Skip to main content

A Python package to inspect an eml message received from hops

Project description

Hopper

Based on the emailtrail project, hopper is a python 2 & 3 package to track received from header hops.

Get structured information about each hop - Hostnames, Protocol used, Timestamp, and Delay.

Table of Contents

Usage

We can analyse an email source or raw headers

email = """
Delivered-To: money@capitalism.com
Received: by 10.129.52.209 with SMTP id b200csp1430876ywa;
        Tue, 10 Oct 2017 01:17:02 -0700 (PDT)
X-Received: by 10.31.153.20 with SMTP id b20mr6116862vke.110.1507623422746;
        Tue, 10 Oct 2017 01:17:02 -0700 (PDT)
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65])
        by mx.google.com with SMTPS id b31sor1345013uaa.124.2017.10.10.01.17.02
        for <money@capitalism.com>
        (Google Transport Security);
        Tue, 10 Oct 2017 01:17:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of bags@test_email.ua.edu designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65;
X-Received: by 10.176.85.196 with SMTP id w4mr6874179uaa.75.1507623422198; Tue, 10 Oct 2017 01:17:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.79.86 with HTTP; Tue, 10 Oct 2017 01:17:01 -0700 (PDT)
From: Mr. Money Bags <bags@moneyrules.com>
Date: Tue, 10 Oct 2017 01:17:01 -0700
Subject:
To: money@capitalism.com;
Content-Type: text/plain; charset="UTF-8"
Bcc: satan@wallstreet.com

A business opportunity awaits
"""

Lets analyse it

from hopper import Hopper
Hopper.analyse(email)
{
  'To': u'money@capitalism.com;',
  'From': u'Mr. Money Bags <bags@moneyrules.com>',
  'Bcc': u'satan@wallstreet.com',
  'Cc': u'None',
  'total_delay': 1,
  'trail': [
    {
      'delay': 0,
      'from': '',
      'protocol': 'HTTP',
      'receivedBy': '10.103.79.86',
      'timestamp': 1507623421
    },
    {
      'delay': 1,
      'from': 'mail-sor-f65.google.com',
      'protocol': 'SMTPS',
      'receivedBy': 'mx.google.com',
      'timestamp': 1507623422
    },
    {
      'delay': 0,
      'from': '',
      'protocol': 'SMTP',
      'receivedBy': '10.129.52.209',
      'timestamp': 1507623422
    }
  ]
}

The analyse function returns a python dictionary.

The trail shows the email hops sorted in chronological order. Each intermediary email server adds a Received header to the mail, from which the module parses the following information:

  • protocol : e.g HTTP, SMTP etc.
  • from : The name the sending computer gave for itself
  • receivedBy: The receiving computers name
  • timestamp : Unix epoch

An empty string value is set for fields which couldn't be determined.

  • delay: The delay (in seconds) is computed by taking the difference of two consecutive hops. In above example there was a delay of 1 sec from 10.103.79.86 to mx.google.com

Caveats

Sometimes during delay calculation the timestamp difference may be negative.

  • It's not possible for a server to recieve the email before previous one,
  • It means that either one or both of the servers clocks are off.
  • We assume a delay of 0 for this hop.

Contributing

emailtrail uses pipenv for managing virtual env and package versions.

  • Fork the repo and clone it.
  • In project root: pipenv install --dev --two. This installs packages required for testing and linting
  • Jump into your virutal env: pipenv shell
  • Running tests: pytest
  • If you want to understand the code, read the test cases first.
  • Make your changes -> Pass the tests -> Push to your branch -> Create pull request -> Profit ??

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hopper-0.0.1.tar.gz (5.9 kB view hashes)

Uploaded Source

Built Distributions

hopper-0.0.1-py3-none-any.whl (8.0 kB view hashes)

Uploaded Python 3

hopper-0.0.1-py2-none-any.whl (8.0 kB view hashes)

Uploaded Python 2

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page