diff --git a/modules/email/email-diagnostics.sh b/modules/email/email-diagnostics.sh index 66a1d0c..71243c1 100755 --- a/modules/email/email-diagnostics.sh +++ b/modules/email/email-diagnostics.sh @@ -521,7 +521,10 @@ if [ "$bounced" -gt 0 ]; then mailbox_full=$(echo "$mailbox_full" | head -1 | tr -d '\n\r') relay_denied=$(grep -ci "relay.*denied\|relay.*not.*permitted\|relaying denied\|554.*relay" "$TEMP_BOUNCES" 2>/dev/null || echo 0) relay_denied=$(echo "$relay_denied" | head -1 | tr -d '\n\r') - blocked=$(grep -ci "blocked\|blacklist\|550.*spam\|554.*spam\|Policy rejection" "$TEMP_BOUNCES" 2>/dev/null || echo 0) + # Only count actual blacklist/RBL rejections, exclude common false positives + blocked=$(grep -i "$TEMP_BOUNCES" -e "blacklist" -e "block list" -e "RBL" -e "DNSBL" -e "listed in" -e "blocked using" -e "on our block list" | \ + grep -v "mailbox.*full\|quota.*exceeded\|authentication\|auth.*failed\|SPF.*fail\|DKIM.*fail\|user unknown\|does not exist\|relay.*denied\|content.*filter\|rejected due to content\|greylisted\|greylist" | \ + wc -l 2>/dev/null || echo 0) blocked=$(echo "$blocked" | head -1 | tr -d '\n\r') dns_failure=$(grep -ci "domain.*not.*found\|Host.*unknown\|Name.*not.*resolve\|MX.*not.*found" "$TEMP_BOUNCES" 2>/dev/null || echo 0) dns_failure=$(echo "$dns_failure" | head -1 | tr -d '\n\r') @@ -559,8 +562,104 @@ if [ "$bounced" -gt 0 ]; then if [ "$blocked" -gt 0 ]; then print_error " Blocked/Spam filtered: $blocked emails" echo " Reason: Sender IP or domain is blacklisted, or content flagged as spam" - echo " Solution: Check IP reputation, SPF/DKIM records" echo "" + + # Extract specific blacklists from rejection messages (strict filter to avoid false positives) + TEMP_BLACKLISTS="/tmp/email_blacklists_$$.txt" + grep -iE "blacklist|block list|RBL|DNSBL|listed in|blocked using|on our block list|S3150|S3140|AS\(48|CS01|local policy|gmail.*(suspicious|reputation|spam|detected).*reputation|gmail.*detected.*suspicious|spamhaus|barracuda|spamcop|sorbs|abuseat|yahoo.*block|yahoo.*reject|aol.*block|aol.*reject|me\.com.*reject|icloud.*reject|mac\.com.*reject|protonmail.*block|protonmail.*reject|pm\.me.*reject|zoho.*block|zoho.*reject|fastmail.*block|fastmail.*reject|outlook.*block|hotmail.*block|live\.com.*block|msn\.com.*block" "$TEMP_BOUNCES" > "$TEMP_BLACKLISTS" 2>/dev/null || true + + if [ -s "$TEMP_BLACKLISTS" ]; then + # Blacklist/Provider detection with real-world message patterns + # Format: "name|display_name|removal_url|detection_keywords" + blacklist_db=( + # Traditional RBLs + "spamhaus|Spamhaus (ZEN/SBL/XBL)|https://check.spamhaus.org/|spamhaus|sbl.spamhaus|zen.spamhaus|xbl.spamhaus|pbl.spamhaus" + "barracuda|Barracuda Central BRBL|https://www.barracudacentral.org/rbl/removal-request|barracuda" + "spamcop|SpamCop Blocking List|https://www.spamcop.net/bl.shtml|spamcop|bl.spamcop" + "sorbs|SORBS DNSBL|http://www.sorbs.net/lookup.shtml|sorbs|dnsbl.sorbs" + "cbl|CBL (Composite Block List)|https://cbl.abuseat.org/lookup.cgi|cbl.abuseat|abuseat" + "psbl|PSBL (Passive Spam Block List)|https://psbl.org/|psbl.surriel|psbl" + "uceprotect|UCEPROTECT Network|http://www.uceprotect.net/en/rblcheck.php|uceprotect" + "invaluement|Invaluement DNSBL|http://www.invaluement.com/removal/|invaluement" + "mailspike|Mailspike Blacklist|https://mailspike.net/anubis/lookup.html|mailspike" + "truncate|GBUdb (Truncate)|http://www.gbudb.com/|truncate.gbudb|gbudb" + "dnsrbl|DNSRBL.org|http://www.dnsrbl.org/|dnsrbl" + "backscatterer|Backscatterer.org|http://www.backscatterer.org/|backscatterer" + "dnswl|DNSWL (actually whitelist)|https://www.dnswl.org/|dnswl" + "mxtoolbox|MXToolbox Blacklist|https://mxtoolbox.com/blacklists.aspx|mxtoolbox" + + # Major Email Providers (not traditional RBLs but they block based on reputation) + "microsoft|Microsoft/Outlook/Hotmail/Live Block|https://sendersupport.olc.protection.outlook.com/snds/|outlook.