[rt-users] Automatted parsing of mails entering an RT queue

[Christopher Kunz]

Hi all,

we've been using RT for almost 15 years now with great success, but our
growing company needs a little more automation now. As we are a hosting
company /carrier, we frequently receive abuse reports and security
advisories (for example, automatted scans for UDP amplifiers by the
German national CERT). These enter our abuse queue.

I would like to parse these mails automatically, and write a parsing
toolkit for each different type of abuse mail (either by sender, or by
specific content signature, or something like that), in order to extract
the affected URIs / IP addresses from the mails and pass them on to an
abuse handling script for further action.

How would I do that? Are there any articles in the RT wiki that might be
a good starting point? Unfortunately, the "automating RT" page is more
about crontool than about the kind of automation I'm looking for.

Thanks a lot,

--ck