diff --git a/modules/email/mail-log-analyzer.sh b/modules/email/mail-log-analyzer.sh index 5ead596..dfbfc15 100755 --- a/modules/email/mail-log-analyzer.sh +++ b/modules/email/mail-log-analyzer.sh @@ -750,7 +750,7 @@ calculate_domain_success_rates() { local bounced=$(grep -c "\b${domain}$" /tmp/domains_bounced.$$ 2>/dev/null || echo "0") local total=$((delivered + bounced)) - if [ $total -gt 0 ]; then + if [ "$total" -gt 0 ]; then local success_rate=$(( (delivered * 100) / total )) echo "$success_rate%|$domain|$delivered/$total" >> /tmp/domain_success_rates.$$ fi @@ -890,7 +890,7 @@ display_issues() { for account in "${!SPAM_ACCOUNTS[@]}"; do printf " - %-50s %d messages\n" "$account" "${SPAM_ACCOUNTS[$account]}" ((count++)) - [ $count -ge 10 ] && break + [ "$count" -ge 10 ] && break done echo "" echo -e " ${YELLOW}Action Required:${NC} ${RECOMMENDATIONS[spam_accounts]}" @@ -980,7 +980,7 @@ display_issues() { for ip in "${!HELO_VIOLATIONS[@]}"; do printf " - %-40s %d violations\n" "$ip" "${HELO_VIOLATIONS[$ip]}" ((count++)) - [ $count -ge 10 ] && break + [ "$count" -ge 10 ] && break done fi if [ -f "/tmp/suspicious_helos.$$" ]; then @@ -1029,7 +1029,7 @@ display_issues() { for ip in "${!CONNECTION_FLOODS[@]}"; do printf " - %-40s %d rapid connections\n" "$ip" "${CONNECTION_FLOODS[$ip]}" ((count++)) - [ $count -ge 10 ] && break + [ "$count" -ge 10 ] && break done echo "" echo -e " ${YELLOW}Action Required:${NC} ${RECOMMENDATIONS[connection_flooding]}" @@ -1045,7 +1045,7 @@ display_issues() { for ip in "${!AUTH_ATTACK_IPS[@]}"; do printf " - %-40s %d failed attempts\n" "$ip" "${AUTH_ATTACK_IPS[$ip]}" ((count++)) - [ $count -ge 10 ] && break + [ "$count" -ge 10 ] && break done echo "" echo -e " ${RED}${BOLD}Action Required:${NC} ${RECOMMENDATIONS[auth_attacks]}" @@ -1193,7 +1193,7 @@ display_domain_analysis() { shown=1 fi done < /tmp/domain_success_rates_sorted.$$ - [ $shown -eq 1 ] && echo "" + [ "$shown" -eq 1 ] && echo "" fi # Show domains with significant bounces (> 10) @@ -1210,10 +1210,10 @@ display_domain_analysis() { printf " %-40s %6d bounces\n" "$domain" "$num" shown=1 ((count++)) - [ $count -ge 5 ] && break + [ "$count" -ge 5 ] && break fi done < /tmp/top_bouncing_domains.$$ - [ $shown -eq 1 ] && echo "" + [ "$shown" -eq 1 ] && echo "" fi } @@ -1253,11 +1253,11 @@ display_user_analysis() { printf " %-45s %6d messages\n" "$email" "$num" shown=1 ((count++)) - [ $count -ge 10 ] && break + [ "$count" -ge 10 ] && break fi done < /tmp/top_senders.$$ - if [ $shown -eq 1 ]; then + if [ "$shown" -eq 1 ]; then echo "" echo -e "${YELLOW} Note: High volume may indicate compromised account or spam bot.${NC}" echo "" @@ -1304,7 +1304,7 @@ display_hourly_distribution() { while read count hour; do # Create simple bar chart local bar_length=$((count * 50 / max_vol)) - [ $bar_length -lt 1 ] && bar_length=1 + [ "$bar_length" -lt 1 ] && bar_length=1 local bar=$(printf '█%.0s' $(seq 1 $bar_length)) # Highlight suspicious hours (00-06) in red @@ -1346,7 +1346,7 @@ display_rejection_analysis() { if [ "$num" -gt 10 ]; then printf " %-50s %6d\n" "$reason" "$num" ((count++)) - [ $count -ge 5 ] && break + [ "$count" -ge 5 ] && break fi done < /tmp/rejection_summary.$$ echo ""