*block|hotmail.*block|live\.com.*block|msn\.com.*block|protection\.outlook.*block|on our block list|S3150|S3140|AS\(48" + "gmail|Gmail Reputation Filter|https://support.google.com/mail/contact/bulk_send_new|gmail.*suspicious|gmail.*reputation|gmail.*spam|gmail.*blocked|gmail.*detected" + "apple|Apple iCloud/me.com/mac.com Block|https://support.apple.com/|local policy|icloud.*reject|me\.com.*reject|mac\.com.*reject|CS01" + "yahoo|Yahoo/AOL Mail Block|https://senders.yahooinc.com/contact|yahoo.*block|yahoo.*reject|aol.*block|aol.*reject|verizonmedia.*block" + "zoho|Zoho Mail Block|https://www.zoho.com/mail/help/|zoho.*reject|zoho.*block|zohomail.*reject" + "protonmail|ProtonMail Block|https://protonmail.com/support/|protonmail.*reject|protonmail.*block|pm\.me.*reject" + "fastmail|Fastmail Block|https://www.fastmail.help/|fastmail.*reject|fastmail.*block" + "att|AT&T/SBC Block List|https://www.att.com/support/|att\.net.*block|sbcglobal.*block" + "comcast|Comcast/Xfinity Block|http://postmaster.comcast.net/|comcast.*block|xfinity.*block" + "cox|Cox Communications Block|https://www.cox.com/residential/support.html|cox\.net.*block" + "verizon|Verizon/Frontier Block|https://www.verizon.com/support/|verizon.*block|frontier.*block" + "spectrum|Spectrum/Charter Block|https://www.spectrum.net/support|spectrum.*block|charter.*block|rr\.com.*block" + ) + + detected_blacklists="" + + # Check each blacklist pattern against rejection messages + for entry in "${blacklist_db[@]}"; do + IFS='|' read -r bl_id bl_name bl_url bl_patterns <<< "$entry" + + # Split patterns and check each one + matched=0 + IFS='|' read -ra PATTERNS <<< "$bl_patterns" + for pattern in "${PATTERNS[@]}"; do + if grep -qiE "$pattern" "$TEMP_BLACKLISTS" 2>/dev/null; then + matched=1 + break + fi + done + + if [ $matched -eq 1 ]; then + detected_blacklists="${detected_blacklists}${bl_name}|${bl_url}\n" + fi + done + + if [ -n "$detected_blacklists" ]; then + print_warning " ⚠ SPECIFIC BLACKLISTS/BLOCKS DETECTED:" + echo "" + echo -e "$detected_blacklists" | sort -u | while IFS='|' read -r bl_name bl_url; do + if [ -n "$bl_name" ]; then + print_error " • $bl_name" + echo " Removal/Info: $bl_url" + echo "" + fi + done + else + # Generic spam filter (not a specific blacklist) + echo " ℹ No specific blacklist detected in rejection message" + echo " May be content-based spam filtering or unlisted blacklist" + echo "" + fi + + # Show example rejection messages + print_info " 📋 EXAMPLE REJECTION MESSAGES:" + echo "" + head -3 "$TEMP_BLACKLISTS" | while read line; do + # Truncate very long lines + echo " $(echo "$line" | cut -c1-120)" + done + echo "" + fi + + echo " 🔧 RECOMMENDED ACTIONS:" + echo " 1. Check your server IP against the detected blacklists above" + echo " 2. Visit removal/delisting URLs to submit requests" + echo " 3. Verify SPF/DKIM/DMARC records are correctly configured" + echo " 4. Check if server has been compromised (sending spam)" + echo " 5. Review mail queue for suspicious outbound emails" + echo "" + + rm -f "$TEMP_BLACKLISTS" fi if [ "$dns_failure" -gt 0 ]; then