From d2e5d3f9408af380800df01fb21267bf5bde6ce0 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Wed, 31 Dec 2025 19:09:10 -0500
Subject: [PATCH] Fix email diagnostics to search multiple log files for
 comprehensive results

The script now searches:
- /var/log/exim_mainlog (Exim delivery logs)
- /var/log/maillog (Dovecot auth + delivery)
- /var/log/messages (fallback)

This fixes the issue where only auth logs were found but actual
email deliveries were missed because they were in different log files.
Now properly separates delivery events from authentication events
across all log sources.
---
 modules/email/email-diagnostics.sh | 32 +++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/modules/email/email-diagnostics.sh b/modules/email/email-diagnostics.sh
index 78f2092..423ef2b 100755
--- a/modules/email/email-diagnostics.sh
+++ b/modules/email/email-diagnostics.sh
@@ -90,16 +90,34 @@ fi
 
 TEMP_MATCHES="/tmp/email_diag_$$.txt"
 TEMP_AUTH="/tmp/email_auth_$$.txt"
+TEMP_ALL="/tmp/email_all_$$.txt"
 
-# Get ALL matches for this email/domain
-grep -i "$search_pattern" "$MAIL_LOG" > "$TEMP_MATCHES" 2>/dev/null
+# Search multiple log files for comprehensive results
+# Check Exim logs (email delivery)
+if [ -f "/var/log/exim_mainlog" ]; then
+    grep -i "$search_pattern" /var/log/exim_mainlog >> "$TEMP_ALL" 2>/dev/null || true
+fi
+
+# Check maillog (Dovecot auth + some delivery)
+if [ -f "/var/log/maillog" ]; then
+    grep -i "$search_pattern" /var/log/maillog >> "$TEMP_ALL" 2>/dev/null || true
+fi
+
+# Check messages log (fallback)
+if [ -f "/var/log/messages" ]; then
+    grep -i "$search_pattern" /var/log/messages >> "$TEMP_ALL" 2>/dev/null || true
+fi
+
+# If we found nothing, fall back to the detected mail log
+if [ ! -s "$TEMP_ALL" ]; then
+    grep -i "$search_pattern" "$MAIL_LOG" > "$TEMP_ALL" 2>/dev/null || true
+fi
 
 # Separate authentication events (IMAP/POP3 logins)
-grep -E "imap-login|pop3-login|dovecot.*Login|Logged in|Disconnected" "$TEMP_MATCHES" > "$TEMP_AUTH" 2>/dev/null || true
+grep -E "imap-login|pop3-login|dovecot.*Login|Logged in|Disconnected" "$TEMP_ALL" > "$TEMP_AUTH" 2>/dev/null || true
 
 # Get only email delivery events (exclude auth logs)
-grep -v "imap-login\|pop3-login\|dovecot.*Login\|Logged in\|Disconnected" "$TEMP_MATCHES" > "$TEMP_MATCHES.delivery" 2>/dev/null || true
-mv "$TEMP_MATCHES.delivery" "$TEMP_MATCHES"
+grep -v "imap-login\|pop3-login\|dovecot.*Login\|Logged in\|Disconnected" "$TEMP_ALL" > "$TEMP_MATCHES" 2>/dev/null || true
 
 if [ ! -s "$TEMP_MATCHES" ]; then
     print_error "NO EMAIL ACTIVITY FOUND for $check_label"
@@ -124,7 +142,7 @@ if [ ! -s "$TEMP_MATCHES" ]; then
         fi
     fi
 
-    rm -f "$TEMP_MATCHES"
+    rm -f "$TEMP_MATCHES" "$TEMP_AUTH" "$TEMP_ALL"
     exit 0
 fi
 
@@ -633,4 +651,4 @@ print_info "Full log saved to: $REPORT_FILE"
 echo ""
 
 # Cleanup
-rm -f "$TEMP_MATCHES" "$TEMP_AUTH"
+rm -f "$TEMP_MATCHES" "$TEMP_AUTH" "$TEMP_ALL"