Merge pull request #2 from swissmakers/dev

Implement API Callbacks, SELinux Fixes, Mail Handling & Central Logging
2026-04-11 13:47:05 +02:00 · 2025-01-31 18:28:47 +01:00
parent 1adfa5dcb2 aea7afc1fd
commit 60fc9ef40b
10 changed files with 659 additions and 132 deletions
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -1,23 +1,70 @@
 package main

 import (
+	"fmt"
 	"log"
+	"time"

 	"github.com/gin-gonic/gin"
+	"github.com/swissmakers/fail2ban-ui/internal/config"
 	"github.com/swissmakers/fail2ban-ui/pkg/web"
 )

 func main() {
-	r := gin.Default()
+	settings := config.GetSettings()

-	// Load HTML templates from pkg/web/templates
-	r.LoadHTMLGlob("pkg/web/templates/*")
+	// Set Gin mode based on settings
+	if settings.Debug {
+		gin.SetMode(gin.DebugMode)
+	} else {
+		gin.SetMode(gin.ReleaseMode)
+	}

-	// Register our routes (IndexHandler, /api/summary, /api/jails/:jail/unban/:ip)
-	web.RegisterRoutes(r)
+	router := gin.Default()
+	router.LoadHTMLGlob("pkg/web/templates/*") // Load HTML templates from pkg/web/templates
+	web.RegisterRoutes(router)                 // Register routes (IndexHandler, /api/summary, jail/unban/:ip) etc..

-	log.Println("Starting Fail2ban-UI server on :8080.")
-	if err := r.Run(":8080"); err != nil {
+	printWelcomeBanner()
+	log.Println("--- Fail2Ban-UI started in", gin.Mode(), "mode ---")
+	log.Println("Server listening on port :8080.")
+
+	if err := router.Run(":8080"); err != nil {
 		log.Fatalf("Server crashed: %v", err)
 	}
 }
+
+// printWelcomeBanner prints a cool Tux banner with startup info
+func printWelcomeBanner() {
+	greeting := getGreeting()
+	const tuxBanner = `
+      .--.
+     |o_o |     %s
+     |:_/ |
+    //   \ \
+   (|     | )
+  /'\_   _/'\
+  \___)=(___/
+
+Fail2Ban UI - A Swissmade Management Interface
+----------------------------------------------
+Developers: https://swissmakers.ch
+Mode: %s
+Listening on: http://0.0.0.0:8080
+----------------------------------------------
+
+`
+	fmt.Printf(tuxBanner, greeting, gin.Mode())
+}
+
+// getGreeting returns a friendly greeting based on the time of day
+func getGreeting() string {
+	hour := time.Now().Hour()
+	switch {
+	case hour < 12:
+		return "Good morning!"
+	case hour < 18:
+		return "Good afternoon!"
+	default:
+		return "Good evening!"
+	}
+}
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,10 @@ module github.com/swissmakers/fail2ban-ui

 go 1.22.9

-require github.com/gin-gonic/gin v1.10.0
+require (
+	github.com/gin-gonic/gin v1.10.0
+	github.com/oschwald/maxminddb-golang v1.13.1
+)

 require (
 	github.com/bytedance/sonic v1.11.6 // indirect
@@ -27,7 +30,7 @@ require (
 	golang.org/x/arch v0.8.0 // indirect
 	golang.org/x/crypto v0.23.0 // indirect
 	golang.org/x/net v0.25.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/text v0.15.0 // indirect
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
--- a/go.sum
+++ b/go.sum
@@ -43,6 +43,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/oschwald/maxminddb-golang v1.13.1 h1:G3wwjdN9JmIK2o/ermkHM+98oX5fS+k5MbwsmL4MRQE=
+github.com/oschwald/maxminddb-golang v1.13.1/go.mod h1:K4pgV9N/GcK694KSTmVSDTODk4IsCNThNdTmnaBZ/F8=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -72,8 +74,8 @@ golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
--- a/internal/config/logging.go
+++ b/internal/config/logging.go
@@ -0,0 +1,37 @@
+// Fail2ban UI - A Swiss made, management interface for Fail2ban.
+//
+// Copyright (C) 2025 Swissmakers GmbH (https://swissmakers.ch)
+//
+// Licensed under the GNU General Public License, Version 3 (GPL-3.0)
+// You may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.gnu.org/licenses/gpl-3.0.en.html
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"log"
+)
+
+// DebugLog prints debug messages only if debug mode is enabled.
+func DebugLog(format string, v ...interface{}) {
+	// Avoid deadlocks by not calling GetSettings() inside DebugLog.
+	debugEnabled := false
+	debugEnabled = currentSettings.Debug
+	if !debugEnabled {
+		return
+	}
+	// Ensure correct usage of fmt.Printf-style formatting
+	if len(v) > 0 {
+		log.Printf(format, v...) // Uses format directives
+	} else {
+		log.Println(format) // Just prints the message
+	}
+}
--- a/internal/config/settings.go
+++ b/internal/config/settings.go
@@ -20,7 +20,6 @@ import (
 	"bufio"
 	"encoding/json"
 	"fmt"
-	"log"
 	"os"
 	"regexp"
 	"strconv"
@@ -28,22 +27,32 @@ import (
 	"sync"
 )

