Fix critical logic errors in email diagnostics scripts

CRITICAL FIXES (5 issues):
1. email-diagnostics.sh: Fix inverted sender/recipient extraction logic
   - Lines 292-303: Corrected pattern matching to properly extract recipients and senders
   - Removed inverted grep patterns that were looking for wrong log entry types

2. mail-log-analyzer.sh: Fix string comparison with percent sign
   - Line 1184-1186: Properly extract numeric value before '%' character
   - Use sed to isolate leading digits for numeric comparison

3. email-diagnostics.sh: Fix malformed grep syntax
   - Line 525-527: Corrected grep command structure with -e options
   - Changed to -iE with pipe patterns and proper file argument placement

4. mail-log-analyzer.sh: Fix overly broad domain bounce pattern
   - Line 749: Changed from "^.*${domain}" to "\b${domain}$"
   - Prevents false positives from substring domain matches

5. mail-log-analyzer.sh: Fix undefined TEMP_LOG variable
   - Line 860: Changed TEMP_LOG to MAIL_LOG (the actual global variable)
   - Added error handling with 2>/dev/null

HIGH SEVERITY FIXES (2 issues):
6. mail-log-analyzer.sh: Fix AWK uninitialized variable
   - Lines 1447-1456: Added BEGIN block to initialize print_line = 0
   - Prevents first log entries from being incorrectly filtered

7. mail-log-analyzer.sh: Fix overly permissive bounce detection pattern
   - Line 247: Changed from "(==|defer)" to more specific pattern
   - Prevents false positives from non-bounce defer messages

MODERATE FIXES (3 issues):
8. mail-queue-inspector.sh: Fix queue message count mismatch
   - Line 41: Changed head -40 to head -20 to match label

9. deliverability-test.sh: Fix fragile SMTP connection test
   - Lines 102-106: Added nc availability check and fallback to bash TCP
   - Proper variable quoting and error handling

10. blacklist-check.sh: Replace deprecated host command with dig
    - Line 52: Changed from host to dig +short for consistency and timeout control

All scripts pass syntax validation.
Impact: Logic errors fixed, no security issues introduced, all existing functionality preserved.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

modules/email/blacklist-check.sh

@@ -48,8 +48,8 @@ REVERSED_IP=$(echo $SERVER_IP | awk -F. '{print $4"."$3"."$2"."$1}')
 for entry in "${BLACKLISTS_DB[@]}"; do
     IFS='|' read -r rbl_host bl_name removal_url difficulty time_estimate <<< "$entry"
 
-    # Check if listed
-    if host "$REVERSED_IP.$rbl_host" &>/dev/null; then
+    # Check if listed (using dig with timeout for consistency)
+    if dig +short +timeout=2 "$REVERSED_IP.$rbl_host" A 2>/dev/null | grep -q .; then
         print_error "✗ LISTED on $bl_name [$difficulty - $time_estimate]"
         echo "  Removal: $removal_url"
         ((LISTED++))

modules/email/deliverability-test.sh

@@ -98,8 +98,22 @@ else
         server=$(echo "$server" | sed 's/\.$//')
         echo "    • Priority $priority: $server"
 
-        # Try to connect to SMTP
-        if timeout 3 bash -c "echo 'QUIT' | nc -w 1 $server 25" &>/dev/null; then
+        # Try to connect to SMTP using multiple methods
+        local smtp_ok=0
+
+        # Try nc first if available
+        if command -v nc &>/dev/null; then
+            if timeout 3 bash -c "echo 'QUIT' | nc -z -w 1 \"$server\" 25" &>/dev/null; then
+                smtp_ok=1
+            fi
+        fi
+
+        # Try timeout with bash TCP if nc not available
+        if [ $smtp_ok -eq 0 ] && timeout 3 bash -c "exec 3<>/dev/tcp/$server/25 && echo QUIT >&3 && cat <&3" &>/dev/null; then
+            smtp_ok=1
+        fi
+
+        if [ $smtp_ok -eq 1 ]; then
             print_success "      ✓ SMTP port 25 responds"
         else
             print_warning "      ⚠ SMTP port 25 not responding (may use port 587/465)"

modules/email/email-diagnostics.sh

@@ -286,20 +286,20 @@ if [ "$sent" -gt 0 ] || [ "$received" -gt 0 ]; then
     print_header "EMAIL TRAFFIC PATTERNS"
     echo ""
 
-    # Top recipients (who this email is sending to)
-    if [ "$sent" -gt 0 ]; then
-        print_info "Top 5 recipients (emails sent TO):"
-        grep -i "<= .*$search_pattern" "$TEMP_MATCHES" | grep -oE "=> [^@]+@[^ ]+" | sed 's/=> //' | sort | uniq -c | sort -rn | head -5 | while read count recipient; do
-            echo "  $recipient - $count emails"
+    # Top recipients (delivery recipients from emails in TEMP_MATCHES)
+    if [ "$sent" -gt 0 ] || [ "$delivered" -gt 0 ]; then
+        print_info "Top 5 recipients (emails delivered TO):"
+        grep -oE "=> [^@]+@[^ ]+" "$TEMP_MATCHES" | sed 's/=> //' | sort | uniq -c | sort -rn | head -5 | while read count recipient; do
+            [ -n "$count" ] && echo "  $recipient - $count emails"
         done
         echo ""
     fi
 
