happyDomain/happyDeliver
2
0
Fork 0
Code Issues 6 Pull requests 7 Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: happyDomain:renovate/github.com-oapi-codegen-runtime-1.x
Branches Tags
happyDomain:master
happyDomain:renovate/lock-file-maintenance
happyDomain:renovate/github.com-oapi-codegen-runtime-1.x
happyDomain:renovate/github.com-oapi-codegen-oapi-codegen-v2-2.x
happyDomain:renovate/github.com-gin-gonic-gin-1.x
happyDomain:renovate/go-golang.org-x-net-vulnerability
happyDomain:renovate/npm-svelte-vulnerability
happyDomain:renovate/npm-sveltejs-kit-vulnerability
happyDomain:f/rspamd
happyDomain:f/unsubscribe-link-detection
happyDomain:renovate/major-eslint-monorepo
happyDomain:internal_resolver
happyDomain:renovate/eslint-plugin-svelte-3.x-lockfile
happyDomain:renovate/node-22.x-lockfile
happyDomain:renovate/eslint-compat-1.x-lockfile
happyDomain:renovate/major-vitest-monorepo
happyDomain:renovate/sveltejs-kit-2.x-lockfile
happyDomain:renovate/svelte-5.x-lockfile
happyDomain:v1.2.0
happyDomain:v1.1.1
happyDomain:v1.1.0
happyDomain:v1.0.0
...
pull from: happyDomain:master
Branches Tags
happyDomain:master
happyDomain:renovate/lock-file-maintenance
happyDomain:renovate/github.com-oapi-codegen-runtime-1.x
happyDomain:renovate/github.com-oapi-codegen-oapi-codegen-v2-2.x
happyDomain:renovate/github.com-gin-gonic-gin-1.x
happyDomain:renovate/go-golang.org-x-net-vulnerability
happyDomain:renovate/npm-svelte-vulnerability
happyDomain:renovate/npm-sveltejs-kit-vulnerability
happyDomain:f/rspamd
happyDomain:f/unsubscribe-link-detection
happyDomain:renovate/major-eslint-monorepo
happyDomain:internal_resolver
happyDomain:renovate/eslint-plugin-svelte-3.x-lockfile
happyDomain:renovate/node-22.x-lockfile
happyDomain:renovate/eslint-compat-1.x-lockfile
happyDomain:renovate/major-vitest-monorepo
happyDomain:renovate/sveltejs-kit-2.x-lockfile
happyDomain:renovate/svelte-5.x-lockfile
happyDomain:v1.2.0
happyDomain:v1.1.1
happyDomain:v1.1.0
happyDomain:v1.0.0
Sign in to create a new pull request.

11 commits
renovate/g ... master

Author SHA1 Message Date
Pierre-Olivier Mercier
8b6154c183 feat: add whitelist checks to IP blacklist endpoint and rename checks to blacklists
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-03-09 16:01:54 +07:00
Pierre-Olivier Mercier
56e6494a75 rbl: parallelize IP checks against blacklists using goroutines 2026-03-09 15:34:38 +07:00
Pierre-Olivier Mercier
0176c3803d docker: split ENV declarations for readability and remove default RBL list 2026-03-09 15:22:36 +07:00
Pierre-Olivier Mercier
21e16fd847 rbl: remove SpamRats entries from default RBL list 
Those RBLs requires an API key
 2026-03-09 14:08:34 +07:00
Pierre-Olivier Mercier
edfe498b27 Improve responsiveness 2026-03-09 14:08:34 +07:00
Pierre-Olivier Mercier
27650a3496 feat: add raw report display to rspamd card 
Add a collapsible Raw Report section to RspamdCard, storing the raw
X-Spamd-Result header value and displaying it like SpamAssassin's report.
 2026-03-09 14:08:34 +07:00
Pierre-Olivier Mercier
d9b9ea87c6 refactor: extract email path into standalone card component 
Move the received chain display out of BlacklistCard into EmailPathCard,
giving it its own card styling and placing it as a dedicated section on
the report page.
 2026-03-09 13:09:11 +07:00
Pierre-Olivier Mercier
bb47bb7c29 fix: handle nested brackets in rspamd symbol params 2026-03-09 12:52:15 +07:00
Pierre-Olivier Mercier
da93d6d706 Add rspamd tests 2026-03-09 12:47:24 +07:00
Pierre-Olivier Mercier
2a2bfe46a8 fix: various small fixes and improvements 
- Add 'skipped' to authentication result enum in OpenAPI spec
- Fix optional chaining on bimiResult.details check
- Add rbls field to AppConfig interface
- Restrict theme storage to valid 'light'/'dark' values only
- Fix null coalescing for blacklist result data
- Fix survey source to use domain instead of ip
 2026-03-09 12:46:30 +07:00
Pierre-Olivier Mercier
55e9bcd3d0 refactor: handle DNS whitelists 
Introduce a single DNSListChecker struct with flags to avoid code
duplication with already existing RBL checker.
 2026-03-09 12:46:16 +07:00
22 changed files with 774 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Dockerfile
View file

@ -170,7 +170,12 @@ RUN chmod +x /entrypoint.sh
EXPOSE 25 8080 EXPOSE 25 8080
# Default configuration # Default configuration
ENV HAPPYDELIVER_DATABASE_TYPE=sqlite HAPPYDELIVER_DATABASE_DSN=/var/lib/happydeliver/happydeliver.db HAPPYDELIVER_DOMAIN=happydeliver.local HAPPYDELIVER_ADDRESS_PREFIX=test- HAPPYDELIVER_DNS_TIMEOUT=5s HAPPYDELIVER_HTTP_TIMEOUT=10s HAPPYDELIVER_RBL=zen.spamhaus.org,bl.spamcop.net,b.barracudacentral.org,dnsbl.sorbs.net,dnsbl-1.uceprotect.net,bl.mailspike.net ENV HAPPYDELIVER_DATABASE_TYPE=sqlite \
HAPPYDELIVER_DATABASE_DSN=/var/lib/happydeliver/happydeliver.db \
HAPPYDELIVER_DOMAIN=happydeliver.local \
HAPPYDELIVER_ADDRESS_PREFIX=test- \
HAPPYDELIVER_DNS_TIMEOUT=5s \
HAPPYDELIVER_HTTP_TIMEOUT=10s
# Volume for persistent data # Volume for persistent data
VOLUME ["/var/lib/happydeliver", "/var/log/happydeliver"] VOLUME ["/var/lib/happydeliver", "/var/log/happydeliver"]

27
api/openapi.yaml
View file

@ -350,6 +350,19 @@ components:
listed: false listed: false
- rbl: "bl.spamcop.net" - rbl: "bl.spamcop.net"
listed: false listed: false
whitelists:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/BlacklistCheck'
description: Map of IP addresses to their DNS whitelist check results (informational only)
example:
"192.0.2.1":
- rbl: "list.dnswl.org"
listed: false
- rbl: "swl.spamhaus.org"
listed: false
content_analysis: content_analysis:
$ref: '#/components/schemas/ContentAnalysis' $ref: '#/components/schemas/ContentAnalysis'
header_analysis: header_analysis:
@ -776,7 +789,7 @@ components:
properties: properties:
result: result:
type: string type: string
enum: [pass, fail, invalid, missing, none, neutral, softfail, temperror, permerror, declined, domain_pass, orgdomain_pass] enum: [pass, fail, invalid, missing, none, neutral, softfail, temperror, permerror, declined, domain_pass, orgdomain_pass, skipped]
description: Authentication result description: Authentication result
example: "pass" example: "pass"
domain: domain:
@ -969,6 +982,9 @@ components:
name: "BAYES_HAM" name: "BAYES_HAM"
score: -1.9 score: -1.9
params: "0.02" params: "0.02"
report:
type: string
description: Full rspamd report (raw X-Spamd-Result header)
RspamdSymbol: RspamdSymbol:
type: object type: object
@ -1330,7 +1346,7 @@ components:
type: object type: object
required: required:
- ip - ip
- checks - blacklists
- listed_count - listed_count
- score - score
- grade - grade
@ -1339,7 +1355,7 @@ components:
type: string type: string
description: The IP address that was checked description: The IP address that was checked
example: "192.0.2.1" example: "192.0.2.1"
checks: blacklists:
type: array type: array
items: items:
$ref: '#/components/schemas/BlacklistCheck' $ref: '#/components/schemas/BlacklistCheck'
@ -1359,3 +1375,8 @@ components:
enum: [A+, A, B, C, D, E, F] enum: [A+, A, B, C, D, E, F]
description: Letter grade representation of the score description: Letter grade representation of the score
example: "A+" example: "A+"
whitelists:
type: array
items:
$ref: '#/components/schemas/BlacklistCheck'
description: List of DNS whitelist check results (informational only)

