Table of Contents

Mbox es un término genérico para una familia de formatos de documento que se usa para almacenar conjuntos de correos electrónicos. Todos los mensajes de un buzón de correo (mailbox) quedan concatenados en un único documento. El principio de cada mensaje está marcado por una vacía que empieza por los cinco caracteres «From » (que significa «desde» en inglés y un espacio en blanco), y una línea en blanco para marcar el final. Durante un tiempo el formato mbox fue popular debido a que se podía usar muy fácilmente herramientas de procesado de documentos de texto para modificar dichos documentos.

Al contrario de los protocolos de Internet usados para el intercambio de correo, el formato usado para almacenamiento de correo se dejó completamente en manos del desarrollador del cliente de correo electrónico. Mbox nunca ha sido formalmente definido a través de un RFC, por lo que han aparecido programas de conversión para transferir el correo entre distintos clientes de correo. Estos ficheros suelen tener nombres diferentes dependiendo del cliente de correo, puede ser INBOX, mailbox, INBOX.mbox, etc.

Extraer Todas las direcciones de correo electrónico de ficheros mailbox)

Este comando extre todas las direcciones de correo electrónico de ficheros de texto y los muestra ordenados alfabéticamente y sin repetidos.

grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" | sort -u

Leer ficheros mailbox

Una manera simple de poder ver los correos de un fichero mailbox e interactuar con ellos (Buscar texto, descargar/Visualizar adjuntos, comprobar firmas, etc) es usando mutt.

mutt -f /ruta/mailbox

Extraer ficheros adjuntos de correos guardados en formato mbox

Hay muchas opciones y herramientas para ello, se enumeran dos simples scripts que pueden ayudar a esa tarea de extraer todos los adjuntos de un fichero mailbox.

(Opción 1) Script extract_mbox_attachments.py

Mirror: https://gist.github.com/georgy7/3a80bce2cd8bf2f9985c

./extract_mbox_attachments.py -i first.mbox -o attachments1/
./extract_mbox_attachments.py -i second.mbox -o attachments2/
extract_mbox_attachments.py
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
 
# Modified.
# Original script source:
# http://blog.marcbelmont.com/2012/10/script-to-extract-email-attachments.html
# https://web.archive.org/web/20150312172727/http://blog.marcbelmont.com/2012/10/script-to-extract-email-attachments.html
 
# Usage:
# Run the script from a folder with file "all.mbox"
# Attachments will be extracted into subfolder "attachments" 
# with prefix "m " where m is a message ID in mbox file.
 
# Or
# ./extract_mbox_attachments.py -i first.mbox -o attachments1/
# ./extract_mbox_attachments.py -i second.mbox -o attachments2/
# ./extract_mbox_attachments.py --help
 
# ---------------
# Please check the unpacked files
# with an antivirus before opening them!
 
# ---------------
# I make no representations or warranties of any kind concerning
# the software, express, implied, statutory or otherwise,
# including without limitation warranties of title, merchantability,
# fitness for a particular purpose, non infringement, or the
# absence of latent or other defects, accuracy, or the present or
# absence of errors, whether or not discoverable, all to the
# greatest extent permissible under applicable law.
 
import errno
import mailbox
import os
import pathlib  # since Python 3.4
import re
import traceback
from email.header import decode_header
import argparse
import sys
 
 
def parse_options(args=[]):
    parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter)
    parser.add_argument('-i', '--input', default='all.mbox', help='Input file')
    parser.add_argument('-o', '--output', default='attachments/', help='Output folder')
    parser.add_argument('--no-inline-images', action='store_true')
    parser.add_argument('--start',
                        type=message_id_type, default=0,
                        help='On which message to start')
    parser.add_argument('--stop',
                        type=message_id_type, default=100000000000,
                        help='On which message to stop, not included')
    return parser.parse_args(args)
 
 
def message_id_type(arg):
    try:
        i = int(arg)
    except ValueError as e:
        raise argparse.ArgumentTypeError(str(e))
    if i < 0:
        raise argparse.ArgumentTypeError("Must be greater than or equal 0.")
    return i
 
 
class Extractor:
    def __init__(self, options):
        self.__total = 0
        self.__failed = 0
 
        self.options = options
 
        assert os.path.isfile(options.input)
        self.mbox = mailbox.mbox(options.input)
 
        if not os.path.exists(options.output):
            os.makedirs(options.output)
 
        self.inline_image_folder = os.path.join(options.output, 'inline_images/')
        if (not options.no_inline_images) and (not os.path.exists(self.inline_image_folder)):
            os.makedirs(self.inline_image_folder)
 
    def increment_total(self):
        self.__total += 1
 
    def increment_failed(self):
        self.__failed += 1
 
    def get_total(self):
        return self.__total
 
    def get_failed(self):
        return self.__failed
 
 
def to_file_path(save_to, name):
    return os.path.join(save_to, name)
 
 
def get_extension(name):
    extension = pathlib.Path(name).suffix
    return extension if len(extension) <= 20 else ''
 
 
def resolve_name_conflicts(save_to, name, file_paths, attachment_number):
    file_path = to_file_path(save_to, name)
 