-// AppSettings holds both the UI settings (like language) and
-// relevant Fail2ban jail/local config options.
-type AppSettings struct {
-	Language       string   `json:"language"`
-	Debug          bool     `json:"debug"`
-	ReloadNeeded   bool     `json:"reloadNeeded"`
-	AlertCountries []string `json:"alertCountries"`
+// SMTPSettings holds the SMTP server configuration for sending alert emails
+type SMTPSettings struct {
+	Host     string `json:"host"`
+	Port     int    `json:"port"`
+	Username string `json:"username"`
+	Password string `json:"password"`
+	From     string `json:"from"`
+	UseTLS   bool   `json:"useTLS"`
+}

-	// These mirror some Fail2ban [DEFAULT] section parameters from jail.local
+// AppSettings holds the main UI settings and Fail2ban configuration
+type AppSettings struct {
+	Language       string       `json:"language"`
+	Debug          bool         `json:"debug"`
+	ReloadNeeded   bool         `json:"reloadNeeded"`
+	AlertCountries []string     `json:"alertCountries"`
+	SMTP           SMTPSettings `json:"smtp"`
+
+	// Fail2Ban [DEFAULT] section values from jail.local
 	BantimeIncrement bool   `json:"bantimeIncrement"`
 	IgnoreIP         string `json:"ignoreip"`
 	Bantime          string `json:"bantime"`
 	Findtime         string `json:"findtime"`
 	Maxretry         int    `json:"maxretry"`
 	Destemail        string `json:"destemail"`
-	Sender           string `json:"sender"`
+	//Sender           string `json:"sender"`
 }

 // init paths to key-files
@@ -63,11 +72,12 @@ var (
 func init() {
 	// Attempt to load existing file; if it doesn't exist, create with defaults.
 	if err := loadSettings(); err != nil {
-		fmt.Println("App settings not found, initializing new from jail.local (if exist):", err)
+		fmt.Println("App settings not found, initializing from jail.local (if exist)")
 		if err := initializeFromJailFile(); err != nil {
 			fmt.Println("Error reading jail.local:", err)
 		}
 		setDefaults()
+		fmt.Println("Initialized successfully.")

 		// save defaults to file
 		if err := saveSettings(); err != nil {
@@ -88,7 +98,7 @@ func setDefaults() {
 		currentSettings.Language = "en"
 	}
 	if currentSettings.AlertCountries == nil {
-		currentSettings.AlertCountries = []string{"all"}
+		currentSettings.AlertCountries = []string{"ALL"}
 	}
 	if currentSettings.Bantime == "" {
 		currentSettings.Bantime = "48h"
@@ -100,10 +110,25 @@ func setDefaults() {
 		currentSettings.Maxretry = 3
 	}
 	if currentSettings.Destemail == "" {
-		currentSettings.Destemail = "alerts@swissmakers.ch"
+		currentSettings.Destemail = "alerts@example.com"
 	}
-	if currentSettings.Sender == "" {
-		currentSettings.Sender = "noreply@swissmakers.ch"
+	if currentSettings.SMTP.Host == "" {
+		currentSettings.SMTP.Host = "smtp.office365.com"
+	}
+	if currentSettings.SMTP.Port == 0 {
+		currentSettings.SMTP.Port = 587
+	}
+	if currentSettings.SMTP.Username == "" {
+		currentSettings.SMTP.Username = "noreply@swissmakers.ch"
+	}
+	if currentSettings.SMTP.Password == "" {
+		currentSettings.SMTP.Password = "password"
+	}
+	if currentSettings.SMTP.From == "" {
+		currentSettings.SMTP.From = "noreply@swissmakers.ch"
+	}
+	if !currentSettings.SMTP.UseTLS {
+		currentSettings.SMTP.UseTLS = true
 	}
 	if currentSettings.IgnoreIP == "" {
 		currentSettings.IgnoreIP = "127.0.0.1/8 ::1"
@@ -151,9 +176,9 @@ func initializeFromJailFile() error {
 	if val, ok := settings["destemail"]; ok {
 		currentSettings.Destemail = val
 	}
-	if val, ok := settings["sender"]; ok {
+	/*if val, ok := settings["sender"]; ok {
 		currentSettings.Sender = val
-	}
+	}*/

 	return nil
 }
@@ -169,7 +194,7 @@ func initializeFail2banAction() error {
 		fmt.Println("Error setting up jail.d configuration:", err)
 	}
 	// Write the fail2ban action file
-	return writeFail2banAction(currentSettings.AlertCountries)
+	return writeFail2banAction()
 }

 // setupGeoCustomAction checks and replaces the default action in jail.local with our from fail2ban-UI
@@ -226,7 +251,7 @@ func ensureJailDConfig() error {
 	// Check if the file already exists
 	if _, err := os.Stat(jailDFile); err == nil {
 		// File already exists, do nothing
-		fmt.Println("Custom jail.d configuration already exists.")
+		DebugLog("Custom jail.d configuration already exists.")
 		return nil
 	}

@@ -243,18 +268,14 @@ action_mwlg = %(action_)s
 		return fmt.Errorf("failed to write jail.d config: %v", err)
 	}

-	fmt.Println("Created custom jail.d configuration at:", jailDFile)
+	DebugLog("Created custom jail.d configuration at: %v", jailDFile)
 	return nil
 }

