# 📬 Postfix Mail Summary Script A hardened, production-ready Bash script for analyzing Postfix mail logs with a **clean, readable output format**. Designed with **security, performance, and portability** in mind. --- ## 🚀 Features - 📊 **Clean, formatted output** (with optional colors) - 🔍 **Filter by**: - Sender (`--from`) - Recipient (`--to`) - Queue ID (`--id`) - Date (`--date`) - ⚡ **Optimized log reading** (avoids full log parsing when possible) - 🛡️ **Hardened against**: - Command injection - Regex/ReDoS attacks - Memory leaks - Log-based DoS - 🧠 **Smart parsing** of Postfix logs (including `NOQUEUE` rejects) - 🎯 **Portable** across Linux distributions --- ## 📦 Requirements - Bash (>= 4.x recommended) - Standard Linux utilities: - `awk` - `grep` - `sed` - `tail` - `find` - `zcat` --- ## ⚙️ Installation ```bash git clone https://git.robott.sk/robott/mail-status.git cd mail-status chmod +x mail-status.sh ▶️ Usage sudo ./mail-status.sh [OPTIONS] 📖 Options Option Description -h, --help Show help message -l, --list NUMBER Show last X records (default: 10, max: 1000) -f, --from Filter by sender (substring match) -t, --to Filter by recipient (substring match) -i, --id Filter by Queue ID -d, --date "MMM DD" Filter by date (e.g. "Mar 27") Search across all logs for a specific user: sudo ./mail-status.sh -f user@example.com -d "" Or search for a specific date: sudo ./mail-status.sh -f user@example.com -d "Mar 23" 📌 Examples Show last 10 records sudo ./mail-status.sh Show last 50 records sudo ./mail-status.sh -l 50 Filter by sender sudo ./mail-status.sh -f gmail.com Filter by recipient sudo ./mail-status.sh -t example.com Filter by Queue ID sudo ./mail-status.sh -i 3F2A12345 Filter by date sudo ./mail-status.sh -d "Mar 27" 🖥️ Output Example DATE-TIME ID CLIENT_IP SENDER RECIPIENT STATUS REASON Mar-27-12:00:01 3F2A12345 192.168.1.10 user@gmail.com admin@example.com sent [OK] Mar-27-12:01:05 NOQUEUE 45.12.34.56 spam@bad.com user@example.com REJECT [Policy] 🔐 Security Design This script is designed with security-first principles: ✅ Protected Against: Command injection AWK injection Regex-based DoS (ReDoS) Malicious filenames Memory exhaustion Log flooding 🔒 Key Techniques: Input length limiting Substring matching (index() instead of regex) Safe file handling (find -print0, arrays) Temporary file isolation (mktemp) Automatic cleanup (trap) No use of eval ⚡ Performance Optimizations Reads only last 50,000 lines by default Full log scan only when necessary (--date, --id) Avoids unnecessary process spawning Efficient AWK parsing with memory cleanup 🎨 Color Output Automatically enabled when running in a terminal Disabled when piping output (e.g., | less, | grep) ⚠️ Notes Must be run as root (required for log access) Works with standard Postfix logs: /var/log/maillog Rotated logs (maillog.*, .gz) 🛠️ Future Improvements (Optional) Real-time monitoring (tail -f) JSON export for SIEM tools (ELK, Splunk) Fail2ban integration (auto-block IPs) Spam pattern detection 📄 License MIT License 👨‍💻 Author robott GitHub: https://github.com/robott Powered by Gitea