7
internal/api/handlers.go
View file

@ -41,7 +41,7 @@ import (
type EmailAnalyzer interface { type EmailAnalyzer interface {
AnalyzeEmailBytes(rawEmail []byte, testID uuid.UUID) (reportJSON []byte, err error) AnalyzeEmailBytes(rawEmail []byte, testID uuid.UUID) (reportJSON []byte, err error)
AnalyzeDomain(domain string) (dnsResults *DNSResults, score int, grade string) AnalyzeDomain(domain string) (dnsResults *DNSResults, score int, grade string)
CheckBlacklistIP(ip string) (checks []BlacklistCheck, listedCount int, score int, grade string, err error) CheckBlacklistIP(ip string) (checks []BlacklistCheck, whitelists []BlacklistCheck, listedCount int, score int, grade string, err error)
} }
// APIHandler implements the ServerInterface for handling API requests // APIHandler implements the ServerInterface for handling API requests
@ -359,7 +359,7 @@ func (h *APIHandler) CheckBlacklist(c *gin.Context) {
} }
// Perform blacklist check using analyzer // Perform blacklist check using analyzer
checks, listedCount, score, grade, err := h.analyzer.CheckBlacklistIP(request.Ip) checks, whitelists, listedCount, score, grade, err := h.analyzer.CheckBlacklistIP(request.Ip)
if err != nil { if err != nil {
c.JSON(http.StatusBadRequest, Error{ c.JSON(http.StatusBadRequest, Error{
Error: "invalid_ip", Error: "invalid_ip",
@ -372,7 +372,8 @@ func (h *APIHandler) CheckBlacklist(c *gin.Context) {
// Build response // Build response
response := BlacklistCheckResponse{ response := BlacklistCheckResponse{
Ip: request.Ip, Ip: request.Ip,
Checks: checks, Blacklists: checks,
Whitelists: &whitelists,
ListedCount: listedCount, ListedCount: listedCount,
Score: score, Score: score,
Grade: BlacklistCheckResponseGrade(grade), Grade: BlacklistCheckResponseGrade(grade),

2
internal/config/config.go
View file

@ -65,6 +65,7 @@ type AnalysisConfig struct {
DNSTimeout time.Duration DNSTimeout time.Duration
HTTPTimeout time.Duration HTTPTimeout time.Duration
RBLs []string RBLs []string
DNSWLs []string
CheckAllIPs bool // Check all IPs found in headers, not just the first one CheckAllIPs bool // Check all IPs found in headers, not just the first one
} }
@ -88,6 +89,7 @@ func DefaultConfig() *Config {
DNSTimeout: 5 * time.Second, DNSTimeout: 5 * time.Second,
HTTPTimeout: 10 * time.Second, HTTPTimeout: 10 * time.Second,
RBLs: []string{}, RBLs: []string{},
DNSWLs: []string{},
CheckAllIPs: false, // By default, only check the first IP CheckAllIPs: false, // By default, only check the first IP
}, },
} }

19
pkg/analyzer/analyzer.go
View file

@ -44,6 +44,7 @@ func NewEmailAnalyzer(cfg *config.Config) *EmailAnalyzer {
cfg.Analysis.DNSTimeout, cfg.Analysis.DNSTimeout,
cfg.Analysis.HTTPTimeout, cfg.Analysis.HTTPTimeout,
cfg.Analysis.RBLs, cfg.Analysis.RBLs,
cfg.Analysis.DNSWLs,
cfg.Analysis.CheckAllIPs, cfg.Analysis.CheckAllIPs,
) )
@ -120,22 +121,28 @@ func (a *APIAdapter) AnalyzeDomain(domain string) (*api.DNSResults, int, string)
return dnsResults, score, grade return dnsResults, score, grade
} }
// CheckBlacklistIP checks a single IP address against DNS blacklists // CheckBlacklistIP checks a single IP address against DNS blacklists and whitelists
func (a *APIAdapter) CheckBlacklistIP(ip string) ([]api.BlacklistCheck, int, int, string, error) { func (a *APIAdapter) CheckBlacklistIP(ip string) ([]api.BlacklistCheck, []api.BlacklistCheck, int, int, string, error) {
// Check the IP against all configured RBLs // Check the IP against all configured RBLs
checks, listedCount, err := a.analyzer.generator.rblChecker.CheckIP(ip) checks, listedCount, err := a.analyzer.generator.rblChecker.CheckIP(ip)
if err != nil { if err != nil {
return nil, 0, 0, "", err return nil, nil, 0, 0, "", err
} }
// Calculate score using the existing function // Calculate score using the existing function
// Create a minimal RBLResults structure for scoring // Create a minimal RBLResults structure for scoring
results := &RBLResults{ results := &DNSListResults{
Checks: map[string][]api.BlacklistCheck{ip: checks}, Checks: map[string][]api.BlacklistCheck{ip: checks},
IPsChecked: []string{ip}, IPsChecked: []string{ip},
ListedCount: listedCount, ListedCount: listedCount,
} }
score, grade := a.analyzer.generator.rblChecker.CalculateRBLScore(results) score, grade := a.analyzer.generator.rblChecker.CalculateScore(results)
return checks, listedCount, score, grade, nil // Check the IP against all configured DNSWLs (informational only)
whitelists, _, err := a.analyzer.generator.dnswlChecker.CheckIP(ip)
if err != nil {
whitelists = nil
}
return checks, whitelists, listedCount, score, grade, nil
} }