 // writeFail2banAction creates or updates the action file with the AlertCountries.
-func writeFail2banAction(alertCountries []string) error {
-
-	// Join the alertCountries into a comma-separated string
-	countriesFormatted := strings.Join(alertCountries, ",")
-
+func writeFail2banAction() error {
 	// Define the Fail2Ban action file content
-	actionConfig := fmt.Sprintf(`[INCLUDES]
+	actionConfig := `[INCLUDES]

 before = sendmail-common.conf
         mail-whois-common.conf
@@ -266,9 +287,17 @@ before = sendmail-common.conf
 norestored = 1

 # Option: actionban
-# This executes the Python script with <ip> and the list of allowed countries.
-# If the country matches the allowed list, it sends the email.
-actionban = /etc/fail2ban/action.d/geoip_notify.py <ip> "%s" 'name=<name>;ip=<ip>;fq-hostname=<fq-hostname>;sendername=<sendername>;sender=<sender>;dest=<dest>;failures=<failures>;_whois_command=%%(_whois_command)s;_grep_logs=%%(_grep_logs)s;grepmax=<grepmax>;mailcmd=<mailcmd>'
+# This executes a cURL request to notify our API when an IP is banned.
+
+actionban = /usr/bin/curl -X POST http://127.0.0.1:8080/api/ban \
+     -H "Content-Type: application/json" \
+     -d "$(jq -n --arg ip '<ip>' \
+                 --arg jail '<name>' \
+                 --arg hostname '<fq-hostname>' \
+                 --arg failures '<failures>' \
+                 --arg whois "$(whois <ip> || echo 'missing whois program')" \
+                 --arg logs "$(tac <logpath> | grep <grepopts> -wF <ip>)" \
+                 '{ip: $ip, jail: $jail, hostname: $hostname, failures: $failures, whois: $whois, logs: $logs}')"

 [Init]

@@ -280,8 +309,7 @@ logpath = /dev/null

 # Number of log lines to include in the email
 # grepmax = 1000
-# grepopts = -m <grepmax>
-`, countriesFormatted)
+# grepopts = -m <grepmax>`

 	// Write the action file
 	err := os.WriteFile(actionFile, []byte(actionConfig), 0644)
@@ -289,14 +317,14 @@ logpath = /dev/null
 		return fmt.Errorf("failed to write action file: %w", err)
 	}

-	fmt.Printf("Action file successfully written to %s\n", actionFile)
+	DebugLog("Custom-action file successfully written to %s\n", actionFile)
 	return nil
 }

 // loadSettings reads fail2ban-ui-settings.json into currentSettings.
 func loadSettings() error {
-	fmt.Println("----------------------------")
-	fmt.Println("loadSettings called (settings.go)") // entry point
+	DebugLog("----------------------------")
+	DebugLog("loadSettings called (settings.go)") // entry point
 	data, err := os.ReadFile(settingsFile)
 	if os.IsNotExist(err) {
 		return err // triggers setDefaults + save
@@ -318,24 +346,21 @@ func loadSettings() error {

 // saveSettings writes currentSettings to JSON
 func saveSettings() error {
-	fmt.Println("----------------------------")
-	fmt.Println("saveSettings called (settings.go)") // entry point
+	DebugLog("----------------------------")
+	DebugLog("saveSettings called (settings.go)") // entry point

 	b, err := json.MarshalIndent(currentSettings, "", "  ")
 	if err != nil {
-		fmt.Println("Error marshalling settings:", err) // Debug
+		DebugLog("Error marshalling settings: %v", err) // Debug
 		return err
 	}
-	fmt.Println("Settings marshaled, writing to file...") // Log marshaling success
-	//return os.WriteFile(settingsFile, b, 0644)
+	DebugLog("Settings marshaled, writing to file...") // Log marshaling success
 	err = os.WriteFile(settingsFile, b, 0644)
 	if err != nil {
-		log.Println("Error writing to file:", err) // Debug
-	} else {
-		log.Println("Settings saved successfully!") // Debug
+		DebugLog("Error writing to file: %v", err) // Debug
 	}
 	// Update the Fail2ban action file
-	return writeFail2banAction(currentSettings.AlertCountries)
+	return writeFail2banAction()
 }

 // GetSettings returns a copy of the current settings
@@ -368,7 +393,7 @@ func UpdateSettings(new AppSettings) (AppSettings, error) {
 	settingsLock.Lock()
 	defer settingsLock.Unlock()

-	fmt.Println("Locked settings for update") // Log lock acquisition
+	DebugLog("--- Locked settings for update ---") // Log lock acquisition

 	old := currentSettings

@@ -377,9 +402,10 @@ func UpdateSettings(new AppSettings) (AppSettings, error) {
 		old.IgnoreIP != new.IgnoreIP ||
 		old.Bantime != new.Bantime ||
 		old.Findtime != new.Findtime ||
-		old.Maxretry != new.Maxretry ||
+		//old.Maxretry != new.Maxretry ||
 		old.Destemail != new.Destemail ||
-		old.Sender != new.Sender {
+		//old.Sender != new.Sender {
+		old.Maxretry != new.Maxretry {
 		new.ReloadNeeded = true
 	} else {
 		// preserve previous ReloadNeeded if it was already true
@@ -392,7 +418,7 @@ func UpdateSettings(new AppSettings) (AppSettings, error) {
 	}

 	currentSettings = new
-	fmt.Println("New settings applied:", currentSettings) // Log settings applied
+	DebugLog("New settings applied: %v", currentSettings) // Log settings applied

