter {
 
 # Mailoney
   if [type] == "Mailoney" {
-    grok {
-      match => [ "message", "\A%{NAGIOSTIME}\[%{IPV4:src_ip}:%{INT:src_port:integer}] %{GREEDYDATA:smtp_input}" ]
+    date {
+      match => [ "timestamp", "ISO8601" ]
     }
     mutate {
       add_field => {
         "dest_port" => "25"
       }
     }
-    date {
-      match => [ "nagios_epoch", "UNIX" ]
-      remove_field => ["nagios_epoch"]
-    }
   }
 
 # Medpot
diff --git a/docker/mailoney/Dockerfile b/docker/mailoney/Dockerfile
index 99c37142..f23d24ea 100644
--- a/docker/mailoney/Dockerfile
+++ b/docker/mailoney/Dockerfile
@@ -27,7 +27,7 @@ RUN apk -U --no-cache add \
                         pylibemu && \ 
 #
 # Install mailoney from git
-    git clone --depth=1 https://github.com/awhitehatter/mailoney /opt/mailoney && \
+    git clone --depth=1 https://github.com/t3chn0m4g3/mailoney /opt/mailoney && \
 #
 # Setup user, groups and configs
     addgroup -g 2000 mailoney && \
diff --git a/docker/mailoney/Dockerfile.old b/docker/mailoney/Dockerfile.old
new file mode 100644
index 00000000..99c37142
--- /dev/null
+++ b/docker/mailoney/Dockerfile.old
@@ -0,0 +1,52 @@
+FROM alpine 
+#
+# Install packages
+RUN apk -U --no-cache add \
+            autoconf \
+            automake \
+            build-base \
+            git \
+            libcap \
+            libtool \
+            py-pip \
+            python \
+            python-dev && \
+#
+# Install libemu    
+    git clone --depth=1 https://github.com/buffer/libemu /root/libemu/ && \
+    cd /root/libemu/ && \
+    autoreconf -vi && \
+    ./configure && \
+    make && \
+    make install && \
+#
+# Install libemu python wrapper
+    pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir \ 
+                        hpfeeds \
+                        pylibemu && \ 
+#
+# Install mailoney from git
+    git clone --depth=1 https://github.com/awhitehatter/mailoney /opt/mailoney && \
+#
+# Setup user, groups and configs
+    addgroup -g 2000 mailoney && \
+    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 mailoney && \
+    chown -R mailoney:mailoney /opt/mailoney && \
+    setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \
+#
+# Clean up
+    apk del --purge autoconf \
+                    automake \
+                    build-base \
+                    git \
+                    py-pip \
+                    python-dev && \
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/*
+#
+# Set workdir and start mailoney
+STOPSIGNAL SIGINT
+USER mailoney:mailoney
+WORKDIR /opt/mailoney/
+CMD ["/usr/bin/python","mailoney.py","-i","0.0.0.0","-p","25","-s","mailrelay.local","-t","schizo_open_relay"]