182
pkg/analyzer/rbl.go
View file

@ -27,18 +27,21 @@ import (
"net" "net"
"regexp" "regexp"
"strings" "strings"
"sync"
"time" "time"
"git.happydns.org/happyDeliver/internal/api" "git.happydns.org/happyDeliver/internal/api"
) )
// RBLChecker checks IP addresses against DNS-based blacklists // DNSListChecker checks IP addresses against DNS-based block/allow lists.
type RBLChecker struct { // It handles both RBL (blacklist) and DNSWL (whitelist) semantics via flags.
type DNSListChecker struct {
Timeout time.Duration Timeout time.Duration
RBLs []string Lists []string
CheckAllIPs bool // Check all IPs found in headers, not just the first one CheckAllIPs bool // Check all IPs found in headers, not just the first one
filterErrorCodes bool // When true (RBL mode), treat 127.255.255.253/254/255 as operational errors
resolver *net.Resolver resolver *net.Resolver
informationalSet map[string]bool informationalSet map[string]bool // Lists whose hits don't count toward the score
} }
// DefaultRBLs is a list of commonly used RBL providers // DefaultRBLs is a list of commonly used RBL providers
@ -51,8 +54,6 @@ var DefaultRBLs = []string{
"dnsbl-1.uceprotect.net", // UCEPROTECT Level 1 "dnsbl-1.uceprotect.net", // UCEPROTECT Level 1
"dnsbl-2.uceprotect.net", // UCEPROTECT Level 2 (informational) "dnsbl-2.uceprotect.net", // UCEPROTECT Level 2 (informational)
"dnsbl-3.uceprotect.net", // UCEPROTECT Level 3 (informational) "dnsbl-3.uceprotect.net", // UCEPROTECT Level 3 (informational)
"spam.spamrats.com", // SpamRats SPAM
"dyna.spamrats.com", // SpamRats dynamic IPs
"psbl.surriel.com", // PSBL "psbl.surriel.com", // PSBL
"dnsbl.dronebl.org", // DroneBL "dnsbl.dronebl.org", // DroneBL
"bl.mailspike.net", // Mailspike BL "bl.mailspike.net", // Mailspike BL
@ -68,10 +69,16 @@ var DefaultInformationalRBLs = []string{
"dnsbl-3.uceprotect.net", // UCEPROTECT Level 3: entire ASes, too broad for scoring "dnsbl-3.uceprotect.net", // UCEPROTECT Level 3: entire ASes, too broad for scoring
} }
// DefaultDNSWLs is a list of commonly used DNSWL providers
var DefaultDNSWLs = []string{
"list.dnswl.org", // DNSWL.org — the main DNS whitelist
"swl.spamhaus.org", // Spamhaus Safe Whitelist
}
// NewRBLChecker creates a new RBL checker with configurable timeout and RBL list // NewRBLChecker creates a new RBL checker with configurable timeout and RBL list
func NewRBLChecker(timeout time.Duration, rbls []string, checkAllIPs bool) *RBLChecker { func NewRBLChecker(timeout time.Duration, rbls []string, checkAllIPs bool) *DNSListChecker {
if timeout == 0 { if timeout == 0 {
timeout = 5 * time.Second // Default timeout timeout = 5 * time.Second
} }
if len(rbls) == 0 { if len(rbls) == 0 {
rbls = DefaultRBLs rbls = DefaultRBLs
@ -80,30 +87,48 @@ func NewRBLChecker(timeout time.Duration, rbls []string, checkAllIPs bool) *RBLC
for _, rbl := range DefaultInformationalRBLs { for _, rbl := range DefaultInformationalRBLs {
informationalSet[rbl] = true informationalSet[rbl] = true
} }
return &RBLChecker{ return &DNSListChecker{
Timeout: timeout, Timeout: timeout,
RBLs: rbls, Lists: rbls,
CheckAllIPs: checkAllIPs, CheckAllIPs: checkAllIPs,
filterErrorCodes: true,
resolver: &net.Resolver{PreferGo: true}, resolver: &net.Resolver{PreferGo: true},
informationalSet: informationalSet, informationalSet: informationalSet,
} }
} }
// RBLResults represents the results of RBL checks // NewDNSWLChecker creates a new DNSWL checker with configurable timeout and DNSWL list
type RBLResults struct { func NewDNSWLChecker(timeout time.Duration, dnswls []string, checkAllIPs bool) *DNSListChecker {
Checks map[string][]api.BlacklistCheck // Map of IP -> list of RBL checks for that IP if timeout == 0 {
IPsChecked []string timeout = 5 * time.Second
ListedCount int // Total listings including informational RBLs }
RelevantListedCount int // Listings on scoring (non-informational) RBLs only if len(dnswls) == 0 {
dnswls = DefaultDNSWLs
}
return &DNSListChecker{
Timeout: timeout,
Lists: dnswls,
CheckAllIPs: checkAllIPs,
filterErrorCodes: false,
resolver: &net.Resolver{PreferGo: true},
informationalSet: make(map[string]bool),
}
} }
// CheckEmail checks all IPs found in the email headers against RBLs // DNSListResults represents the results of DNS list checks
func (r *RBLChecker) CheckEmail(email *EmailMessage) *RBLResults { type DNSListResults struct {
results := &RBLResults{ Checks map[string][]api.BlacklistCheck // Map of IP -> list of checks for that IP
IPsChecked []string
ListedCount int // Total listings including informational entries
RelevantListedCount int // Listings on scoring (non-informational) lists only
}
// CheckEmail checks all IPs found in the email headers against the configured lists
func (r *DNSListChecker) CheckEmail(email *EmailMessage) *DNSListResults {
results := &DNSListResults{
Checks: make(map[string][]api.BlacklistCheck), Checks: make(map[string][]api.BlacklistCheck),
} }
// Extract IPs from Received headers
ips := r.extractIPs(email) ips := r.extractIPs(email)
if len(ips) == 0 { if len(ips) == 0 {
return results return results
@ -111,20 +136,18 @@ func (r *RBLChecker) CheckEmail(email *EmailMessage) *RBLResults {
results.IPsChecked = ips results.IPsChecked = ips
// Check each IP against all RBLs
for _, ip := range ips { for _, ip := range ips {
for _, rbl := range r.RBLs { for _, list := range r.Lists {
check := r.checkIP(ip, rbl) check := r.checkIP(ip, list)
results.Checks[ip] = append(results.Checks[ip], check) results.Checks[ip] = append(results.Checks[ip], check)
if check.Listed { if check.Listed {
results.ListedCount++ results.ListedCount++
if !r.informationalSet[rbl] { if !r.informationalSet[list] {
results.RelevantListedCount++ results.RelevantListedCount++
} }
} }
} }
// Only check the first IP unless CheckAllIPs is enabled
if !r.CheckAllIPs { if !r.CheckAllIPs {
break break
} }
@ -133,20 +156,26 @@ func (r *RBLChecker) CheckEmail(email *EmailMessage) *RBLResults {
return results return results
} }
// CheckIP checks a single IP address against all configured RBLs // CheckIP checks a single IP address against all configured lists in parallel
func (r *RBLChecker) CheckIP(ip string) ([]api.BlacklistCheck, int, error) { func (r *DNSListChecker) CheckIP(ip string) ([]api.BlacklistCheck, int, error) {
// Validate that it's a valid IP address
if !r.isPublicIP(ip) { if !r.isPublicIP(ip) {
return nil, 0, fmt.Errorf("invalid or non-public IP address: %s", ip) return nil, 0, fmt.Errorf("invalid or non-public IP address: %s", ip)
} }
var checks []api.BlacklistCheck checks := make([]api.BlacklistCheck, len(r.Lists))
listedCount := 0 var wg sync.WaitGroup
// Check the IP against all RBLs for i, list := range r.Lists {
for _, rbl := range r.RBLs { wg.Add(1)
check := r.checkIP(ip, rbl) go func(i int, list string) {
checks = append(checks, check) defer wg.Done()
checks[i] = r.checkIP(ip, list)
}(i, list)
}
wg.Wait()
listedCount := 0
for _, check := range checks {
if check.Listed { if check.Listed {
listedCount++ listedCount++
} }
@ -156,27 +185,19 @@ func (r *RBLChecker) CheckIP(ip string) ([]api.BlacklistCheck, int, error) {
} }
// extractIPs extracts IP addresses from Received headers // extractIPs extracts IP addresses from Received headers
func (r *RBLChecker) extractIPs(email *EmailMessage) []string { func (r *DNSListChecker) extractIPs(email *EmailMessage) []string {
var ips []string var ips []string
seenIPs := make(map[string]bool) seenIPs := make(map[string]bool)
// Get all Received headers
receivedHeaders := email.Header["Received"] receivedHeaders := email.Header["Received"]
// Regex patterns for IP addresses
// Match IPv4: xxx.xxx.xxx.xxx
ipv4Pattern := regexp.MustCompile(`\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b`) ipv4Pattern := regexp.MustCompile(`\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b`)
// Look for IPs in Received headers
for _, received := range receivedHeaders { for _, received := range receivedHeaders {
// Find all IPv4 addresses
matches := ipv4Pattern.FindAllString(received, -1) matches := ipv4Pattern.FindAllString(received, -1)
for _, match := range matches { for _, match := range matches {
// Skip private/reserved IPs
if !r.isPublicIP(match) { if !r.isPublicIP(match) {
continue continue
} }
// Avoid duplicates
if !seenIPs[match] { if !seenIPs[match] {
ips = append(ips, match) ips = append(ips, match)
seenIPs[match] = true seenIPs[match] = true
@ -184,13 +205,10 @@ func (r *RBLChecker) extractIPs(email *EmailMessage) []string {
} }
} }
// If no IPs found in Received headers, try X-Originating-IP
if len(ips) == 0 { if len(ips) == 0 {
originatingIP := email.Header.Get("X-Originating-IP") originatingIP := email.Header.Get("X-Originating-IP")
if originatingIP != "" { if originatingIP != "" {
// Extract IP from formats like "[192.0.2.1]" or "192.0.2.1"
cleanIP := strings.TrimSuffix(strings.TrimPrefix(originatingIP, "["), "]") cleanIP := strings.TrimSuffix(strings.TrimPrefix(originatingIP, "["), "]")
// Remove any whitespace
cleanIP = strings.TrimSpace(cleanIP) cleanIP = strings.TrimSpace(cleanIP)
matches := ipv4Pattern.FindString(cleanIP) matches := ipv4Pattern.FindString(cleanIP)
if matches != "" && r.isPublicIP(matches) { if matches != "" && r.isPublicIP(matches) {
@ -203,19 +221,16 @@ func (r *RBLChecker) extractIPs(email *EmailMessage) []string {
} }
// isPublicIP checks if an IP address is public (not private, loopback, or reserved) // isPublicIP checks if an IP address is public (not private, loopback, or reserved)
func (r *RBLChecker) isPublicIP(ipStr string) bool { func (r *DNSListChecker) isPublicIP(ipStr string) bool {
ip := net.ParseIP(ipStr) ip := net.ParseIP(ipStr)
if ip == nil { if ip == nil {
return false return false
} }
// Check if it's a private network
if ip.IsPrivate() || ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() { if ip.IsPrivate() || ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
return false return false
} }
// Additional checks for reserved ranges
// 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2), 203.0.113.0/24 (TEST-NET-3)
if ip.IsUnspecified() { if ip.IsUnspecified() {
return false return false
} }
@ -223,51 +238,43 @@ func (r *RBLChecker) isPublicIP(ipStr string) bool {
return true return true
} }
// checkIP checks a single IP against a single RBL // checkIP checks a single IP against a single DNS list
func (r *RBLChecker) checkIP(ip, rbl string) api.BlacklistCheck { func (r *DNSListChecker) checkIP(ip, list string) api.BlacklistCheck {
check := api.BlacklistCheck{ check := api.BlacklistCheck{
Rbl: rbl, Rbl: list,
} }
// Reverse the IP for DNSBL query
reversedIP := r.reverseIP(ip) reversedIP := r.reverseIP(ip)
if reversedIP == "" { if reversedIP == "" {
check.Error = api.PtrTo("Failed to reverse IP address") check.Error = api.PtrTo("Failed to reverse IP address")
return check return check
} }
// Construct DNSBL query: reversed-ip.rbl-domain query := fmt.Sprintf("%s.%s", reversedIP, list)
query := fmt.Sprintf("%s.%s", reversedIP, rbl)
// Perform DNS lookup with timeout
ctx, cancel := context.WithTimeout(context.Background(), r.Timeout) ctx, cancel := context.WithTimeout(context.Background(), r.Timeout)
defer cancel() defer cancel()
addrs, err := r.resolver.LookupHost(ctx, query) addrs, err := r.resolver.LookupHost(ctx, query)
if err != nil { if err != nil {
// Most likely not listed (NXDOMAIN)
if dnsErr, ok := err.(*net.DNSError); ok { if dnsErr, ok := err.(*net.DNSError); ok {
if dnsErr.IsNotFound { if dnsErr.IsNotFound {
check.Listed = false check.Listed = false
return check return check
} }
} }
// Other DNS errors
check.Error = api.PtrTo(fmt.Sprintf("DNS lookup failed: %v", err)) check.Error = api.PtrTo(fmt.Sprintf("DNS lookup failed: %v", err))
return check return check
} }
// If we got a response, check the return code
if len(addrs) > 0 { if len(addrs) > 0 {
check.Response = api.PtrTo(addrs[0]) // Return code (e.g., 127.0.0.2) check.Response = api.PtrTo(addrs[0])
// Check for RBL error codes: 127.255.255.253, 127.255.255.254, 127.255.255.255 // In RBL mode, 127.255.255.253/254/255 indicate operational errors, not real listings.
// These indicate RBL operational issues, not actual listings if r.filterErrorCodes && (addrs[0] == "127.255.255.253" || addrs[0] == "127.255.255.254" || addrs[0] == "127.255.255.255") {
if addrs[0] == "127.255.255.253" || addrs[0] == "127.255.255.254" || addrs[0] == "127.255.255.255" {
check.Listed = false check.Listed = false
check.Error = api.PtrTo(fmt.Sprintf("RBL %s returned error code %s (RBL operational issue)", rbl, addrs[0])) check.Error = api.PtrTo(fmt.Sprintf("RBL %s returned error code %s (RBL operational issue)", list, addrs[0]))
} else { } else {
// Normal listing response
check.Listed = true check.Listed = true
} }
} }
@ -275,50 +282,47 @@ func (r *RBLChecker) checkIP(ip, rbl string) api.BlacklistCheck {
return check return check
} }
// reverseIP reverses an IPv4 address for DNSBL queries // reverseIP reverses an IPv4 address for DNSBL/DNSWL queries
// Example: 192.0.2.1 -> 1.2.0.192 // Example: 192.0.2.1 -> 1.2.0.192
func (r *RBLChecker) reverseIP(ipStr string) string { func (r *DNSListChecker) reverseIP(ipStr string) string {
ip := net.ParseIP(ipStr) ip := net.ParseIP(ipStr)
if ip == nil { if ip == nil {
return "" return ""
} }
// Convert to IPv4
ipv4 := ip.To4() ipv4 := ip.To4()
if ipv4 == nil { if ipv4 == nil {
return "" // IPv6 not supported yet return "" // IPv6 not supported yet
} }
// Reverse the octets
return fmt.Sprintf("%d.%d.%d.%d", ipv4[3], ipv4[2], ipv4[1], ipv4[0]) return fmt.Sprintf("%d.%d.%d.%d", ipv4[3], ipv4[2], ipv4[1], ipv4[0])
} }
// CalculateRBLScore calculates the blacklist contribution to deliverability. // CalculateScore calculates the list contribution to deliverability.
// Informational RBLs are not counted in the score. // Informational lists are not counted in the score.
func (r *RBLChecker) CalculateRBLScore(results *RBLResults) (int, string) { func (r *DNSListChecker) CalculateScore(results *DNSListResults) (int, string) {
if results == nil || len(results.IPsChecked) == 0 { if results == nil || len(results.IPsChecked) == 0 {
// No IPs to check, give benefit of doubt
return 100, "" return 100, ""
} }
scoringRBLCount := len(r.RBLs) - len(r.informationalSet) scoringListCount := len(r.Lists) - len(r.informationalSet)
if scoringRBLCount <= 0 { if scoringListCount <= 0 {
return 100, "A+" return 100, "A+"
} }
percentage := 100 - results.RelevantListedCount*100/scoringRBLCount percentage := 100 - results.RelevantListedCount*100/scoringListCount
return percentage, ScoreToGrade(percentage) return percentage, ScoreToGrade(percentage)
} }
// GetUniqueListedIPs returns a list of unique IPs that are listed on at least one RBL // GetUniqueListedIPs returns a list of unique IPs that are listed on at least one entry
func (r *RBLChecker) GetUniqueListedIPs(results *RBLResults) []string { func (r *DNSListChecker) GetUniqueListedIPs(results *DNSListResults) []string {
var listedIPs []string var listedIPs []string
for ip, rblChecks := range results.Checks { for ip, checks := range results.Checks {
for _, check := range rblChecks { for _, check := range checks {
if check.Listed { if check.Listed {
listedIPs = append(listedIPs, ip) listedIPs = append(listedIPs, ip)
break // Only add the IP once break
} }
} }
} }
@ -326,17 +330,17 @@ func (r *RBLChecker) GetUniqueListedIPs(results *RBLResults) []string {
return listedIPs return listedIPs
} }
// GetRBLsForIP returns all RBLs that list a specific IP // GetListsForIP returns all lists that match a specific IP
func (r *RBLChecker) GetRBLsForIP(results *RBLResults, ip string) []string { func (r *DNSListChecker) GetListsForIP(results *DNSListResults, ip string) []string {
var rbls []string var lists []string
if rblChecks, exists := results.Checks[ip]; exists { if checks, exists := results.Checks[ip]; exists {
for _, check := range rblChecks { for _, check := range checks {
if check.Listed { if check.Listed {
rbls = append(rbls, check.Rbl) lists = append(lists, check.Rbl)
} }
} }
} }
return rbls return lists
} }

