Email Reports - monozoide/MailLogSentinel GitHub Wiki

Triggering: Email reports are generated and dispatched when MailLogSentinel is executed with the --report command-line argument. This action is typically scheduled to run on a daily basis using Systemd timers or cron.
Content: The email report is designed to provide a concise yet informative summary of SASL authentication activity. Each report includes:
- Header Information: Details such as the script name (MailLogSentinel), its version, the timestamp of when the report was generated, and the FQDN and IP address of the server running the script.
- Daily Statistics:
  - Total number of failed authentication attempts recorded for the current day.
  - A list of the "Top 10 failed authentications today," broken down by unique combinations of username, IP address, and client hostname, along with their respective attempt counts.
  - A list of the "Top 10 Usernames today" that were involved in failed authentication attempts, with their corresponding counts.
  - A "Reverse DNS Lookup Failure Summary," which shows the total number of failed reverse DNS lookups for the day and provides a breakdown of these failures by error type (e.g., "Timeout," "Errno -2").
- CSV File Information:
  - The total current size of the maillogsentinel.csv file (e.g., "123.4K").
  - The total number of lines currently in the maillogsentinel.csv file (this count excludes the header row).
- Attachment: The complete maillogsentinel.csv data file is attached to the email. This allows for detailed offline analysis, import into other security information and event management (SIEM) tools, or for historical record-keeping.