 	// persist to file
 	if err := saveSettings(); err != nil {
--- a/internal/fail2ban-curl-allow.pp
+++ b/internal/fail2ban-curl-allow.pp
--- a/internal/fail2ban-curl-allow.te
+++ b/internal/fail2ban-curl-allow.te
@@ -0,0 +1,11 @@
+
+module fail2ban-curl-allow 1.0;
+
+require {
+	type fail2ban_t;
+	type http_cache_port_t;
+	class tcp_socket name_connect;
+}
+
+#============= fail2ban_t ==============
+allow fail2ban_t http_cache_port_t:tcp_socket name_connect;
--- a/pkg/web/handlers.go
+++ b/pkg/web/handlers.go
@@ -17,13 +17,21 @@
 package web

 import (
+	"bytes"
+	"crypto/tls"
+	"errors"
 	"fmt"
+	"io"
+	"log"
+	"net"
 	"net/http"
+	"net/smtp"
 	"os"
 	"strings"
 	"time"

 	"github.com/gin-gonic/gin"
+	"github.com/oschwald/maxminddb-golang"
 	"github.com/swissmakers/fail2ban-ui/internal/config"
 	"github.com/swissmakers/fail2ban-ui/internal/fail2ban"
 )
@@ -73,8 +81,8 @@ func SummaryHandler(c *gin.Context) {

 // UnbanIPHandler unbans a given IP in a specific jail.
 func UnbanIPHandler(c *gin.Context) {
-	fmt.Println("----------------------------")
-	fmt.Println("UnbanIPHandler called (handlers.go)") // entry point
+	config.DebugLog("----------------------------")
+	config.DebugLog("UnbanIPHandler called (handlers.go)") // entry point
 	jail := c.Param("jail")
 	ip := c.Param("ip")

@@ -85,12 +93,124 @@ func UnbanIPHandler(c *gin.Context) {
 		})
 		return
 	}
-	fmt.Println(ip + " from jail " + jail + " unbanned successfully (handlers.go)")
+	fmt.Println(ip + " from jail " + jail + " unbanned successfully.")
 	c.JSON(http.StatusOK, gin.H{
 		"message": "IP unbanned successfully",
 	})
 }

+// BanNotificationHandler processes incoming ban notifications from Fail2Ban.
+func BanNotificationHandler(c *gin.Context) {
+	var request struct {
+		IP       string `json:"ip" binding:"required"`
+		Jail     string `json:"jail" binding:"required"`
+		Hostname string `json:"hostname"`
+		Failures string `json:"failures"`
+		Whois    string `json:"whois"`
+		Logs     string `json:"logs"`
+	}
+
+	// **DEBUGGING: Log Raw JSON Body**
+	body, _ := io.ReadAll(c.Request.Body)
+	config.DebugLog("📩 Incoming Ban Notification: %s\n", string(body))
+
+	// Rebind body so Gin can parse it again (important!)
+	c.Request.Body = io.NopCloser(bytes.NewBuffer(body))
+
+	// Parse JSON request body
+	if err := c.ShouldBindJSON(&request); err != nil {
+		log.Printf("❌ Invalid request: %v\n", err)
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request: " + err.Error()})
+		return
+	}
+
+	// **DEBUGGING: Log Parsed Request**
+	log.Printf("✅ Parsed Ban Request - IP: %s, Jail: %s, Hostname: %s, Failures: %s",
+		request.IP, request.Jail, request.Hostname, request.Failures)
+
+	// Handle the Fail2Ban notification
+	if err := HandleBanNotification(request.IP, request.Jail, request.Hostname, request.Failures, request.Whois, request.Logs); err != nil {
+		log.Printf("❌ Failed to process ban notification: %v\n", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to process ban notification: " + err.Error()})
+		return
+	}
+
+	// Respond with success
+	c.JSON(http.StatusOK, gin.H{"message": "Ban notification processed successfully"})
+}
+
+// HandleBanNotification processes Fail2Ban notifications, checks geo-location, and sends alerts.
+func HandleBanNotification(ip, jail, hostname, failures, whois, logs string) error {
+	// Load settings to get alert countries
+	settings := config.GetSettings()
+
+	// Lookup the country for the given IP
+	country, err := lookupCountry(ip)
+	if err != nil {
+		log.Printf("⚠️ GeoIP lookup failed for IP %s: %v", ip, err)
+		return err
+	}
+
+	// Check if country is in alert list
+	if !shouldAlertForCountry(country, settings.AlertCountries) {
+		log.Printf("❌ IP %s belongs to %s, which is NOT in alert countries (%v). No alert sent.", ip, country, settings.AlertCountries)
+		return nil
+	}
+
+	// Send email notification
+	if err := sendBanAlert(ip, jail, hostname, failures, whois, logs, country, settings); err != nil {
+		log.Printf("❌ Failed to send alert email: %v", err)
+		return err
+	}
+
+	log.Printf("✅ Email alert sent for banned IP %s (%s)", ip, country)
+	return nil
+}
+
+// lookupCountry finds the country ISO code for a given IP using MaxMind GeoLite2 database.
+func lookupCountry(ip string) (string, error) {
+	// Convert the IP string to net.IP
+	parsedIP := net.ParseIP(ip)
+	if parsedIP == nil {
+		return "", fmt.Errorf("invalid IP address: %s", ip)
+	}
+
+	// Open the GeoIP database
+	db, err := maxminddb.Open("/usr/share/GeoIP/GeoLite2-Country.mmdb")
+	if err != nil {
+		return "", fmt.Errorf("failed to open GeoIP database: %w", err)
+	}
+	defer db.Close()
+
+	// Define the structure to store the lookup result
+	var record struct {
+		Country struct {
+			ISOCode string `maxminddb:"iso_code"`
+		} `maxminddb:"country"`
+	}
+
+	// Perform the lookup using net.IP type
+	if err := db.Lookup(parsedIP, &record); err != nil {
+		return "", fmt.Errorf("GeoIP lookup error: %w", err)
+	}
+
+	// Return the country code
+	return record.Country.ISOCode, nil
+}
+
+// shouldAlertForCountry checks if an IP’s country is in the allowed alert list.
+func shouldAlertForCountry(country string, alertCountries []string) bool {
+	if len(alertCountries) == 0 || strings.Contains(strings.Join(alertCountries, ","), "ALL") {
+		return true // If "ALL" is selected, alert for all bans
+	}
+	for _, c := range alertCountries {
+		if strings.EqualFold(country, c) {
+			return true
+		}
+	}
+	return false
+}
+
 func sortByTimeDesc(events []fail2ban.BanEvent) {
 	for i := 0; i < len(events); i++ {
 		for j := i + 1; j < len(events); j++ {
@@ -126,8 +246,8 @@ func GetJailFilterConfigHandler(c *gin.Context) {