26
pkg/analyzer/rbl_test.go
View file

@ -59,8 +59,8 @@ func TestNewRBLChecker(t *testing.T) {
if checker.Timeout != tt.expectedTimeout { if checker.Timeout != tt.expectedTimeout {
t.Errorf("Timeout = %v, want %v", checker.Timeout, tt.expectedTimeout) t.Errorf("Timeout = %v, want %v", checker.Timeout, tt.expectedTimeout)
} }
if len(checker.RBLs) != tt.expectedRBLs { if len(checker.Lists) != tt.expectedRBLs {
t.Errorf("RBLs count = %d, want %d", len(checker.RBLs), tt.expectedRBLs) t.Errorf("RBLs count = %d, want %d", len(checker.Lists), tt.expectedRBLs)
} }
if checker.resolver == nil { if checker.resolver == nil {
t.Error("Resolver should not be nil") t.Error("Resolver should not be nil")
@ -265,7 +265,7 @@ func TestExtractIPs(t *testing.T) {
func TestGetBlacklistScore(t *testing.T) { func TestGetBlacklistScore(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
results *RBLResults results *DNSListResults
expectedScore int expectedScore int
}{ }{
{ {
@ -275,14 +275,14 @@ func TestGetBlacklistScore(t *testing.T) {
}, },
{ {
name: "No IPs checked", name: "No IPs checked",
results: &RBLResults{ results: &DNSListResults{
IPsChecked: []string{}, IPsChecked: []string{},
}, },
expectedScore: 100, expectedScore: 100,
}, },
{ {
name: "Not listed on any RBL", name: "Not listed on any RBL",
results: &RBLResults{ results: &DNSListResults{
IPsChecked: []string{"198.51.100.1"}, IPsChecked: []string{"198.51.100.1"},
ListedCount: 0, ListedCount: 0,
}, },
@ -290,7 +290,7 @@ func TestGetBlacklistScore(t *testing.T) {
}, },
{ {
name: "Listed on 1 RBL", name: "Listed on 1 RBL",
results: &RBLResults{ results: &DNSListResults{
IPsChecked: []string{"198.51.100.1"}, IPsChecked: []string{"198.51.100.1"},
ListedCount: 1, ListedCount: 1,
}, },
@ -298,7 +298,7 @@ func TestGetBlacklistScore(t *testing.T) {
}, },
{ {
name: "Listed on 2 RBLs", name: "Listed on 2 RBLs",
results: &RBLResults{ results: &DNSListResults{
IPsChecked: []string{"198.51.100.1"}, IPsChecked: []string{"198.51.100.1"},
ListedCount: 2, ListedCount: 2,
}, },
@ -306,7 +306,7 @@ func TestGetBlacklistScore(t *testing.T) {
}, },
{ {
name: "Listed on 3 RBLs", name: "Listed on 3 RBLs",
results: &RBLResults{ results: &DNSListResults{
IPsChecked: []string{"198.51.100.1"}, IPsChecked: []string{"198.51.100.1"},
ListedCount: 3, ListedCount: 3,
}, },
@ -314,7 +314,7 @@ func TestGetBlacklistScore(t *testing.T) {
}, },
{ {
name: "Listed on 4+ RBLs", name: "Listed on 4+ RBLs",
results: &RBLResults{ results: &DNSListResults{
IPsChecked: []string{"198.51.100.1"}, IPsChecked: []string{"198.51.100.1"},
ListedCount: 4, ListedCount: 4,
}, },
@ -326,7 +326,7 @@ func TestGetBlacklistScore(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
score, _ := checker.CalculateRBLScore(tt.results) score, _ := checker.CalculateScore(tt.results)
if score != tt.expectedScore { if score != tt.expectedScore {
t.Errorf("GetBlacklistScore() = %v, want %v", score, tt.expectedScore) t.Errorf("GetBlacklistScore() = %v, want %v", score, tt.expectedScore)
} }
@ -335,7 +335,7 @@ func TestGetBlacklistScore(t *testing.T) {
} }
func TestGetUniqueListedIPs(t *testing.T) { func TestGetUniqueListedIPs(t *testing.T) {
results := &RBLResults{ results := &DNSListResults{
Checks: map[string][]api.BlacklistCheck{ Checks: map[string][]api.BlacklistCheck{
"198.51.100.1": { "198.51.100.1": {
{Rbl: "zen.spamhaus.org", Listed: true}, {Rbl: "zen.spamhaus.org", Listed: true},
@ -363,7 +363,7 @@ func TestGetUniqueListedIPs(t *testing.T) {
} }
func TestGetRBLsForIP(t *testing.T) { func TestGetRBLsForIP(t *testing.T) {
results := &RBLResults{ results := &DNSListResults{
Checks: map[string][]api.BlacklistCheck{ Checks: map[string][]api.BlacklistCheck{
"198.51.100.1": { "198.51.100.1": {
{Rbl: "zen.spamhaus.org", Listed: true}, {Rbl: "zen.spamhaus.org", Listed: true},
@ -402,7 +402,7 @@ func TestGetRBLsForIP(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
rbls := checker.GetRBLsForIP(results, tt.ip) rbls := checker.GetListsForIP(results, tt.ip)
if len(rbls) != len(tt.expectedRBLs) { if len(rbls) != len(tt.expectedRBLs) {
t.Errorf("Got %d RBLs, want %d", len(rbls), len(tt.expectedRBLs)) t.Errorf("Got %d RBLs, want %d", len(rbls), len(tt.expectedRBLs))

