SMTP Reader Input Adapter

Introduction

Note

This adapter uses the WinPcap libraries for Windows to tap into the IP packet stream. Before using this adapter with real-time data, you must install and configure these libraries on the system that will host the adapter.

Download and install the latest WinPcap MSI from http://www.winpcap.org. Use all the default settings for the installation. This adapter is not supported on macOS or Linux.

The TIBCO StreamBase® Input Adapter for IP/SMTP reads Internet Protocol packets, either from the IP stack of a running system or from an archived capture file, and emits a tuple for each e-mail message found in the TCP data stream. Dedicated tuple fields hold the source and destination addresses, the SMTP headers (From, To, Cc, Subject, and so on), and the body of the message. When reading IP traffic on a running system, a filter string can be configured to limit the IP traffic being read.

Properties

Property Description
Data Source Select Realtime Data or Capture File to read SMTP traffic from the IP stack of a running system or from an archived capture file, respectively.
Capture File Name The fully-qualified name of the capture file holding the IP packets to process. The capture file must be on a WinPcap-compatibile format. The property is ignored when Data Source is set to Realtime Data.
TCP Port Number The well-known TCP port number of SMTP server, which defaults to 25.
Capture Filter String A WinPcap-compatible filter string that can be used to limit the IP traffic being read.
Maximum Attachments The maximum number of attachment fields to place in the output schema.
Log Level Controls the level of verbosity the adapter uses to send notifications to the console. This setting can be higher than the containing application's log level. If set lower, the system log level is used. Available values, in increasing order of verbosity, are: OFF, ERROR, WARN, INFO, DEBUG, TRACE, and ALL.
Schema (schema) By default, the adapter generates the following output schema. The adapter-specified lengths of any of the string fields can be overridden through the adapter icon's Edit Schema tab.
  • Date (string): Data/time e-mail message was sent

  • SMTPClient (string): Name or IP address of the SMTP client

  • SMTPServer (string): Name or IP address of the SMTP server

  • From (string): Contents of the From SMTP header

  • Recipients (string): Comma-separated list of all the RCPT (recipient) values

  • To (string): Contents of the To SMTP header

  • CC (string): Contents of the CC SMTP header

  • Subject (string): Contents of the Subject SMTP header

  • Body (blob): Contents of the message body

  • Attachment1 (tuple): Contents of the first attachment

  • Attachment2 (tuple): Contents of the second attachment

  • Attachment3 (tuple): Contents of the third attachment

  • TruncatedFields (string): Comma-separated list of field names above that were truncated. For example, if the Subject field is set to 128, and an e-mail message with a longer subject is processed, the subject is truncated and this field includes the string Subject. Note that this field itself will be truncated if it is not large enough to hold all the field names that were truncated for a specific message.

Typechecking and Error Handling

Typechecking fails if the one or more of the required schema fields listed above is missing. Additional schema fields not listed about are ignored and set to Null in outgoing tuples.

A tuple is emitted only when a complete e-mail message is detected in the TCP stream. If one or more IP packets are missing such that the TCP stream cannot be reconstructed, no tuple will be emitted for the corresponding e-mail message.

Suspend/Resume Behavior

When suspended, the adapter stops processing IP packets. Note that doing so may cause the WinPcap libraries to discard IP packets, resulting in lost tuples when the adapter is eventually resumed.

Related Topics