In order to report spam to Cert NZ and our upstream filter provider, I need to get copies of the mail messages with their original headers.
I used to do this with PowerShell, but the Exchange with Office 365 glue seems to be tearing apart with each change Microsoft make to their authentication systems. So here's a python script to pull it out via the Graph API instead:
The API endpoint that allows us to do this is currently in Beta, and thanks to the Microsoft team for implementing this!
To get started:
- Go to https://apps.dev.microsoft.com/#/appList (with a Global Admin account) and register a new Converged application. Converged apps are so hot right now.
- Grant it the Mail.ReadWrite.All and User.Read.All Application Permissions, and don't forget to grant consent for your whole org.
- Create a new secret. Keep it safe.
- Replace the
<app ID>with your tenant name and the Application Id from the registration
- Run it:
python download_eml.py "[email protected]" "totally not spam"