Mbox es un término genérico para una familia de formatos de documento que se usa para almacenar conjuntos de correos electrónicos. Todos los mensajes de un buzón de correo (mailbox) quedan concatenados en un único documento. El principio de cada mensaje está marcado por una vacía que empieza por los cinco caracteres «From » (que significa «desde» en inglés y un espacio en blanco), y una línea en blanco para marcar el final. Durante un tiempo el formato mbox fue popular debido a que se podía usar muy fácilmente herramientas de procesado de documentos de texto para modificar dichos documentos.
Al contrario de los protocolos de Internet usados para el intercambio de correo, el formato usado para almacenamiento de correo se dejó completamente en manos del desarrollador del cliente de correo electrónico. Mbox nunca ha sido formalmente definido a través de un RFC, por lo que han aparecido programas de conversión para transferir el correo entre distintos clientes de correo. Estos ficheros suelen tener nombres diferentes dependiendo del cliente de correo, puede ser INBOX, mailbox, INBOX.mbox, etc.
Este comando extre todas las direcciones de correo electrónico de ficheros de texto y los muestra ordenados alfabéticamente y sin repetidos.
grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" | sort -u
Una manera simple de poder ver los correos de un fichero mailbox e interactuar con ellos (Buscar texto, descargar/Visualizar adjuntos, comprobar firmas, etc) es usando mutt.
mutt -f /ruta/mailbox
Hay muchas opciones y herramientas para ello, se enumeran dos simples scripts que pueden ayudar a esa tarea de extraer todos los adjuntos de un fichero mailbox.
Mirror: https://gist.github.com/georgy7/3a80bce2cd8bf2f9985c
./extract_mbox_attachments.py -i first.mbox -o attachments1/ ./extract_mbox_attachments.py -i second.mbox -o attachments2/
#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Modified. # Original script source: # http://blog.marcbelmont.com/2012/10/script-to-extract-email-attachments.html # https://web.archive.org/web/20150312172727/http://blog.marcbelmont.com/2012/10/script-to-extract-email-attachments.html # Usage: # Run the script from a folder with file "all.mbox" # Attachments will be extracted into subfolder "attachments" # with prefix "m " where m is a message ID in mbox file. # Or # ./extract_mbox_attachments.py -i first.mbox -o attachments1/ # ./extract_mbox_attachments.py -i second.mbox -o attachments2/ # ./extract_mbox_attachments.py --help # --------------- # Please check the unpacked files # with an antivirus before opening them! # --------------- # I make no representations or warranties of any kind concerning # the software, express, implied, statutory or otherwise, # including without limitation warranties of title, merchantability, # fitness for a particular purpose, non infringement, or the # absence of latent or other defects, accuracy, or the present or # absence of errors, whether or not discoverable, all to the # greatest extent permissible under applicable law. import errno import mailbox import os import pathlib # since Python 3.4 import re import traceback from email.header import decode_header import argparse import sys def parse_options(args=[]): parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) parser.add_argument('-i', '--input', default='all.mbox', help='Input file') parser.add_argument('-o', '--output', default='attachments/', help='Output folder') parser.add_argument('--no-inline-images', action='store_true') parser.add_argument('--start', type=message_id_type, default=0, help='On which message to start') parser.add_argument('--stop', type=message_id_type, default=100000000000, help='On which message to stop, not included') return parser.parse_args(args) def message_id_type(arg): try: i = int(arg) except ValueError as e: raise argparse.ArgumentTypeError(str(e)) if i < 0: raise argparse.ArgumentTypeError("Must be greater than or equal 0.") return i class Extractor: def __init__(self, options): self.__total = 0 self.__failed = 0 self.options = options assert os.path.isfile(options.input) self.mbox = mailbox.mbox(options.input) if not os.path.exists(options.output): os.makedirs(options.output) self.inline_image_folder = os.path.join(options.output, 'inline_images/') if (not options.no_inline_images) and (not os.path.exists(self.inline_image_folder)): os.makedirs(self.inline_image_folder) def increment_total(self): self.__total += 1 def increment_failed(self): self.__failed += 1 def get_total(self): return self.