 // SetJailFilterConfigHandler overwrites the current filter config with new content
 func SetJailFilterConfigHandler(c *gin.Context) {
-	fmt.Println("----------------------------")
-	fmt.Println("SetJailFilterConfigHandler called (handlers.go)") // entry point
+	config.DebugLog("----------------------------")
+	config.DebugLog("SetJailFilterConfigHandler called (handlers.go)") // entry point
 	jail := c.Param("jail")

 	// Parse JSON body (containing the new filter content)
@@ -162,16 +282,16 @@ func SetJailFilterConfigHandler(c *gin.Context) {

 // GetSettingsHandler returns the entire AppSettings struct as JSON
 func GetSettingsHandler(c *gin.Context) {
-	fmt.Println("----------------------------")
-	fmt.Println("GetSettingsHandler called (handlers.go)") // entry point
+	config.DebugLog("----------------------------")
+	config.DebugLog("GetSettingsHandler called (handlers.go)") // entry point
 	s := config.GetSettings()
 	c.JSON(http.StatusOK, s)
 }

 // UpdateSettingsHandler updates the AppSettings from a JSON body
 func UpdateSettingsHandler(c *gin.Context) {
-	fmt.Println("----------------------------")
-	fmt.Println("UpdateSettingsHandler called (handlers.go)") // entry point
+	config.DebugLog("----------------------------")
+	config.DebugLog("UpdateSettingsHandler called (handlers.go)") // entry point
 	var req config.AppSettings
 	if err := c.ShouldBindJSON(&req); err != nil {
 		fmt.Println("JSON binding error:", err) // Debug
@@ -181,7 +301,7 @@ func UpdateSettingsHandler(c *gin.Context) {
 		})
 		return
 	}
-	fmt.Println("JSON binding successful, updating settings (handlers.go)")
+	config.DebugLog("JSON binding successful, updating settings (handlers.go)")

 	newSettings, err := config.UpdateSettings(req)
 	if err != nil {
@@ -189,7 +309,7 @@ func UpdateSettingsHandler(c *gin.Context) {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
-	fmt.Println("Settings updated successfully (handlers.go)")
+	config.DebugLog("Settings updated successfully (handlers.go)")

 	c.JSON(http.StatusOK, gin.H{
 		"message":      "Settings updated",
@@ -200,8 +320,8 @@ func UpdateSettingsHandler(c *gin.Context) {
 // ListFiltersHandler returns a JSON array of filter names
 // found as *.conf in /etc/fail2ban/filter.d
 func ListFiltersHandler(c *gin.Context) {
-	fmt.Println("----------------------------")
-	fmt.Println("ListFiltersHandler called (handlers.go)") // entry point
+	config.DebugLog("----------------------------")
+	config.DebugLog("ListFiltersHandler called (handlers.go)") // entry point
 	dir := "/etc/fail2ban/filter.d"

 	files, err := os.ReadDir(dir)
@@ -224,8 +344,8 @@ func ListFiltersHandler(c *gin.Context) {
 }

 func TestFilterHandler(c *gin.Context) {
-	fmt.Println("----------------------------")
-	fmt.Println("TestFilterHandler called (handlers.go)") // entry point
+	config.DebugLog("----------------------------")
+	config.DebugLog("TestFilterHandler called (handlers.go)") // entry point
 	var req struct {
 		FilterName string   `json:"filterName"`
 		LogLines   []string `json:"logLines"`
@@ -241,8 +361,8 @@ func TestFilterHandler(c *gin.Context) {

