From 69bd49a606bd8f136bb13c391b67c0c48c61bd71 Mon Sep 17 00:00:00 2001
From: "Antonio J. Delgado" <ad@susurrando.com>
Date: Fri, 31 Jan 2025 14:48:35 +0200
Subject: [PATCH] Add params

---
 smtpd_watcher/smtpd_watcher.py | 58 +++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/smtpd_watcher/smtpd_watcher.py b/smtpd_watcher/smtpd_watcher.py
index e35509d..4582fe8 100644
--- a/smtpd_watcher/smtpd_watcher.py
+++ b/smtpd_watcher/smtpd_watcher.py
@@ -53,12 +53,20 @@ class SmtpdWatcher:
             capture_output=True,
         )
         ips['postfix'] = json.loads(result.stdout)
+        self._log.debug(
+            "Banned IPs in postfix jail: %s",
+            ips['postfix']
+        )
         result = subprocess.run(
             ['/usr/bin/fail2ban-client', 'get', 'postfix-sasl', 'banned'],
             check=True,
             capture_output=True,
         )
         ips['postfix-sasl'] = json.loads(result.stdout)
+        self._log.debug(
+            "Banned IPs in postfix-sasl jail: %s",
+            ips['postfix-sasl']
+        )
         result = subprocess.run(
             ['ufw', 'status', 'numbered'],
             check=True,
@@ -69,6 +77,10 @@ class SmtpdWatcher:
             if 'DENY IN' in line:
                 split_line = line.split(' ')
                 ips['ufw'].append(split_line[4])
+        self._log.debug(
+            "Traffic denied to IPs in UFW: %s",
+            ips['ufw']
+        )
         return ips
 
     def _process_log_file(self, line):
@@ -78,6 +90,10 @@ class SmtpdWatcher:
             if ip_match:
                 ip = ip_match.group(1)
             else:
+                self._log.debug(
+                    "Didn't find an IP in log file '%s'",
+                    line
+                )
                 return False
             target_user_match = re.search(r'sasl_username=([^ ]*)', line)
             if target_user_match:
@@ -85,6 +101,11 @@ class SmtpdWatcher:
                 if not self._check_mail_user(target_user):
                     ban = True
             else:
+                self._log.debug(
+                    "There is no SASL username field in log line, so banning IP '%s'. Log line: '%s'",
+                    ip,
+                    line
+                )
                 ban = True
             if ban:
                 if ip not in self.banned_ips['postfix']:
@@ -131,9 +152,19 @@ class SmtpdWatcher:
         if user != '':
             for mail_user in self.mail_users:
                 if user in mail_user:
+                    self._log.debug(
+                        "User '%s' match mail database user '%s'",
+                        user,
+                        mail_user
+                    )
                     return mail_user
         return False
+
     def _get_mail_user(self):
+        self._log.debug(
+            "Getting all mail users from database '%s'...",
+            self.config['db_name']
+        )
         mail_users = []
         try:
             conn = mariadb.connect(
@@ -143,7 +174,7 @@ class SmtpdWatcher:
                 password=self.config['db_password']
             )
             cur = conn.cursor()
-            cur.execute("SELECT email FROM mail.users")
+            cur.execute(self.config['db_sql_query'])
             for email in cur:
                 mail_users.append(email)
         except mariadb.Error as error:
@@ -213,6 +244,31 @@ class SmtpdWatcher:
     '--mail-log-file', '-m',
     default='/var/log/mail.log', help='Mail log file to read'
 )
+@click.option(
+    '--db-host', '-H',
+    default='127.0.0.1',
+    help='MariaDB host name for mail database'
+)
+@click.option(
+    '--db-port', '-p',
+    default=3306,
+    help='MariaDB host port for mail database'
+)
+@click.option(
+    '--db-user', '-u',
+    default=os.environ['USER'],
+    help='MariaDB user name for mail database'
+)
+@click.option(
+    '--db-password', '-P',
+    default='',
+    help='MariaDB user password for mail database'
+)
+@click.option(
+    '--db-sql-query', '-q',
+    default='SELECT email FROM mail.users',
+    help='MariaDB SQL query to get all users\' emails'
+)
 @click_config_file.configuration_option()
 def __main__(**kwargs):
     return SmtpdWatcher(**kwargs)