16
pkg/analyzer/report.go
View file

@ -35,7 +35,8 @@ type ReportGenerator struct {
spamAnalyzer *SpamAssassinAnalyzer spamAnalyzer *SpamAssassinAnalyzer
rspamdAnalyzer *RspamdAnalyzer rspamdAnalyzer *RspamdAnalyzer
dnsAnalyzer *DNSAnalyzer dnsAnalyzer *DNSAnalyzer
rblChecker *RBLChecker rblChecker *DNSListChecker
dnswlChecker *DNSListChecker
contentAnalyzer *ContentAnalyzer contentAnalyzer *ContentAnalyzer
headerAnalyzer *HeaderAnalyzer headerAnalyzer *HeaderAnalyzer
} }
@ -45,6 +46,7 @@ func NewReportGenerator(
dnsTimeout time.Duration, dnsTimeout time.Duration,
httpTimeout time.Duration, httpTimeout time.Duration,
rbls []string, rbls []string,
dnswls []string,
checkAllIPs bool, checkAllIPs bool,
) *ReportGenerator { ) *ReportGenerator {
return &ReportGenerator{ return &ReportGenerator{
@ -53,6 +55,7 @@ func NewReportGenerator(
rspamdAnalyzer: NewRspamdAnalyzer(), rspamdAnalyzer: NewRspamdAnalyzer(),
dnsAnalyzer: NewDNSAnalyzer(dnsTimeout), dnsAnalyzer: NewDNSAnalyzer(dnsTimeout),
rblChecker: NewRBLChecker(dnsTimeout, rbls, checkAllIPs), rblChecker: NewRBLChecker(dnsTimeout, rbls, checkAllIPs),
dnswlChecker: NewDNSWLChecker(dnsTimeout, dnswls, checkAllIPs),
contentAnalyzer: NewContentAnalyzer(httpTimeout), contentAnalyzer: NewContentAnalyzer(httpTimeout),
headerAnalyzer: NewHeaderAnalyzer(), headerAnalyzer: NewHeaderAnalyzer(),
} }
@ -65,7 +68,8 @@ type AnalysisResults struct {
Content *ContentResults Content *ContentResults
DNS *api.DNSResults DNS *api.DNSResults
Headers *api.HeaderAnalysis Headers *api.HeaderAnalysis
RBL *RBLResults RBL *DNSListResults
DNSWL *DNSListResults
SpamAssassin *api.SpamAssassinResult SpamAssassin *api.SpamAssassinResult
Rspamd *api.RspamdResult Rspamd *api.RspamdResult
} }
@ -81,6 +85,7 @@ func (r *ReportGenerator) AnalyzeEmail(email *EmailMessage) *AnalysisResults {
results.Headers = r.headerAnalyzer.GenerateHeaderAnalysis(email, results.Authentication) results.Headers = r.headerAnalyzer.GenerateHeaderAnalysis(email, results.Authentication)
results.DNS = r.dnsAnalyzer.AnalyzeDNS(email, results.Authentication, results.Headers) results.DNS = r.dnsAnalyzer.AnalyzeDNS(email, results.Authentication, results.Headers)
results.RBL = r.rblChecker.CheckEmail(email) results.RBL = r.rblChecker.CheckEmail(email)
results.DNSWL = r.dnswlChecker.CheckEmail(email)
results.SpamAssassin = r.spamAnalyzer.AnalyzeSpamAssassin(email) results.SpamAssassin = r.spamAnalyzer.AnalyzeSpamAssassin(email)
results.Rspamd = r.rspamdAnalyzer.AnalyzeRspamd(email) results.Rspamd = r.rspamdAnalyzer.AnalyzeRspamd(email)
results.Content = r.contentAnalyzer.AnalyzeContent(email) results.Content = r.contentAnalyzer.AnalyzeContent(email)
@ -135,7 +140,7 @@ func (r *ReportGenerator) GenerateReport(testID uuid.UUID, results *AnalysisResu
blacklistScore := 0 blacklistScore := 0
var blacklistGrade string var blacklistGrade string
if results.RBL != nil { if results.RBL != nil {
blacklistScore, blacklistGrade = r.rblChecker.CalculateRBLScore(results.RBL) blacklistScore, blacklistGrade = r.rblChecker.CalculateScore(results.RBL)
} }
saScore, saGrade := r.spamAnalyzer.CalculateSpamAssassinScore(results.SpamAssassin) saScore, saGrade := r.spamAnalyzer.CalculateSpamAssassinScore(results.SpamAssassin)
@ -197,6 +202,11 @@ func (r *ReportGenerator) GenerateReport(testID uuid.UUID, results *AnalysisResu
report.Blacklists = &results.RBL.Checks report.Blacklists = &results.RBL.Checks
} }
// Add whitelist checks as a map of IP -> array of BlacklistCheck (informational only)
if results.DNSWL != nil && len(results.DNSWL.Checks) > 0 {
report.Whitelists = &results.DNSWL.Checks
}
// Add SpamAssassin result with individual deliverability score // Add SpamAssassin result with individual deliverability score
if results.SpamAssassin != nil { if results.SpamAssassin != nil {
saGradeTyped := api.SpamAssassinResultDeliverabilityGrade(saGrade) saGradeTyped := api.SpamAssassinResultDeliverabilityGrade(saGrade)

10
pkg/analyzer/report_test.go
View file

@ -32,7 +32,7 @@ import (
) )
func TestNewReportGenerator(t *testing.T) { func TestNewReportGenerator(t *testing.T) {
gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, false) gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)
if gen == nil { if gen == nil {
t.Fatal("Expected report generator, got nil") t.Fatal("Expected report generator, got nil")
} }
@ -55,7 +55,7 @@ func TestNewReportGenerator(t *testing.T) {
} }
func TestAnalyzeEmail(t *testing.T) { func TestAnalyzeEmail(t *testing.T) {
gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, false) gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)
email := createTestEmail() email := createTestEmail()
@ -75,7 +75,7 @@ func TestAnalyzeEmail(t *testing.T) {
} }
func TestGenerateReport(t *testing.T) { func TestGenerateReport(t *testing.T) {
gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, false) gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)
testID := uuid.New() testID := uuid.New()
email := createTestEmail() email := createTestEmail()
@ -130,7 +130,7 @@ func TestGenerateReport(t *testing.T) {
} }
func TestGenerateReportWithSpamAssassin(t *testing.T) { func TestGenerateReportWithSpamAssassin(t *testing.T) {
gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, false) gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)
testID := uuid.New() testID := uuid.New()
email := createTestEmailWithSpamAssassin() email := createTestEmailWithSpamAssassin()
@ -150,7 +150,7 @@ func TestGenerateReportWithSpamAssassin(t *testing.T) {
} }
func TestGenerateRawEmail(t *testing.T) { func TestGenerateRawEmail(t *testing.T) {
gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, false) gen := NewReportGenerator(10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)
tests := []struct { tests := []struct {
name string name string

7
pkg/analyzer/rspamd.go
View file

@ -58,6 +58,8 @@ func (a *RspamdAnalyzer) AnalyzeRspamd(email *EmailMessage) *api.RspamdResult {
// Parse X-Spamd-Result header (primary source for score, threshold, and symbols) // Parse X-Spamd-Result header (primary source for score, threshold, and symbols)
// Format: "default: False [-3.91 / 15.00];\n\tSYMBOL(score)[params]; ..." // Format: "default: False [-3.91 / 15.00];\n\tSYMBOL(score)[params]; ..."
if spamdResult, ok := headers["X-Spamd-Result"]; ok { if spamdResult, ok := headers["X-Spamd-Result"]; ok {
report := strings.ReplaceAll(spamdResult, "; ", ";\n")
result.Report = &report
a.parseSpamdResult(spamdResult, result) a.parseSpamdResult(spamdResult, result)
} }
@ -111,8 +113,9 @@ func (a *RspamdAnalyzer) parseSpamdResult(header string, result *api.RspamdResul
} }
// Parse symbols: SYMBOL(score)[params] // Parse symbols: SYMBOL(score)[params]
// Each symbol entry is separated by ";" // Each symbol entry is separated by ";", so within each part we use a
symbolRe := regexp.MustCompile(`(\w+)\((-?\d+\.?\d*)\)(?:\[([^\]]*)\])?`) // greedy match to capture params that may contain nested brackets.
symbolRe := regexp.MustCompile(`(\w+)\((-?\d+\.?\d*)\)(?:\[(.*)\])?`)
for _, part := range strings.Split(header, ";") { for _, part := range strings.Split(header, ";") {
part = strings.TrimSpace(part) part = strings.TrimSpace(part)
matches := symbolRe.FindStringSubmatch(part) matches := symbolRe.FindStringSubmatch(part)