 // ApplyFail2banSettings updates /etc/fail2ban/jail.local [DEFAULT] with our JSON
 func ApplyFail2banSettings(jailLocalPath string) error {
-	fmt.Println("----------------------------")
-	fmt.Println("ApplyFail2banSettings called (handlers.go)") // entry point
+	config.DebugLog("----------------------------")
+	config.DebugLog("ApplyFail2banSettings called (handlers.go)") // entry point
 	s := config.GetSettings()

 	// open /etc/fail2ban/jail.local, parse or do a simplistic approach:
@@ -257,7 +377,7 @@ func ApplyFail2banSettings(jailLocalPath string) error {
 		fmt.Sprintf("findtime = %s", s.Findtime),
 		fmt.Sprintf("maxretry = %d", s.Maxretry),
 		fmt.Sprintf("destemail = %s", s.Destemail),
-		fmt.Sprintf("sender = %s", s.Sender),
+		//fmt.Sprintf("sender = %s", s.Sender),
 		"",
 	}
 	content := strings.Join(newLines, "\n")
@@ -267,8 +387,8 @@ func ApplyFail2banSettings(jailLocalPath string) error {

 // ReloadFail2banHandler reloads the Fail2ban service
 func ReloadFail2banHandler(c *gin.Context) {
-	fmt.Println("----------------------------")
-	fmt.Println("ApplyFail2banSettings called (handlers.go)") // entry point
+	config.DebugLog("----------------------------")
+	config.DebugLog("ApplyFail2banSettings called (handlers.go)") // entry point