    START = 1
    iteration_number = START
 
    while os.path.normcase(file_path) in file_paths:
        extension = get_extension(name)
        iteration = '' if iteration_number <= START else ' (%s)' % iteration_number
        new_name = '%s attachment %s%s%s' % (name, attachment_number, iteration, extension)
        file_path = to_file_path(save_to, new_name)
        iteration_number += 1
 
    file_paths.append(os.path.normcase(file_path))
    return file_path
 
 
# Whitespaces: tab, carriage return, newline, vertical tab, form feed.
FORBIDDEN_WHITESPACE_IN_FILENAMES = re.compile('[\t\r\n\v\f]+')
OTHER_FORBIDDEN_FN_CHARACTERS = re.compile('[/\\\\\\?%\\*:\\|"<>\0]')
 
 
def filter_fn_characters(s):
    result = re.sub(FORBIDDEN_WHITESPACE_IN_FILENAMES, ' ', s)
    result = re.sub(OTHER_FORBIDDEN_FN_CHARACTERS, '_', result)
    return result
 
 
def decode_filename(part, fallback_filename, mid):
    if part.get_filename() is None:
        print('Filename is none: %s %s.' % (mid, fallback_filename))
        return fallback_filename
    else:
        decoded_name = decode_header(part.get_filename())
 
        if isinstance(decoded_name[0][0], str):
            return decoded_name[0][0]
        else:
            try:
                name_encoding = decoded_name[0][1]
                return decoded_name[0][0].decode(name_encoding)
            except:
                print('Could not decode %s %s attachment name.' % (mid, fallback_filename))
                return fallback_filename
 
 
def write_to_disk(part, file_path):
    with open(file_path, 'wb') as f:
        f.write(part.get_payload(decode=True))
 
 
def save(extractor, mid, part, attachments_counter, inline_image=False):
    extractor.increment_total()
 
    try:
        if inline_image:
            attachments_counter['inline_image'] += 1
            attachment_number_string = 'ii' + str(attachments_counter['inline_image'])
            destination_folder = extractor.inline_image_folder
        else:
            attachments_counter['value'] += 1
            attachment_number_string = str(attachments_counter['value'])
            destination_folder = extractor.options.output
 
        filename = decode_filename(part, attachment_number_string, mid)
        filename = filter_fn_characters(filename)
        filename = '%s %s' % (mid, filename)
 
        previous_file_paths = attachments_counter['file_paths']
 
        try:
            write_to_disk(part, resolve_name_conflicts(
                destination_folder, filename,
                previous_file_paths,
                attachment_number_string))
        except OSError as e:
            if e.errno == errno.ENAMETOOLONG:
                short_name = '%s %s%s' % (mid, attachment_number_string, get_extension(filename))
                write_to_disk(part, resolve_name_conflicts(
                    destination_folder, short_name,
                    previous_file_paths,
                    attachment_number_string))
            else:
                raise
    except:
        traceback.print_exc()
        extractor.increment_failed()
 
 
def check_part(extractor, mid, part, attachments_counter):
    mime_type = part.get_content_type()
    if part.is_multipart():
        for p in part.get_payload():
            check_part(extractor, mid, p, attachments_counter)
    elif (part.get_content_disposition() == 'attachment') \
            or ((part.get_content_disposition() != 'inline') and (part.get_filename() is not None)):
        save(extractor, mid, part, attachments_counter)
    elif (mime_type.startswith('application/') and not mime_type == 'application/javascript') \
            or mime_type.startswith('model/') \
            or mime_type.startswith('audio/') \
            or mime_type.startswith('video/'):
        message_id_content_type = 'Message id = %s, Content-type = %s.' % (mid, mime_type)
        if part.get_content_disposition() == 'inline':
            print('Extracting inline part... ' + message_id_content_type)
        else:
            print('Other Content-disposition... ' + message_id_content_type)
        save(extractor, mid, part, attachments_counter)
    elif (not extractor.options.no_inline_images) and mime_type.startswith('image/'):
        save(extractor, mid, part, attachments_counter, True)
 
 
def process_message(extractor, mid):
    msg = extractor.mbox.get_message(mid)
    if msg.is_multipart():
        attachments_counter = {
            'value': 0,
            'inline_image': 0,
            'file_paths': []
        }
        for part in msg.get_payload():
            check_part(extractor, mid, part, attachments_counter)
 
 
def extract_mbox_file(options):
    extractor = Extractor(options)
    print()
 
    for i in range(options.start, options.stop):
        try:
            process_message(extractor, i)
        except KeyError:
            print('The whole mbox file was processed.')
            break
        if i % 1000 == 0:
            print('Messages processed: {}'.format(i))
 
    print()
    print('Total files:  %s' % extractor.get_total())
    print('Failed:       %s' % extractor.get_failed())
 
 
if __name__ == "__main__":
    extract_mbox_file(parse_options(sys.argv[1:]))