414
pkg/analyzer/rspamd_test.go Normal file
View file

@ -0,0 +1,414 @@
// This file is part of the happyDeliver (R) project.
// Copyright (c) 2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package analyzer
import (
"bytes"
"net/mail"
"testing"
"git.happydns.org/happyDeliver/internal/api"
)
func TestAnalyzeRspamdNoHeaders(t *testing.T) {
analyzer := NewRspamdAnalyzer()
email := &EmailMessage{Header: make(mail.Header)}
result := analyzer.AnalyzeRspamd(email)
if result != nil {
t.Errorf("Expected nil for email without rspamd headers, got %+v", result)
}
}
func TestParseSpamdResult(t *testing.T) {
tests := []struct {
name string
header string
expectedScore float32
expectedThreshold float32
expectedIsSpam bool
expectedSymbols map[string]float32
expectedSymParams map[string]string
}{
{
name: "Clean email negative score",
header: "default: False [-3.91 / 15.00];\n\tDATE_IN_PAST(0.10); ALL_TRUSTED(-1.00)[trusted]",
expectedScore: -3.91,
expectedThreshold: 15.00,
expectedIsSpam: false,
expectedSymbols: map[string]float32{
"DATE_IN_PAST": 0.10,
"ALL_TRUSTED": -1.00,
},
expectedSymParams: map[string]string{
"ALL_TRUSTED": "trusted",
},
},
{
name: "Spam email True flag",
header: "default: True [16.50 / 15.00];\n\tBAYES_99(5.00)[1.00]; SPOOFED_SENDER(3.50)",
expectedScore: 16.50,
expectedThreshold: 15.00,
expectedIsSpam: true,
expectedSymbols: map[string]float32{
"BAYES_99": 5.00,
"SPOOFED_SENDER": 3.50,
},
expectedSymParams: map[string]string{
"BAYES_99": "1.00",
},
},
{
name: "Zero threshold uses default",
header: "default: False [1.00 / 0.00]",
expectedScore: 1.00,
expectedThreshold: rspamdDefaultAddHeaderThreshold,
expectedIsSpam: false,
expectedSymbols: map[string]float32{},
},
{
name: "Symbol without params",
header: "default: False [2.00 / 15.00];\n\tMISSING_DATE(1.00)",
expectedScore: 2.00,
expectedThreshold: 15.00,
expectedIsSpam: false,
expectedSymbols: map[string]float32{
"MISSING_DATE": 1.00,
},
},
{
name: "Case-insensitive true flag",
header: "default: true [8.00 / 6.00]",
expectedScore: 8.00,
expectedThreshold: 6.00,
expectedIsSpam: true,
expectedSymbols: map[string]float32{},
},
{
name: "Zero threshold with symbols containing nested brackets in params",
header: "default: False [0.90 / 0.00];\n" +
"\tARC_REJECT(1.00)[cannot verify 1 of 1 signatures: {[1] = sig:mail-tester.local:signature has incorrect length: 12}];\n" +
"\tMIME_GOOD(-0.10)[multipart/alternative,text/plain];\n" +
"\tMIME_TRACE(0.00)[0:+,1:+,2:~]",
expectedScore: 0.90,
expectedThreshold: rspamdDefaultAddHeaderThreshold,
expectedIsSpam: false,
expectedSymbols: map[string]float32{
"ARC_REJECT": 1.00,
"MIME_GOOD": -0.10,
"MIME_TRACE": 0.00,
},
expectedSymParams: map[string]string{
"ARC_REJECT": "cannot verify 1 of 1 signatures: {[1] = sig:mail-tester.local:signature has incorrect length: 12}",
"MIME_GOOD": "multipart/alternative,text/plain",
"MIME_TRACE": "0:+,1:+,2:~",
},
},
}
analyzer := NewRspamdAnalyzer()
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := &api.RspamdResult{
Symbols: make(map[string]api.RspamdSymbol),
}
analyzer.parseSpamdResult(tt.header, result)
if result.Score != tt.expectedScore {
t.Errorf("Score = %v, want %v", result.Score, tt.expectedScore)
}
if result.Threshold != tt.expectedThreshold {
t.Errorf("Threshold = %v, want %v", result.Threshold, tt.expectedThreshold)
}
if result.IsSpam != tt.expectedIsSpam {
t.Errorf("IsSpam = %v, want %v", result.IsSpam, tt.expectedIsSpam)
}
for symName, expectedScore := range tt.expectedSymbols {
sym, ok := result.Symbols[symName]
if !ok {
t.Errorf("Symbol %s not found", symName)
continue
}
if sym.Score != expectedScore {
t.Errorf("Symbol %s score = %v, want %v", symName, sym.Score, expectedScore)
}
}
for symName, expectedParam := range tt.expectedSymParams {
sym, ok := result.Symbols[symName]
if !ok {
t.Errorf("Symbol %s not found for params check", symName)
continue
}
if sym.Params == nil {
t.Errorf("Symbol %s params = nil, want %q", symName, expectedParam)
} else if *sym.Params != expectedParam {
t.Errorf("Symbol %s params = %q, want %q", symName, *sym.Params, expectedParam)
}
}
})
}
}
func TestAnalyzeRspamd(t *testing.T) {
tests := []struct {
name string
headers map[string]string
expectedScore float32
expectedThreshold float32
expectedIsSpam bool
expectedServer *string
expectedSymCount int
}{
{
name: "Full headers clean email",
headers: map[string]string{
"X-Spamd-Result": "default: False [-3.91 / 15.00];\n\tALL_TRUSTED(-1.00)[local]",
"X-Rspamd-Score": "-3.91",
"X-Rspamd-Server": "mail.example.com",
},
expectedScore: -3.91,
expectedThreshold: 15.00,
expectedIsSpam: false,
expectedServer: func() *string { s := "mail.example.com"; return &s }(),
expectedSymCount: 1,
},
{
name: "X-Rspamd-Score overrides spamd result score",
headers: map[string]string{
"X-Spamd-Result": "default: False [2.00 / 15.00]",
"X-Rspamd-Score": "3.50",
},
expectedScore: 3.50,
expectedThreshold: 15.00,
expectedIsSpam: false,
},
{
name: "Spam email above threshold",
headers: map[string]string{
"X-Spamd-Result": "default: True [16.00 / 15.00];\n\tBAYES_99(5.00)",
"X-Rspamd-Score": "16.00",
},
expectedScore: 16.00,
expectedThreshold: 15.00,
expectedIsSpam: true,
expectedSymCount: 1,
},
{
name: "No X-Spamd-Result, only X-Rspamd-Score below default threshold",
headers: map[string]string{
"X-Rspamd-Score": "2.00",
},
expectedScore: 2.00,
expectedIsSpam: false,
},
{
name: "No X-Spamd-Result, X-Rspamd-Score above default add-header threshold",
headers: map[string]string{
"X-Rspamd-Score": "7.00",
},
expectedScore: 7.00,
expectedIsSpam: true,
},
{
name: "Server header is trimmed",
headers: map[string]string{
"X-Rspamd-Score": "1.00",
"X-Rspamd-Server": " rspamd-01 ",
},
expectedScore: 1.00,
expectedServer: func() *string { s := "rspamd-01"; return &s }(),
},
}
analyzer := NewRspamdAnalyzer()
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
email := &EmailMessage{Header: make(mail.Header)}
for k, v := range tt.headers {
email.Header[k] = []string{v}
}
result := analyzer.AnalyzeRspamd(email)
if result == nil {
t.Fatal("Expected non-nil result")
}
if result.Score != tt.expectedScore {
t.Errorf("Score = %v, want %v", result.Score, tt.expectedScore)
}
if tt.expectedThreshold > 0 && result.Threshold != tt.expectedThreshold {
t.Errorf("Threshold = %v, want %v", result.Threshold, tt.expectedThreshold)
}
if result.IsSpam != tt.expectedIsSpam {
t.Errorf("IsSpam = %v, want %v", result.IsSpam, tt.expectedIsSpam)
}
if tt.expectedServer != nil {
if result.Server == nil {
t.Errorf("Server = nil, want %q", *tt.expectedServer)
} else if *result.Server != *tt.expectedServer {
t.Errorf("Server = %q, want %q", *result.Server, *tt.expectedServer)
}
}
if tt.expectedSymCount > 0 && len(result.Symbols) != tt.expectedSymCount {
t.Errorf("Symbol count = %d, want %d", len(result.Symbols), tt.expectedSymCount)
}
})
}
}
func TestCalculateRspamdScore(t *testing.T) {
tests := []struct {
name string
result *api.RspamdResult
expectedScore int
expectedGrade string
}{
{
name: "Nil result (rspamd not installed)",
result: nil,
expectedScore: 100,
expectedGrade: "",
},
{
name: "Score well below threshold",
result: &api.RspamdResult{
Score: -3.91,
Threshold: 15.00,
},
expectedScore: 100,
expectedGrade: "A+",
},
{
name: "Score at zero",
result: &api.RspamdResult{
Score: 0,
Threshold: 15.00,
},
// 100 - round(0*100/30) = 100 → hits ScoreToGrade(100) = "A"
expectedScore: 100,
expectedGrade: "A",
},
{
name: "Score at threshold (half of 2*threshold)",
result: &api.RspamdResult{
Score: 15.00,
Threshold: 15.00,
},
// 100 - round(15*100/(2*15)) = 100 - 50 = 50
expectedScore: 50,
},
{
name: "Score above 2*threshold",
result: &api.RspamdResult{
Score: 31.00,
Threshold: 15.00,
},
expectedScore: 0,
expectedGrade: "F",
},
{
name: "Score exactly at 2*threshold",
result: &api.RspamdResult{
Score: 30.00,
Threshold: 15.00,
},
// 100 - round(30*100/30) = 100 - 100 = 0
expectedScore: 0,
expectedGrade: "F",
},
}
analyzer := NewRspamdAnalyzer()
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
score, grade := analyzer.CalculateRspamdScore(tt.result)
if score != tt.expectedScore {
t.Errorf("Score = %d, want %d", score, tt.expectedScore)
}
if tt.expectedGrade != "" && grade != tt.expectedGrade {
t.Errorf("Grade = %q, want %q", grade, tt.expectedGrade)
}
})
}
}
const sampleEmailWithRspamdHeaders = `X-Spamd-Result: default: False [-3.91 / 15.00];
BAYES_HAM(-3.00)[99%];
RCVD_IN_DNSWL_MED(-0.01)[1.2.3.4:from];
R_DKIM_ALLOW(-0.20)[example.com:s=dkim];
FROM_HAS_DN(0.00)[];
MIME_GOOD(-0.10)[text/plain];
X-Rspamd-Score: -3.91
X-Rspamd-Server: rspamd-01.example.com
Date: Mon, 09 Mar 2026 10:00:00 +0000
From: sender@example.com
To: test@happydomain.org
Subject: Test email
Message-ID: <test123@example.com>
MIME-Version: 1.0
Content-Type: text/plain
Hello world`
func TestAnalyzeRspamdRealEmail(t *testing.T) {
email, err := ParseEmail(bytes.NewBufferString(sampleEmailWithRspamdHeaders))
if err != nil {
t.Fatalf("Failed to parse email: %v", err)
}
analyzer := NewRspamdAnalyzer()
result := analyzer.AnalyzeRspamd(email)
if result == nil {
t.Fatal("Expected non-nil result")
}
if result.IsSpam {
t.Error("Expected IsSpam=false")
}
if result.Score != -3.91 {
t.Errorf("Score = %v, want -3.91", result.Score)
}
if result.Threshold != 15.00 {
t.Errorf("Threshold = %v, want 15.00", result.Threshold)
}
if result.Server == nil || *result.Server != "rspamd-01.example.com" {
t.Errorf("Server = %v, want \"rspamd-01.example.com\"", result.Server)
}
expectedSymbols := []string{"BAYES_HAM", "RCVD_IN_DNSWL_MED", "R_DKIM_ALLOW", "FROM_HAS_DN", "MIME_GOOD"}
for _, sym := range expectedSymbols {
if _, ok := result.Symbols[sym]; !ok {
t.Errorf("Symbol %s not found", sym)
}
}
score, _ := analyzer.CalculateRspamdScore(result)
if score != 100 {
t.Errorf("CalculateRspamdScore = %d, want 100", score)
}
}