 	// First we write our new settings to /etc/fail2ban/jail.local
 	//	if err := fail2ban.ApplyFail2banSettings("/etc/fail2ban/jail.local"); err != nil {
@@ -289,3 +409,237 @@ func ReloadFail2banHandler(c *gin.Context) {
 	}
 	c.JSON(http.StatusOK, gin.H{"message": "Fail2ban reloaded successfully"})
 }
+
+// *******************************************************************
+// *                 Unified Email Sending Function :                *
+// *******************************************************************
+func sendEmail(to, subject, body string, settings config.AppSettings) error {
+	// Validate SMTP settings
+	if settings.SMTP.Host == "" || settings.SMTP.Username == "" || settings.SMTP.Password == "" || settings.SMTP.From == "" {
+		return errors.New("SMTP settings are incomplete. Please configure all required fields")
+	}
+
+	// Format message with **correct HTML headers**
+	message := fmt.Sprintf("From: %s\nTo: %s\nSubject: %s\n"+
+		"MIME-Version: 1.0\nContent-Type: text/html; charset=\"UTF-8\"\n\n%s",
+		settings.SMTP.From, to, subject, body)
+	msg := []byte(message)
+
+	// SMTP Connection Config
+	smtpHost := settings.SMTP.Host
+	smtpPort := settings.SMTP.Port
+	auth := LoginAuth(settings.SMTP.Username, settings.SMTP.Password)
+	smtpAddr := fmt.Sprintf("%s:%d", smtpHost, smtpPort)
+
+	// **Choose Connection Type**
+	if smtpPort == 465 {
+		// SMTPS (Implicit TLS) - Not supported at the moment.
+		tlsConfig := &tls.Config{ServerName: smtpHost}
+		conn, err := tls.Dial("tcp", smtpAddr, tlsConfig)
+		if err != nil {
+			return fmt.Errorf("failed to connect via TLS: %w", err)
+		}
+		defer conn.Close()
+
+		client, err := smtp.NewClient(conn, smtpHost)
+		if err != nil {
+			return fmt.Errorf("failed to create SMTP client: %w", err)
+		}
+		defer client.Quit()
+
+		if err := client.Auth(auth); err != nil {
+			return fmt.Errorf("SMTP authentication failed: %w", err)
+		}
+
+		return sendSMTPMessage(client, settings.SMTP.From, to, msg)
+
+	} else if smtpPort == 587 {
+		// STARTTLS (Explicit TLS)
+		conn, err := net.Dial("tcp", smtpAddr)
+		if err != nil {
+			return fmt.Errorf("failed to connect to SMTP server: %w", err)
+		}
+		defer conn.Close()
+
+		client, err := smtp.NewClient(conn, smtpHost)
+		if err != nil {
+			return fmt.Errorf("failed to create SMTP client: %w", err)
+		}
+		defer client.Quit()
+
+		// Start TLS Upgrade
+		tlsConfig := &tls.Config{ServerName: smtpHost}
+		if err := client.StartTLS(tlsConfig); err != nil {
+			return fmt.Errorf("failed to start TLS: %w", err)
+		}
+
+		if err := client.Auth(auth); err != nil {
+			return fmt.Errorf("SMTP authentication failed: %w", err)
+		}
+
+		return sendSMTPMessage(client, settings.SMTP.From, to, msg)
+	}
+
+	return errors.New("unsupported SMTP port. Use 587 (STARTTLS) or 465 (SMTPS)")
+}
+
+// Helper Function to Send SMTP Message
+func sendSMTPMessage(client *smtp.Client, from, to string, msg []byte) error {
+	// Set sender & recipient
+	if err := client.Mail(from); err != nil {
+		return fmt.Errorf("failed to set sender: %w", err)
+	}
+	if err := client.Rcpt(to); err != nil {
+		return fmt.Errorf("failed to set recipient: %w", err)
+	}
+
+	// Send email body
+	wc, err := client.Data()
+	if err != nil {
+		return fmt.Errorf("failed to start data command: %w", err)
+	}
+	defer wc.Close()
+
+	if _, err = wc.Write(msg); err != nil {
+		return fmt.Errorf("failed to write email content: %w", err)
+	}
+
+	// Close connection
+	client.Quit()
+	return nil
+}
+
+// *******************************************************************
+// *                      sendBanAlert Function :                    *
+// *******************************************************************
+func sendBanAlert(ip, jail, hostname, failures, whois, logs, country string, settings config.AppSettings) error {
+	subject := fmt.Sprintf("[Fail2Ban] %s: Banned %s from %s", jail, ip, hostname)
+
+	// Improved Responsive HTML Email
+	body := fmt.Sprintf(`<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Fail2Ban Alert</title>
+<style>
+    body { font-family: Arial, sans-serif; background-color: #f4f4f4; margin: 0; padding: 0; }
+    .container { max-width: 600px; margin: 20px auto; background: #ffffff; padding: 20px; border-radius: 8px; box-shadow: 0px 2px 4px rgba(0,0,0,0.1); }
+    .header { text-align: center; padding-bottom: 10px; border-bottom: 2px solid #005DE0; }
+    .header img { max-width: 150px; }
+    .header h2 { color: #005DE0; margin: 10px 0; font-size: 24px; }
+    .content { padding: 15px; }
+    .details { background: #f9f9f9; padding: 15px; border-left: 4px solid #5579f8; margin-bottom: 10px; }
+    .footer { text-align: center; color: #888; font-size: 12px; padding-top: 10px; border-top: 1px solid #ddd; margin-top: 15px; }
+    .label { font-weight: bold; color: #333; }
+    pre {
+        background: #222; /* Dark terminal-like background */
+        color: #ddd; /* Light text */
+        font-family: "Courier New", Courier, monospace; /* Monospace font */
+        font-size: 12px; /* Smaller font size */
+        padding: 10px;
+        border-radius: 5px;
+        overflow-x: auto; /* Scroll horizontally if needed */
+        white-space: pre-wrap; /* Preserve line breaks */
+    }
+    /* Mobile Styles */
+    @media screen and (max-width: 600px) {
+        .container { width: 90%%; padding: 10px; }
+        .header h2 { font-size: 20px; }
+        .details p { font-size: 14px; }
+        .footer { font-size: 10px; }
+    }
+</style>
+</head>
+<body>
+    <div class="container">
+        <!-- HEADER -->
+        <div class="header">
+            <img src="https://swissmakers.ch/wp-content/uploads/2023/09/cyber.png" alt="Swissmakers GmbH" width="150" />
+            <h2>🚨 Security Alert from Fail2Ban-UI</h2>
+        </div>
+
+        <!-- ALERT MESSAGE -->
+        <div class="content">
+            <p>A new IP has been banned due to excessive failed login attempts.</p>
+
+            <div class="details">
+                <p><span class="label">📌 Banned IP:</span> %s</p>
+                <p><span class="label">🛡️ Jail Name:</span> %s</p>
+                <p><span class="label">🏠 Hostname:</span> %s</p>
+                <p><span class="label">🚫 Failed Attempts:</span> %s</p>
+                <p><span class="label">🌍 Country:</span> %s</p>
+            </div>
+
+            <h3>🔍 More Information about Attacker:</h3>
+            <pre>%s</pre>
+
+            <h3>📄 Server Log Entries:</h3>
+            <pre>%s</pre>
+        </div>
+
+        <!-- FOOTER -->
+        <div class="footer">
+            <p>This email was generated automatically by Fail2Ban.</p>
+            <p>For security inquiries, contact <a href="mailto:support@swissmakers.ch">support@swissmakers.ch</a></p>
+            <p>&copy; %d Swissmakers GmbH. All rights reserved.</p>
+        </div>
+    </div>
+</body>
+</html>`, ip, jail, hostname, failures, country, whois, logs, time.Now().Year())
+
+	// Send the email
+	return sendEmail(settings.Destemail, subject, body, settings)
+}
+
+// *******************************************************************
+// *               TestEmailHandler to send test-mail :              *
+// *******************************************************************
+func TestEmailHandler(c *gin.Context) {
+	settings := config.GetSettings()
+
+	err := sendEmail(
+		settings.Destemail,
+		"Test Email from Fail2Ban UI",
+		"This is a test email sent from the Fail2Ban UI to verify SMTP settings.",
+		settings,
+	)
+
+	if err != nil {
+		log.Printf("❌ Test email failed: %v", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to send test email: " + err.Error()})
+		return
+	}
+
+	log.Println("✅ Test email sent successfully!")
+	c.JSON(http.StatusOK, gin.H{"message": "Test email sent successfully!"})
+}
+
+// *******************************************************************
+// *                 Office365 LOGIN Authentication :                *
+// *******************************************************************
+type loginAuth struct {
+	username, password string
+}
+
+func LoginAuth(username, password string) smtp.Auth {
+	return &loginAuth{username, password}
+}
+
+func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
+	return "LOGIN", []byte(a.username), nil
+}
+
+func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
+	if more {
+		switch string(fromServer) {
+		case "Username:":
+			return []byte(a.username), nil
+		case "Password:":
+			return []byte(a.password), nil
+		default:
+			return nil, errors.New("unexpected server challenge")
+		}
+	}
+	return nil, nil
+}
--- a/pkg/web/routes.go
+++ b/pkg/web/routes.go
@@ -37,6 +37,7 @@ func RegisterRoutes(r *gin.Engine) {
 		// settings
 		api.GET("/settings", GetSettingsHandler)
 		api.POST("/settings", UpdateSettingsHandler)
+		api.POST("/settings/test-email", TestEmailHandler)