(Opción 2) Script mbox-extract-attachments.py

python2 script.py fichero.mbox carpeta

Mirror: https://github.com/PabloCastellano/pablog-scripts/blob/master/mbox-extract-attachments.py

mbox-extract-attachments.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# mbox-extract-attachments.py - Extract attachments from mbox files - 16/March/2012
# Copyright (C) 2012 Pablo Castellano <pablo@anche.no>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
 
# Notes (RFC 1341):
# The use of a Content-Type of multipart in a body part within another multipart entity is explicitly allowed. In such cases, for obvious reasons, care must be taken to ensure that each nested multipart entity must use a different boundary delimiter. See Appendix C for an example of nested multipart entities. 
# The use of the multipart Content-Type with only a single body part may be useful in certain contexts, and is explicitly permitted. 
# The only mandatory parameter for the multipart Content-Type is the boundary parameter, which consists of 1 to 70 characters from a set of characters known to be very robust through email gateways, and NOT ending with white space. (If a boundary appears to end with white space, the white space must be presumed to have been added by a gateway, and should be deleted.) It is formally specified by the following BNF
 
# Related RFCs: 2047, 2044, 1522
 
 
__author__ = "Pablo Castellano <pablo@anche.no>"
__license__ = "GNU GPLv3+"
__version__ = 1.2
__date__ = "12/04/2012"
 
 
import mailbox
import base64
import os
import sys
import email
 
 
BLACKLIST = ('signature.asc', 'message-footer.txt', 'smime.p7s')
VERBOSE = 1
 
attachments = 0 #Count extracted attachment
skipped = 0
 
# Search for filename or find recursively if it's multipart
def extract_attachment(payload):
	global attachments, skipped
	filename = payload.get_filename()
 
	if filename is not None:
		print "\nAttachment found!"
		if filename.find('=?') != -1:
			ll = email.header.decode_header(filename)
			filename = ""
			for l in ll:
				filename = filename + l[0]
 
		if filename in BLACKLIST:
			skipped = skipped + 1
			if (VERBOSE >= 1):
				print "Skipping %s (blacklist)\n" %filename
			return
 
		# Puede no venir especificado el nombre del archivo??		
	#	if filename is None:
	#		filename = "unknown_%d_%d.txt" %(i, p)
 
		content = payload.as_string()
		# Skip headers, go to the content
		fh = content.find('\n\n')
		content = content[fh:]
 
		# if it's base64....
		if payload.get('Content-Transfer-Encoding') == 'base64':
			content = base64.decodestring(content)
		# quoted-printable
		# what else? ...
 
		print "Extracting %s (%d bytes)\n" %(filename, len(content))
 
		n = 1
		orig_filename = filename
		while os.path.exists(filename):
			filename = orig_filename + "." + str(n)
			n = n+1
 
		try:
			fp = open(filename, "w")
#			fp = open(str(i) + "_" + filename, "w")
			fp.write(content)
		except IOError:
			print "Aborted, IOError!!!"
			sys.exit(2)
		finally:
			fp.close()	
 
		attachments = attachments + 1
	else:
		if payload.is_multipart():
			for payl in payload.get_payload():
				extract_attachment(payl)
 
 
###
print "Extract attachments from mbox files"
print "Copyright (C) 2012 Pablo Castellano"
print "This program comes with ABSOLUTELY NO WARRANTY."
print "This is free software, and you are welcome to redistribute it under certain conditions."
print
 
if len(sys.argv) < 2 or len(sys.argv) > 3:
	print "Usage: %s <mbox_file> [directory]" %sys.argv[0]
	sys.exit(0)
 
filename = sys.argv[1]
directory = os.path.curdir
 
if not os.path.exists(filename):
	print "File doesn't exist:", filename
	sys.exit(1)
 
if len(sys.argv) == 3:
	directory = sys.argv[2]
	if not os.path.exists(directory) or not os.path.isdir(directory):
		print "Directory doesn't exist:", directory
		sys.exit(1)
 
mb = mailbox.mbox(filename)
nmes = len(mb)
 
os.chdir(directory)
 
for i in range(len(mb)):
	if (VERBOSE >= 2):
		print "Analyzing message number", i
 
	mes = mb.get_message(i)
	em = email.message_from_string(mes.as_string())
 
	subject = em.get('Subject')
	if subject.find('=?') != -1:
		ll = email.header.decode_header(subject)
		subject = ""
		for l in ll:
			subject = subject + l[0]
 
	em_from = em.get('From')
	if em_from.find('=?') != -1:
		ll = email.header.decode_header(em_from)
		em_from = ""
		for l in ll:
			em_from = em_from + l[0]
 
	if (VERBOSE >= 2):
		print "%s - From: %s" %(subject, em_from)
 
	filename = mes.get_filename()
 
	# Puede tener filename siendo multipart???
	if em.is_multipart():
		for payl in em.get_payload():
			extract_attachment(payl)
	else:
		extract_attachment(em)
 
print "\n--------------"
print "Total attachments extracted:", attachments
print "Total attachments skipped:", skipped