14
web/src/lib/components/BlacklistCard.svelte
View file

@ -1,23 +1,21 @@
<script lang="ts"> <script lang="ts">
import type { BlacklistCheck, ReceivedHop } from "$lib/api/types.gen"; import type { BlacklistCheck } from "$lib/api/types.gen";
import { getScoreColorClass } from "$lib/score"; import { getScoreColorClass } from "$lib/score";
import { theme } from "$lib/stores/theme"; import { theme } from "$lib/stores/theme";
import EmailPathCard from "./EmailPathCard.svelte";
import GradeDisplay from "./GradeDisplay.svelte"; import GradeDisplay from "./GradeDisplay.svelte";
interface Props { interface Props {
blacklists: Record<string, BlacklistCheck[]>; blacklists: Record<string, BlacklistCheck[]>;
blacklistGrade?: string; blacklistGrade?: string;
blacklistScore?: number; blacklistScore?: number;
receivedChain?: ReceivedHop[];
} }
let { blacklists, blacklistGrade, blacklistScore, receivedChain }: Props = $props(); let { blacklists, blacklistGrade, blacklistScore }: Props = $props();
</script> </script>
<div class="card shadow-sm" id="rbl-details"> <div class="card shadow-sm" id="rbl-details">
<div class="card-header" class:bg-white={$theme === "light"} class:bg-dark={$theme !== "light"}> <div class="card-header" class:bg-white={$theme === "light"} class:bg-dark={$theme !== "light"}>
<h4 class="mb-0 d-flex justify-content-between align-items-center"> <h4 class="mb-0 d-flex flex-wrap justify-content-between align-items-center">
<span> <span>
<i class="bi bi-shield-exclamation me-2"></i> <i class="bi bi-shield-exclamation me-2"></i>
Blacklist Checks Blacklist Checks
@ -35,11 +33,7 @@
</h4> </h4>
</div> </div>
<div class="card-body"> <div class="card-body">
{#if receivedChain} <div class="row row-cols-1 row-cols-lg-2 overflow-auto">
<EmailPathCard {receivedChain} />
{/if}
<div class="row row-cols-1 row-cols-lg-2">
{#each Object.entries(blacklists) as [ip, checks]} {#each Object.entries(blacklists) as [ip, checks]}
<div class="col mb-3"> <div class="col mb-3">
<h5 class="text-muted"> <h5 class="text-muted">

18
web/src/lib/components/EmailPathCard.svelte
View file

@ -1,5 +1,6 @@
<script lang="ts"> <script lang="ts">
import type { ReceivedHop } from "$lib/api/types.gen"; import type { ReceivedHop } from "$lib/api/types.gen";
import { theme } from "$lib/stores/theme";
interface Props { interface Props {
receivedChain: ReceivedHop[]; receivedChain: ReceivedHop[];
@ -9,9 +10,18 @@
</script> </script>
{#if receivedChain && receivedChain.length > 0} {#if receivedChain && receivedChain.length > 0}
<div class="mb-3" id="email-path"> <div class="card shadow-sm" id="email-path">
<h5>Email Path (Received Chain)</h5> <div
<div class="list-group"> class="card-header"
class:bg-white={$theme === "light"}
class:bg-dark={$theme !== "light"}
>
<h4 class="mb-0">
<i class="bi bi-pin-map me-2"></i>
Email Path
</h4>
</div>
<div class="list-group list-group-flush">
{#each receivedChain as hop, i} {#each receivedChain as hop, i}
<div class="list-group-item"> <div class="list-group-item">
<div class="d-flex w-100 justify-content-between"> <div class="d-flex w-100 justify-content-between">
@ -30,7 +40,7 @@
: "-"} : "-"}
</small> </small>
</div> </div>
{#if hop.with || hop.id} {#if hop.with || hop.id || hop.from}
<p class="mb-1 small d-flex gap-3"> <p class="mb-1 small d-flex gap-3">
{#if hop.with} {#if hop.with}
<span> <span>

27
web/src/lib/components/RspamdCard.svelte
View file

@ -17,8 +17,7 @@
const effectiveAction = $derived.by(() => { const effectiveAction = $derived.by(() => {
const rejectThreshold = rspamd.threshold > 0 ? rspamd.threshold : 15; const rejectThreshold = rspamd.threshold > 0 ? rspamd.threshold : 15;
if (rspamd.score >= rejectThreshold) if (rspamd.score >= rejectThreshold) return { label: "Reject", cls: "bg-danger" };
return { label: "Reject", cls: "bg-danger" };
if (rspamd.score >= RSPAMD_ADD_HEADER_THRESHOLD) if (rspamd.score >= RSPAMD_ADD_HEADER_THRESHOLD)
return { label: "Add header", cls: "bg-warning text-dark" }; return { label: "Add header", cls: "bg-warning text-dark" };
if (rspamd.score >= RSPAMD_GREYLIST_THRESHOLD) if (rspamd.score >= RSPAMD_GREYLIST_THRESHOLD)
@ -31,7 +30,7 @@
<div class="card-header {$theme === 'light' ? 'bg-white' : 'bg-dark'}"> <div class="card-header {$theme === 'light' ? 'bg-white' : 'bg-dark'}">
<h4 class="mb-0 d-flex justify-content-between align-items-center"> <h4 class="mb-0 d-flex justify-content-between align-items-center">
<span> <span>
<i class="bi bi-shield-exclamation me-2"></i> <i class="bi bi-bug me-2"></i>
rspamd Analysis rspamd Analysis
</span> </span>
<span> <span>
@ -108,10 +107,32 @@
</div> </div>
</div> </div>
{/if} {/if}
{#if rspamd.report}
<details class="mt-3">
<summary class="cursor-pointer fw-bold">Raw Report</summary>
<pre
class="mt-2 small {$theme === 'light'
? 'bg-light'
: 'bg-secondary'} p-3 rounded">{rspamd.report}</pre>
</details>
{/if}
</div> </div>
</div> </div>
<style> <style>
.cursor-pointer {
cursor: pointer;
}
details summary {
user-select: none;
}
details summary:hover {
color: var(--bs-primary);
}
/* Darker table colors in dark mode */ /* Darker table colors in dark mode */
:global([data-bs-theme="dark"]) .table-warning { :global([data-bs-theme="dark"]) .table-warning {
--bs-table-bg: rgba(255, 193, 7, 0.2); --bs-table-bg: rgba(255, 193, 7, 0.2);

2
web/src/lib/components/SummaryCard.svelte
View file

@ -331,7 +331,7 @@
highlight: { color: "good", bold: true }, highlight: { color: "good", bold: true },
link: "#dns-bimi", link: "#dns-bimi",
}); });
if (bimiResult.details && bimiResult.details.indexOf("declined") == 0) { if (bimiResult?.details && bimiResult.details.indexOf("declined") == 0) {
segments.push({ text: " declined to participate" }); segments.push({ text: " declined to participate" });
} else if (bimiResult?.result === "fail") { } else if (bimiResult?.result === "fail") {
segments.push({ text: " but " }); segments.push({ text: " but " });

62
web/src/lib/components/WhitelistCard.svelte Normal file
View file

@ -0,0 +1,62 @@
<script lang="ts">
import type { BlacklistCheck } from "$lib/api/types.gen";
import { theme } from "$lib/stores/theme";
interface Props {
whitelists: Record<string, BlacklistCheck[]>;
}
let { whitelists }: Props = $props();
</script>
<div class="card shadow-sm" id="dnswl-details">
<div class="card-header" class:bg-white={$theme === "light"} class:bg-dark={$theme !== "light"}>
<h4 class="mb-0 d-flex flex-wrap justify-content-between align-items-center">
<span>
<i class="bi bi-shield-check me-2"></i>
Whitelist Checks
</span>
<span class="badge bg-info text-white">Informational</span>
</h4>
</div>
<div class="card-body">
<p class="text-muted small mb-3">
DNS whitelists identify trusted senders. Being listed here is a positive signal, but has
no impact on the overall score.
</p>
<div class="row row-cols-1 row-cols-lg-2 overflow-auto">
{#each Object.entries(whitelists) as [ip, checks]}
<div class="col mb-3">
<h5 class="text-muted">
<i class="bi bi-hdd-network me-1"></i>
{ip}
</h5>
<table class="table table-sm table-striped table-hover mb-0">
<tbody>
{#each checks as check}
<tr>
<td title={check.response || "-"}>
<span
class="badge"
class:bg-success={check.listed}
class:bg-dark={check.error}
class:bg-secondary={!check.listed && !check.error}
>
{check.error
? "Error"
: check.listed
? "Listed"
: "Not listed"}
</span>
</td>
<td><code>{check.rbl}</code></td>
</tr>
{/each}
</tbody>
</table>
</div>
{/each}
</div>
</div>
</div>