-    # Top senders (who is sending to this email)
-    if [ "$received" -gt 0 ]; then
-        print_info "Top 5 senders (emails received FROM):"
-        grep -i "=> .*$search_pattern" "$TEMP_MATCHES" | grep -oE "<= [^@]+@[^ ]+" | sed 's/<= //' | sort | uniq -c | sort -rn | head -5 | while read count sender; do
-            echo "  $sender - $count emails"
+    # Top senders (who is sending emails in TEMP_MATCHES)
+    if [ "$sent" -gt 0 ]; then
+        print_info "Top 5 senders (emails sent FROM):"
+        grep -oE "<= [^@]+@[^ ]+" "$TEMP_MATCHES" | sed 's/<= //' | sort | uniq -c | sort -rn | head -5 | while read count sender; do
+            [ -n "$count" ] && echo "  $sender - $count emails"
         done
         echo ""
     fi
@@ -522,7 +522,7 @@ if [ "$bounced" -gt 0 ]; then
     relay_denied=$(grep -ci "relay.*denied\|relay.*not.*permitted\|relaying denied\|554.*relay" "$TEMP_BOUNCES" 2>/dev/null || echo 0)
     relay_denied=$(echo "$relay_denied" | head -1 | tr -d '\n\r')
     # Only count actual blacklist/RBL rejections, exclude common false positives
-    blocked=$(grep -i "$TEMP_BOUNCES" -e "blacklist" -e "block list" -e "RBL" -e "DNSBL" -e "listed in" -e "blocked using" -e "on our block list" | \
+    blocked=$(grep -iE "blacklist|block list|RBL|DNSBL|listed in|blocked using|on our block list" -- "$TEMP_BOUNCES" 2>/dev/null | \
               grep -v "mailbox.*full\|quota.*exceeded\|authentication\|auth.*failed\|SPF.*fail\|DKIM.*fail\|user unknown\|does not exist\|relay.*denied\|content.*filter\|rejected due to content\|greylisted\|greylist" | \
               wc -l 2>/dev/null || echo 0)
     blocked=$(echo "$blocked" | head -1 | tr -d '\n\r')

modules/email/mail-log-analyzer.sh

@@ -243,8 +243,8 @@ analyze_bounces() {
 
     print_info "Analyzing bounce messages..."
 
-    # Extract bounces and deferrals
-    grep -E "(==|defer)" -- "$log_file" 2>/dev/null > "$temp_file"
+    # Extract bounces (==) and temporary deferrals (defer with reason codes)
+    grep -E "==|^[0-9].*defer[ed]*.*reason" -- "$log_file" 2>/dev/null > "$temp_file"
 
     if [ -s "$temp_file" ]; then
         # Categorize bounces
@@ -746,7 +746,8 @@ calculate_domain_success_rates() {
     if [ -f /tmp/top_recipient_domains.$$ ]; then
         while read count domain; do
             local delivered=$count
-            local bounced=$(grep -c "^.*${domain}" /tmp/domains_bounced.$$ 2>/dev/null || echo "0")
+            # Use word boundary to match exact domain, not substrings
+            local bounced=$(grep -c "\b${domain}$" /tmp/domains_bounced.$$ 2>/dev/null || echo "0")
             local total=$((delivered + bounced))
 
             if [ $total -gt 0 ]; then
@@ -856,7 +857,7 @@ display_issues() {
             echo "    Last seen:  $last_occurrence"
 
             # Check if recent (within last hour of log)
-            local log_end=$(tail -1 "$TEMP_LOG" | awk '{print $1, $2}')
+            local log_end=$(tail -1 "$MAIL_LOG" 2>/dev/null | awk '{print $1, $2}')
             if [ "$last_occurrence" == "$log_end" ] || [ -z "$last_occurrence" ]; then
                 echo -e "    ${RED}Status: STILL OCCURRING ⚠️${NC}"
             else
@@ -1181,8 +1182,9 @@ display_domain_analysis() {
         local shown=0
         while IFS='|' read rate domain stats; do
             # Only show if success rate < 80%
-            local rate_int=${rate%.*}
-            if [ "$rate_int" -lt 80 ]; then
+            # Remove percent sign and decimal portion, keep only integer part
+            local rate_int=$(echo "$rate" | sed 's/[^0-9].*//')
+            if [ -n "$rate_int" ] && [ "$rate_int" -lt 80 ]; then
                 if [ $shown -eq 0 ]; then
                     echo -e "${RED}${BOLD}⚠️  Domains with Low Delivery Success Rates (<80%):${NC}"
                     echo ""
@@ -1443,6 +1445,7 @@ main() {
         if [ -n "$CUTOFF_TIMESTAMP" ]; then
             # Filter by actual timestamps
             awk -v cutoff="$CUTOFF_TIMESTAMP" '
+                BEGIN { print_line = 0 }
                 /^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}/ {
                     timestamp = $1 " " $2
                     if (timestamp >= cutoff) {

modules/email/mail-queue-inspector.sh

@@ -38,7 +38,7 @@ if [ "$MTA" = "exim" ]; then
     # Show queue details if not empty
     if [ "$queue_count" -gt 0 ]; then
         print_header "Recent Queue Messages (last 20)"
-        exim -bp | head -40
+        exim -bp | head -20
         echo ""
 
         print_header "Frozen Messages"