#!/bin/bash

# Check for blocked IP

IP="$1"

if iptables -L -n |grep "${IP}" | grep -q DROP
then 
	csf -dr "${IP}" >/dev/null 2>&1
	csf -ta "${IP}" 604800 >/dev/null 2>&1
	SERVICE=$(grep "${IP}" /var/log/lfd.log | grep -o 'imapd\|smtpauth\|pop3d' | tail -1)

	if [[ "$SERVICE" == imapd ]] || [[ "$SERVICE" == pop3d ]]
	then
		echo '{"status":"blocked","logs":['
		grep "${IP}" /var/log/maillog \
		| grep 'auth failed' | tail -5 \
		| while read -r LOG
		do 
			LOGDATE=$(echo "$LOG" | grep 'auth failed' | awk '{print $1, $2, $3}')
			LOGEMAIL=$(echo "$LOG" | grep -Po '(?<=user=<).*(?=>)' | awk '{print $1}' | sed 's/>,//g')
			echo '{"date":"'"$LOGDATE"'","log":"'"$LOGEMAIL"'"},'
		done
		echo '{}]}'
	elif [[ "$SERVICE" == smtpauth ]]
	then
		echo '{"status":"blocked","logs":['
		grep "${IP}" /var/log/exim_mainlog \
		| grep 'Incorrect' | tail -5 \
		| while read -r LOG
		do 
			LOGDATE=$(echo "$LOG" | awk '{print $1, $2}')
			LOGEMAIL=$(echo "$LOG" | grep -o "(set_id=.*" | sed 's/(set_id=//g ; s/)//g')
			echo '{"date":"'"$LOGDATE"'","log":"'"$LOGEMAIL"'"},'
		done
		echo '{}]}'
	else
		echo '{"status":"blocked","logs":[{"date":"Unable to determine","log":"Unable to determine"}]}'
	fi
else
	echo '{"status":"unblocked","logs":""}'
fi