diff --git a/modules/email/mail-log-analyzer.sh b/modules/email/mail-log-analyzer.sh index 2d39a00..1fb5448 100755 --- a/modules/email/mail-log-analyzer.sh +++ b/modules/email/mail-log-analyzer.sh @@ -69,8 +69,9 @@ detect_blacklist_issues() { print_info "Scanning for blacklist rejections..." - # Common blacklist patterns in mail logs - grep -E "(blocked using|listed in|blacklisted|DNSBL|RBL)" "$log_file" 2>/dev/null > "$temp_file" + # Enhanced blacklist detection patterns (from email-diagnostics.sh) + # Includes explicit RBL keywords, provider-specific patterns, and error codes + grep -iE "blacklist|block list|RBL|DNSBL|listed in|blocked using|on our block list|S3150|S3140|AS\(48|CS01|local policy|gmail.*(suspicious|reputation|spam|detected).*reputation|gmail.*detected.*suspicious|spamhaus|barracuda|spamcop|sorbs|abuseat|yahoo.*block|yahoo.*reject|aol.*block|aol.*reject|me\.com.*reject|icloud.*reject|mac\.com.*reject|protonmail.*block|protonmail.*reject|pm\.me.*reject|zoho.*block|zoho.*reject|fastmail.*block|fastmail.*reject|outlook.*block|hotmail.*block|live\.com.*block|msn\.com.*block" "$log_file" 2>/dev/null > "$temp_file" if [ -s "$temp_file" ]; then local count=$(wc -l < "$temp_file") @@ -78,10 +79,40 @@ detect_blacklist_issues() { # Extract specific blacklists mentioned while IFS= read -r line; do - # Extract blacklist names - if [[ "$line" =~ (zen\.spamhaus\.org|bl\.spamcop\.net|dnsbl\.sorbs\.net|b\.barracudacentral\.org|uce) ]]; then - local bl_name="${BASH_REMATCH[1]}" - BLACKLISTED_IPS["$bl_name"]=$((${BLACKLISTED_IPS["$bl_name"]:-0} + 1)) + # Extract recognized blacklist/provider names + local detected=0 + + if [[ "$line" =~ [Ss]pam[Hh]aus ]]; then + BLACKLISTED_IPS["Spamhaus"]=$((${BLACKLISTED_IPS["Spamhaus"]:-0} + 1)) + detected=1 + fi + if [[ "$line" =~ [Ss]pam[Cc]op ]]; then + BLACKLISTED_IPS["SpamCop"]=$((${BLACKLISTED_IPS["SpamCop"]:-0} + 1)) + detected=1 + fi + if [[ "$line" =~ [Bb]arracuda ]]; then + BLACKLISTED_IPS["Barracuda"]=$((${BLACKLISTED_IPS["Barracuda"]:-0} + 1)) + detected=1 + fi + if [[ "$line" =~ [Gg]mail ]]; then + BLACKLISTED_IPS["Gmail"]=$((${BLACKLISTED_IPS["Gmail"]:-0} + 1)) + detected=1 + fi + if [[ "$line" =~ [Mm]icrosoft|[Oo]utlook|[Hh]otmail|[Ll]ive ]]; then + BLACKLISTED_IPS["Microsoft"]=$((${BLACKLISTED_IPS["Microsoft"]:-0} + 1)) + detected=1 + fi + if [[ "$line" =~ [Yy]ahoo|[Aa]ol ]]; then + BLACKLISTED_IPS["Yahoo/AOL"]=$((${BLACKLISTED_IPS["Yahoo/AOL"]:-0} + 1)) + detected=1 + fi + if [[ "$line" =~ [Ss]orbs ]]; then + BLACKLISTED_IPS["SORBS"]=$((${BLACKLISTED_IPS["SORBS"]:-0} + 1)) + detected=1 + fi + if [[ "$line" =~ [Aa]buseat|[Cc]bl ]]; then + BLACKLISTED_IPS["CBL"]=$((${BLACKLISTED_IPS["CBL"]:-0} + 1)) + detected=1 fi # Extract IPs being rejected @@ -91,7 +122,14 @@ detect_blacklist_issues() { fi done < "$temp_file" - RECOMMENDATIONS["blacklist"]="Check server IP reputation using blacklist checker tool. Found $count blacklist-related rejections." + # Build recommendations based on count + if [ "$count" -gt 100 ]; then + RECOMMENDATIONS["blacklist"]="CRITICAL: $count blacklist-related rejections found. Check server IP reputation immediately using 'blacklist-check' tool." + elif [ "$count" -gt 10 ]; then + RECOMMENDATIONS["blacklist"]="WARNING: $count blacklist-related rejections. Review using 'email-diagnostics' for detailed analysis." + else + RECOMMENDATIONS["blacklist"]="Found $count blacklist-related rejection(s). Use 'blacklist-check' to verify current listing status." + fi fi rm -f "$temp_file"