__total def get_failed(self): return self.__failed def to_file_path(save_to, name): return os.path.join(save_to, name) def get_extension(name): extension = pathlib.Path(name).suffix return extension if len(extension) <= 20 else '' def resolve_name_conflicts(save_to, name, file_paths, attachment_number): file_path = to_file_path(save_to, name) START = 1 iteration_number = START while os.path.normcase(file_path) in file_paths: extension = get_extension(name) iteration = '' if iteration_number <= START else ' (%s)' % iteration_number new_name = '%s attachment %s%s%s' % (name, attachment_number, iteration, extension) file_path = to_file_path(save_to, new_name) iteration_number += 1 file_paths.append(os.path.normcase(file_path)) return file_path # Whitespaces: tab, carriage return, newline, vertical tab, form feed. FORBIDDEN_WHITESPACE_IN_FILENAMES = re.compile('[\t\r\n\v\f]+') OTHER_FORBIDDEN_FN_CHARACTERS = re.compile('[/\\\\\\?%\\*:\\|"<>\0]') def filter_fn_characters(s): result = re.sub(FORBIDDEN_WHITESPACE_IN_FILENAMES, ' ', s) result = re.sub(OTHER_FORBIDDEN_FN_CHARACTERS, '_', result) return result def decode_filename(part, fallback_filename, mid): if part.get_filename() is None: print('Filename is none: %s %s.' % (mid, fallback_filename)) return fallback_filename else: decoded_name = decode_header(part.get_filename()) if isinstance(decoded_name[0][0], str): return decoded_name[0][0] else: try: name_encoding = decoded_name[0][1] return decoded_name[0][0].decode(name_encoding) except: print('Could not decode %s %s attachment name.' % (mid, fallback_filename)) return fallback_filename def write_to_disk(part, file_path): with open(file_path, 'wb') as f: f.write(part.get_payload(decode=True)) def save(extractor, mid, part, attachments_counter, inline_image=False): extractor.increment_total() try: if inline_image: attachments_counter['inline_image'] += 1 attachment_number_string = 'ii' + str(attachments_counter['inline_image']) destination_folder = extractor.inline_image_folder else: attachments_counter['value'] += 1 attachment_number_string = str(attachments_counter['value']) destination_folder = extractor.options.output filename = decode_filename(part, attachment_number_string, mid) filename = filter_fn_characters(filename) filename = '%s %s' % (mid, filename) previous_file_paths = attachments_counter['file_paths'] try: write_to_disk(part, resolve_name_conflicts( destination_folder, filename, previous_file_paths, attachment_number_string)) except OSError as e: if e.errno == errno.ENAMETOOLONG: short_name = '%s %s%s' % (mid, attachment_number_string, get_extension(filename)) write_to_disk(part, resolve_name_conflicts( destination_folder, short_name, previous_file_paths, attachment_number_string)) else: raise except: traceback.print_exc() extractor.increment_failed() def check_part(extractor, mid, part, attachments_counter): mime_type = part.get_content_type() if part.is_multipart(): for p in part.get_payload(): check_part(extractor, mid, p, attachments_counter) elif (part.get_content_disposition() == 'attachment') \ or ((part.get_content_disposition() != 'inline') and (part.get_filename() is not None)): save(extractor, mid, part, attachments_counter) elif (mime_type.startswith('application/') and not mime_type == 'application/javascript') \ or mime_type.startswith('model/') \ or mime_type.startswith('audio/') \ or mime_type.startswith('video/'): message_id_content_type = 'Message id = %s, Content-type = %s.' % (mid, mime_type) if part.get_content_disposition() == 'inline': print('Extracting inline part... ' + message_id_content_type) else: print('Other Content-disposition... ' + message_id_content_type) save(extractor, mid, part, attachments_counter) elif (not extractor.options.no_inline_images) and mime_type.startswith('image/'): save(extractor, mid, part, attachments_counter, True) def process_message(extractor, mid): msg = extractor.mbox.get_message(mid) if msg.is_multipart(): attachments_counter = { 'value': 0, 'inline_image': 0, 'file_paths': [] } for part in msg.get_payload(): check_part(extractor, mid, part, attachments_counter) def extract_mbox_file(options): extractor = Extractor(options) print() for i in range(options.start, options.stop): try: process_message(extractor, i) except KeyError: print('The whole mbox file was processed.') break if i % 1000 == 0: print('Messages processed: {}'.format(i)) print() print('Total files: %s' % extractor.get_total()) print('Failed: %s' % extractor.get_failed()) if __name__ == "__main__": extract_mbox_file(parse_options(sys.argv[1:]))
