Hey there,
Just installed the IMAP mailbox App on a Windows test environment to try it, working fine so far, but had to use password in their plaintext form, as the app couldn't make the connection if I set the encrypted ones. Somebody knows how to make the App use the encrypted passwords? Any help is much appreciated.
https://github.com/IMAPMailbox/IMAPmailbox/issues/8
echo|set /p="password_no_new_line_char" | "C:\Program Files\Splunk\bin\splunk.exe" cmd openssl bf -e -a -pass file:"C:\Program Files\Splunk\etc\auth\splunk.secret"
(replace password_no_new_line_char
with the password for the mailbox you will be polling)C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf
as per the readme ( C:\Program Files\Splunk\etc\apps\IMAPmailbox\README.tx
t ),echo|set /p="password_no_new_line_char" | "C:\Program Files\Splunk\bin\splunk.exe" cmd openssl bf -e -a -pass file:"C:\Program Files\Splunk\etc\auth\splunk.secret"
(replace password_no_new_line_char
with the password for the splunk user who has access to the web UI and REST API)splunkxpassword
value in C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf
as per the readme ( C:\Program Files\Splunk\etc\apps\IMAPmailbox\README.txt
),mimeTypes
value in in C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf
to any mime type you want to process, such as text/html,text/richtext,text/plain (this should be a comma separated list)folders
value to INBOX or any other IMAP folder in in C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf
C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\inputs.conf
and input the following:
#disable *nix
[script://./bin/get_imap_email.py]
disabled = true
#enable windows
[script://.\bin\get_imap_email.py]
interval = 300
disabled = false
"C:\Program Files\Splunk\etc\apps\IMAPmailbox\bin\get_imap_email.py"
in the following way:
modify each call to subprocess.Popen('openssl
line with p = subprocess.Popen('openssl bf -d -a -pass file:\"%s\"' % (os.path.join(os.environ['SPLUNK_HOME'],'etc','auth', 'splunk.secret')), shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
This nests the path to the secret
file in double-quotes."C:\Program Files\Splunk\bin\splunk.exe" cmd btool --app=IMAPmailbox imap list --debug
"C:\Program Files\Splunk\bin\splunk.exe" cmd btool --app=IMAPmailbox inputs list --debug
run a test to verify IMAP connectivity, etc:
cd "C:\Program Files\Splunk\etc\apps\IMAPmailbox"
"C:\Program Files\Splunk\bin\splunk.exe" cmd python bin/get_imap_email.py --debug
I managed to get the genpass.sh script working without error and got the hash for xpassword. I could not get it to work with exchange. I'm posting my solution for gettng genpass.sh running in hopes someone can tell me what I'm missing for using the hash (i tried firewall settings, port 993 instead of 143, securelogin in exchange, etc, no such luck).
Ok, so back to getting genpass.sh working...
Step 1. (Get and Set Env variables)
You need to set some Splunk environment variables (at least for this script, doesn't have to be permanent)
Run a command prompt as admin and get to c:\Program Files\Splunk\bin
The command below will create a bat file that you will run to populate those environment variables
In your Splunk bin directory, run this:
splunk envvars > setSplunkEnv.bat
Run the setSplunkEnv.bat to put splunk env variables into your dos session. If you go SET, you will see them listed (or just edit the .bat)
Step 2. (Edit genpass.sh)
I recommend getting notepad++ for this part. The genpass.sh has carriage returns that notepad and wordpad don't understand and will make a mess of.
Open the genpass.sh in Notepad++ from this path: C:\Program Files\Splunk\etc\apps\IMAPmailbox\bin\genpass.sh
You need to modify this line:
echo -n $pass | openssl bf -e -a -pass file:$SPLUNK_HOME/etc/auth/splunk.secret
To become this:
echo -n $pass | openssl bf -e -a -pass file:"$SPLUNK_HOME/etc/auth/splunk.secret"
The SPLUNK_HOME is an env variable set in Step 1 but as the path to Splunk contains a space (C:\Program files), the script is thrown for a loop and it won't work.
Step 3. (Download Cygwin)
I downloaded Cygwin (64-bit in my case) on the splunk server and ran in the install with normal options. Available here: https://cygwin.com/install.html
My installed ended up here: C:\cygwin64 The important directory later on is C:\cygwin64\bin
In my dos session, I had to modify my Path variable to contain C:\Cygwin64\bin
I used this command Set Path=%path%;C:\Cygwin64\bin
Step 4 (Run genpass.sh)
At this point, you should be good to run genpass.sh
I CD'd into C:\Program Files\Splunk\etc\apps\IMAPmailbox\bin
With cygwin64 now in my Path, I am able to call commands from it.
So in bin folder from above, I run genpass.sh with this
sh genpass.sh
The script ran great with no errors. Even the stty commands in the script ran as cygwin had it.
I only got normal output and didn't get any unexpected "junk"
Everytime I re-run it though I get a different hash. I don't know why that is and if it matters.
I have not been able to get the xpassword option working in the imap.conf file.
I'd love to hear feedback from anyone who manages to get it working.
Hey,
I'm testing the IMAP in a windows environment and i keep running into this error"main.LoginError: Could not log into server: imap.gmail.com with password provided". I'm using gmail here, can you please tell me in brief the steps you have done in configuring the imap mailbox.? Did you do anything in the python script apart from password encryption to make it work.?
There is instructions in the README file.
Generating encrypted passwords
It is recommeneded that your store
your IMAP user password and splunk
admin password encrypted in your
local/imap.conf file.
- To do so, make sure your password= and splunkpassword= are not used or blank.
- Run the genpass.sh script to generate your encrypted text.
- Put the encrypted password with the values xpassword= and splunkxpassword= in your local/imap.conf file.
Run the password generator
- Import the splunk ENV:
source $SPLUNK_HOME/bin/setSplunkEnv
- Run:
bin/genpass.sh
Though it is written in a bash script which is encrypting against the splunk.secret key.
It is running this command:
> echo -n $pass | openssl bf -e -a -pass file:$SPLUNK_HOME/etc/auth/splunk.secret
I'm not sure how you would do this on the Microsoft platform.
Thanxs for your reply.
I generated the encrypted password (ran the genpass.sh on a Linux machine just to try, as I didn't see the decryption step in that script and hoping Splunk would know what to do with it); didn't work of course, but I already found where it decrypts it: in the get_imap_email.py script it tries to use 'openssl bf -d -a -pass file:%s' (...)
.
Tried to use openssl for windows; from the command line it seems to work, but still can't make it work from the app. I guess I need to read more about subprocess
python method, as p = subprocess.Popen('openssl bf -d -a -pass file:%s' % (os.path.join(os.environ['SPLUNK_HOME'],'etc','auth', 'splunk.secret')), shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
is the line where it tries to do the decryption.
Things I've tried (and haven't worked):
%SPLUNK_HOME%
os.environ['SPLUNK_HOME']
with the path to my Splunk installationfile:%s' % (os.path.join(os.environ['SPLUNK_HOME'],'etc','auth', 'splunk.secret'))
with the entire /path/to/splunk.secretp = subprocess.Popen('echo ' + xpassword + ' | openssl bf -d -a -pass file ...)
as this was the way I was able to make it work on the command line.So I think at this point, somebody who knows python better than me, would be really helpful (y), any idea are very welcomed 😉