#!/bin/bash

EXIM_LOG="/var/log/exim_mainlog"
SLACK_WEBHOOK_URL="https://hooks.slack.com/services/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"
TMP_FILE="/usr/local/ddos/latest_proactive_report.txt"
LAST_POS_FILE="/usr/local/ddos/last_exim_log_pos.txt"

# Create the last position file if it doesn't exist
if [ ! -f "$LAST_POS_FILE" ]; then
    echo 0 > "$LAST_POS_FILE"
fi

# Get the last processed position in the log
LAST_POS=$(cat "$LAST_POS_FILE")

# Get new entries from the log starting from the last position
NEW_ENTRIES=$(tail -n +$((LAST_POS + 1)) "$EXIM_LOG" | grep "Proactive defence report")

# If there are new entries, parse the email contents (block details)
if [ ! -z "$NEW_ENTRIES" ]; then
    # Extract the report line (subject) and find the server name
    REPORT_SUBJECT=$(echo "$NEW_ENTRIES" | grep "Proactive defence report" | tail -1)

    # Extract the server name from the subject (assuming it's in the format: "Proactive defence report on [servername]")
    SERVER_NAME=$(echo "$REPORT_SUBJECT" | sed -n 's/.*Proactive defence report on \([^ ]*\).*/\1/p')

    # If the server name was successfully extracted
    if [ ! -z "$SERVER_NAME" ]; then
        # Prepare the Slack message with the desired format
#        SLACK_MESSAGE=$(jq -n --arg text "Proactive defence report on $SERVER_NAME. Check the blocked script accounts from WHW Gmail." '{text: $text}')
SLACK_MESSAGE=$(jq -n --arg text "Proactive defence report on $SERVER_NAME. Check the blocked script accounts from MRH Gmail." \
                              --arg username "Proactive Imunify Alert" \
                              '{text: $text, username: $username}')


        # Send to Slack using the webhook
        curl -X POST -H 'Content-type: application/json' --data "$SLACK_MESSAGE" "$SLACK_WEBHOOK_URL"
    fi
fi

# Update the last processed position
NEW_LAST_POS=$(wc -l < "$EXIM_LOG")
echo "$NEW_LAST_POS" > "$LAST_POS_FILE"