python2 script.py fichero.mbox carpeta
Mirror: https://github.com/PabloCastellano/pablog-scripts/blob/master/mbox-extract-attachments.py
#!/usr/bin/env python # -*- coding: utf-8 -*- # mbox-extract-attachments.py - Extract attachments from mbox files - 16/March/2012 # Copyright (C) 2012 Pablo Castellano <pablo@anche.no> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # # Notes (RFC 1341): # The use of a Content-Type of multipart in a body part within another multipart entity is explicitly allowed. In such cases, for obvious reasons, care must be taken to ensure that each nested multipart entity must use a different boundary delimiter. See Appendix C for an example of nested multipart entities. # The use of the multipart Content-Type with only a single body part may be useful in certain contexts, and is explicitly permitted. # The only mandatory parameter for the multipart Content-Type is the boundary parameter, which consists of 1 to 70 characters from a set of characters known to be very robust through email gateways, and NOT ending with white space. (If a boundary appears to end with white space, the white space must be presumed to have been added by a gateway, and should be deleted.) It is formally specified by the following BNF # Related RFCs: 2047, 2044, 1522 __author__ = "Pablo Castellano <pablo@anche.no>" __license__ = "GNU GPLv3+" __version__ = 1.2 __date__ = "12/04/2012" import mailbox import base64 import os import sys import email BLACKLIST = ('signature.asc', 'message-footer.txt', 'smime.p7s') VERBOSE = 1 attachments = 0 #Count extracted attachment skipped = 0 # Search for filename or find recursively if it's multipart def extract_attachment(payload): global attachments, skipped filename = payload.get_filename() if filename is not None: print "\nAttachment found!" if filename.find('=?') != -1: ll = email.header.decode_header(filename) filename = "" for l in ll: filename = filename + l[0] if filename in BLACKLIST: skipped = skipped + 1 if (VERBOSE >= 1): print "Skipping %s (blacklist)\n" %filename return # Puede no venir especificado el nombre del archivo?? # if filename is None: # filename = "unknown_%d_%d.txt" %(i, p) content = payload.as_string() # Skip headers, go to the content fh = content.find('\n\n') content = content[fh:] # if it's base64.... if payload.get('Content-Transfer-Encoding') == 'base64': content = base64.decodestring(content) # quoted-printable # what else? ... print "Extracting %s (%d bytes)\n" %(filename, len(content)) n = 1 orig_filename = filename while os.path.exists(filename): filename = orig_filename + "." + str(n) n = n+1 try: fp = open(filename, "w") # fp = open(str(i) + "_" + filename, "w") fp.write(content) except IOError: print "Aborted, IOError!!!" sys.exit(2) finally: fp.close() attachments = attachments + 1 else: if payload.is_multipart(): for payl in payload.get_payload(): extract_attachment(payl) ### print "Extract attachments from mbox files" print "Copyright (C) 2012 Pablo Castellano" print "This program comes with ABSOLUTELY NO WARRANTY." print "This is free software, and you are welcome to redistribute it under certain conditions." print if len(sys.argv) < 2 or len(sys.argv) > 3: print "Usage: %s <mbox_file> [directory]" %sys.argv[0] sys.exit(0) filename = sys.argv[1] directory = os.path.curdir if not os.path.exists(filename): print "File doesn't exist:", filename sys.exit(1) if len(sys.argv) == 3: directory = sys.argv[2] if not os.path.exists(directory) or not os.path.isdir(directory): print "Directory doesn't exist:", directory sys.exit(1) mb = mailbox.mbox(filename) nmes = len(mb) os.chdir(directory) for i in range(len(mb)): if (VERBOSE >= 2): print "Analyzing message number", i mes = mb.get_message(i) em = email.message_from_string(mes.as_string()) subject = em.get('Subject') if subject.find('=?') != -1: ll = email.header.decode_header(subject) subject = "" for l in ll: subject = subject + l[0] em_from = em.get('From') if em_from.find('=?') != -1: ll = email.header.decode_header(em_from) em_from = "" for l in ll: em_from = em_from + l[0] if (VERBOSE >= 2): print "%s - From: %s" %(subject, em_from) filename = mes.get_filename() # Puede tener filename siendo multipart??? if em.is_multipart(): for payl in em.get_payload(): extract_attachment(payl) else: extract_attachment(em) print "\n--------------" print "Total attachments extracted:", attachments print "Total attachments skipped:", skipped