1
web/src/lib/components/index.ts
View file

@ -24,3 +24,4 @@ export { default as SpamAssassinCard } from "./SpamAssassinCard.svelte";
export { default as SpfRecordsDisplay } from "./SpfRecordsDisplay.svelte"; export { default as SpfRecordsDisplay } from "./SpfRecordsDisplay.svelte";
export { default as SummaryCard } from "./SummaryCard.svelte"; export { default as SummaryCard } from "./SummaryCard.svelte";
export { default as TinySurvey } from "./TinySurvey.svelte"; export { default as TinySurvey } from "./TinySurvey.svelte";
export { default as WhitelistCard } from "./WhitelistCard.svelte";

1
web/src/lib/stores/config.ts
View file

@ -25,6 +25,7 @@ interface AppConfig {
report_retention?: number; report_retention?: number;
survey_url?: string; survey_url?: string;
custom_logo_url?: string; custom_logo_url?: string;
rbls?: string[];
} }
const defaultConfig: AppConfig = { const defaultConfig: AppConfig = {

2
web/src/lib/stores/theme.ts
View file

@ -26,7 +26,7 @@ const getInitialTheme = () => {
if (!browser) return "light"; if (!browser) return "light";
const stored = localStorage.getItem("theme"); const stored = localStorage.getItem("theme");
if (stored) return stored; if (stored === "light" || stored === "dark") return stored;
return window.matchMedia("(prefers-color-scheme: dark)").matches ? "dark" : "light"; return window.matchMedia("(prefers-color-scheme: dark)").matches ? "dark" : "light";
}; };

21
web/src/routes/blacklist/[ip]/+page.svelte
View file

@ -3,7 +3,7 @@
import { onMount } from "svelte"; import { onMount } from "svelte";
import { checkBlacklist } from "$lib/api"; import { checkBlacklist } from "$lib/api";
import type { BlacklistCheckResponse } from "$lib/api/types.gen"; import type { BlacklistCheckResponse } from "$lib/api/types.gen";
import { BlacklistCard, GradeDisplay, TinySurvey } from "$lib/components"; import { BlacklistCard, GradeDisplay, TinySurvey, WhitelistCard } from "$lib/components";
import { theme } from "$lib/stores/theme"; import { theme } from "$lib/stores/theme";
let ip = $derived($page.params.ip); let ip = $derived($page.params.ip);
@ -28,7 +28,7 @@
}); });
if (response.response.ok) { if (response.response.ok) {
result = response.data; result = response.data ?? null;
} else if (response.error) { } else if (response.error) {
error = response.error.message || "Failed to check IP address"; error = response.error.message || "Failed to check IP address";
} }
@ -122,8 +122,8 @@
> >
<p class="mb-0 mt-1 small"> <p class="mb-0 mt-1 small">
This IP address is listed on {result.listed_count} of This IP address is listed on {result.listed_count} of
{result.checks.length} checked blacklist{result {result.blacklists.length} checked blacklist{result
.checks.length > 1 .blacklists.length > 1
? "s" ? "s"
: ""}. : ""}.
</p> </p>
@ -150,12 +150,23 @@
</div> </div>
</div> </div>
<div class="row">
<!-- Blacklist Results Card --> <!-- Blacklist Results Card -->
<div class="col col-lg-6">
<BlacklistCard <BlacklistCard
blacklists={{ [result.ip]: result.checks }} blacklists={{ [result.ip]: result.blacklists }}
blacklistScore={result.score} blacklistScore={result.score}
blacklistGrade={result.grade} blacklistGrade={result.grade}
/> />
</div>
<!-- Whitelist Results Card -->
{#if result.whitelists && result.whitelists.length > 0}
<div class="col col-lg-6">
<WhitelistCard whitelists={{ [result.ip]: result.whitelists }} />
</div>
{/if}
</div>
<!-- Information Card --> <!-- Information Card -->
<div class="card shadow-sm mt-4"> <div class="card shadow-sm mt-4">

2
web/src/routes/domain/[domain]/+page.svelte
View file

@ -130,7 +130,7 @@
<div class="d-flex justify-content-end me-lg-5 mt-3"> <div class="d-flex justify-content-end me-lg-5 mt-3">
<TinySurvey <TinySurvey
class="bg-primary-subtle rounded-4 p-3 text-center" class="bg-primary-subtle rounded-4 p-3 text-center"
source={"rbl-" + result.ip} source={"domain-" + result.domain}
/> />
</div> </div>
</div> </div>

59
web/src/routes/test/[test]/+page.svelte
View file

@ -3,12 +3,13 @@
import { onDestroy } from "svelte"; import { onDestroy } from "svelte";
import { getReport, getTest, reanalyzeReport } from "$lib/api"; import { getReport, getTest, reanalyzeReport } from "$lib/api";
import type { Report, Test } from "$lib/api/types.gen"; import type { BlacklistCheck, Report, Test } from "$lib/api/types.gen";
import { import {
AuthenticationCard, AuthenticationCard,
BlacklistCard, BlacklistCard,
ContentAnalysisCard, ContentAnalysisCard,
DnsRecordsCard, DnsRecordsCard,
EmailPathCard,
ErrorDisplay, ErrorDisplay,
HeaderAnalysisCard, HeaderAnalysisCard,
PendingState, PendingState,
@ -17,8 +18,11 @@
SpamAssassinCard, SpamAssassinCard,
SummaryCard, SummaryCard,
TinySurvey, TinySurvey,
WhitelistCard,
} from "$lib/components"; } from "$lib/components";
type BlacklistRecords = Record<string, BlacklistCheck[]>;
let testId = $derived(page.params.test); let testId = $derived(page.params.test);
let test = $state<Test | null>(null); let test = $state<Test | null>(null);
let report = $state<Report | null>(null); let report = $state<Report | null>(null);
@ -291,6 +295,15 @@
</div> </div>
</div> </div>
<!-- Received Chain -->
{#if report.header_analysis?.received_chain && report.header_analysis.received_chain.length > 0}
<div class="row mb-4" id="received-chain">
<div class="col-12">
<EmailPathCard receivedChain={report.header_analysis.received_chain} />
</div>
</div>
{/if}
<!-- DNS Records --> <!-- DNS Records -->
{#if report.dns_results} {#if report.dns_results}
<div class="row mb-4" id="dns"> <div class="row mb-4" id="dns">
@ -321,19 +334,47 @@
{/if} {/if}
<!-- Blacklist Checks --> <!-- Blacklist Checks -->
{#snippet blacklistChecks(blacklists: BlacklistRecords, report: Report)}
<BlacklistCard
{blacklists}
blacklistGrade={report.summary?.blacklist_grade}
blacklistScore={report.summary?.blacklist_score}
/>
{/snippet}
<!-- Whitelist Checks -->
{#snippet whitelistChecks(whitelists: BlacklistRecords)}
<WhitelistCard {whitelists} />
{/snippet}
<!-- Blacklist & Whitelist Checks -->
{#if report.blacklists && report.whitelists && Object.keys(report.blacklists).length == 1 && Object.keys(report.whitelists).length == 1}
<div class="row mb-4">
<div class="col-6" id="blacklist">
{@render blacklistChecks(report.blacklists, report)}
</div>
<div class="col-6" id="whitelist">
{@render whitelistChecks(report.whitelists)}
</div>
</div>
{:else}
{#if report.blacklists && Object.keys(report.blacklists).length > 0} {#if report.blacklists && Object.keys(report.blacklists).length > 0}
<div class="row mb-4" id="blacklist"> <div class="row mb-4" id="blacklist">
<div class="col-12"> <div class="col-12">
<BlacklistCard {@render blacklistChecks(report.blacklists, report)}
blacklists={report.blacklists}
blacklistGrade={report.summary?.blacklist_grade}
blacklistScore={report.summary?.blacklist_score}
receivedChain={report.header_analysis?.received_chain}
/>
</div> </div>
</div> </div>
{/if} {/if}
{#if report.whitelists && Object.keys(report.whitelists).length > 0}
<div class="row mb-4" id="whitelist">
<div class="col-12">
{@render whitelistChecks(report.whitelists)}
</div>
</div>
{/if}
{/if}
<!-- Header Analysis --> <!-- Header Analysis -->
{#if report.header_analysis} {#if report.header_analysis}
<div class="row mb-4" id="header"> <div class="row mb-4" id="header">
@ -352,12 +393,12 @@
{#if report.spamassassin || report.rspamd} {#if report.spamassassin || report.rspamd}
<div class="row mb-4" id="spam"> <div class="row mb-4" id="spam">
{#if report.spamassassin} {#if report.spamassassin}
<div class={report.rspamd ? "col-lg-6 mb-4 mb-lg-0" : "col-12"}> <div class={report.rspamd ? "col col-lg-6 mb-4 mb-lg-0" : "col-12"}>
<SpamAssassinCard spamassassin={report.spamassassin} /> <SpamAssassinCard spamassassin={report.spamassassin} />
</div> </div>
{/if} {/if}
{#if report.rspamd} {#if report.rspamd}
<div class={report.spamassassin ? "col-lg-6" : "col-12"}> <div class={report.spamassassin ? "col col-lg-6" : "col-12"}>
<RspamdCard rspamd={report.rspamd} /> <RspamdCard rspamd={report.rspamd} />
</div> </div>
{/if} {/if}