 		// filter debugger
 		api.GET("/filters", ListFiltersHandler)
@@ -46,5 +47,8 @@ func RegisterRoutes(r *gin.Engine) {

 		// Reload endpoint
 		api.POST("/fail2ban/reload", ReloadFail2banHandler)
+
+		// Handle Fail2Ban notifications
+		api.POST("/ban", BanNotificationHandler)
 	}
 }
--- a/pkg/web/templates/index.html
+++ b/pkg/web/templates/index.html
@@ -143,21 +143,13 @@
    <!-- Alert Settings Group -->
    <fieldset class="border p-3 rounded mb-4">
      <legend class="w-auto px-2">Alert Settings</legend>
-
-      <!-- Source Email -->
      <div class="mb-3">
-        <label for="sourceEmail" class="form-label">Source Email - Emails are sent from this address.</label>
-        <input type="email" class="form-control" id="sourceEmail"/>
+        <label for="destEmail" class="form-label">Destination Email (Alerts Receiver)</label>
+        <input type="email" class="form-control" id="destEmail" placeholder="alerts@swissmakers.ch" />
      </div>
-      <!-- Destination Email -->
      <div class="mb-3">
-        <label for="destEmail" class="form-label">Destination Email - Where to sent the alert messages?</label>
-        <input type="email" class="form-control" id="destEmail" placeholder="e.g., alerts@swissmakers.ch" />
-      </div>
-      <!-- Alert Countries -->
-      <div class="mb-3">
-        <label for="alertCountries" class="form-label">Select alert Countries</label>
-        <p class="text-muted">Choose which country IP blocks should trigger an email. You can select multiple with CTRL.</p>
+        <label for="alertCountries" class="form-label">Select Alert Countries</label>
+        <p class="text-muted">Choose which country IP blocks should trigger an email (hold CTRL for multiple).</p>
        <select id="alertCountries" class="form-select" multiple size="7">
          <option value="ALL">ALL (Every Country)</option>
          <option value="CH">Switzerland (CH)</option>
@@ -171,6 +163,37 @@
      </div>
    </fieldset>

+    <!-- SMTP Configuration Group -->
+    <fieldset class="border p-3 rounded mb-4">
+      <legend class="w-auto px-2">SMTP Configuration</legend>
+      <div class="mb-3">
+        <label for="smtpHost" class="form-label">SMTP Host</label>
+        <input type="text" class="form-control" id="smtpHost" placeholder="e.g., smtp.gmail.com" required />
+      </div>
+      <label for="smtpPort">SMTP Port</label>
+      <select id="smtpPort" class="form-select">
+          <option value="587" selected>587 (Recommended - STARTTLS)</option>
+          <option value="465" disabled>465 (Not Supported)</option>
+      </select>
+      <div class="mb-3">
+        <label for="smtpUsername" class="form-label">SMTP Username</label>
+        <input type="text" class="form-control" id="smtpUsername" placeholder="e.g., user@example.com" required />
+      </div>
+      <div class="mb-3">
+        <label for="smtpPassword" class="form-label">SMTP Password</label>
+        <input type="password" class="form-control" id="smtpPassword" placeholder="Enter SMTP Password" required />
+      </div>
+      <div class="mb-3">
+        <label for="smtpFrom" class="form-label">Sender Email</label>
+        <input type="email" class="form-control" id="smtpFrom" placeholder="noreply@swissmakers.ch" required />
+      </div>
+      <div class="mb-3 form-check">
+        <input type="checkbox" class="form-check-input" id="smtpUseTLS">
+        <label for="smtpUseTLS" class="form-check-label">Use TLS (Recommended)</label>
+      </div>
+      <button type="button" class="btn btn-secondary mt-2" onclick="sendTestEmail()">Send Test Email</button>
+    </fieldset>
+
    <!-- Fail2Ban Configuration Group -->
    <fieldset class="border p-3 rounded mb-4">
      <legend class="w-auto px-2">Fail2Ban Configuration</legend>
@@ -198,9 +221,9 @@
      <!-- Ignore IPs -->
      <div class="mb-3">
        <label for="ignoreIP" class="form-label">Ignore IPs</label>
-        <textarea class="form-control" id="ignoreIP" rows="2" placeholder="Enter IPs to ignore, separated by spaces"></textarea>
+        <textarea class="form-control" id="ignoreIP" rows="2" placeholder="IPs to ignore, separated by spaces"></textarea>
      </div>
-    </fieldset>  
+    </fieldset>
    <button type="submit" class="btn btn-primary">Save</button>
  </form>
 </div>
@@ -589,12 +612,11 @@ function loadSettings() {
      document.getElementById('languageSelect').value = data.language || 'en';
      document.getElementById('debugMode').checked = data.debug || false;

-      // Get current alert settings
-      document.getElementById('sourceEmail').value = data.sender || '';
+      // Get Alert settings
      document.getElementById('destEmail').value = data.destemail || '';
-      // alertCountries multi
+
+      // Get Alert countries selection
      const select = document.getElementById('alertCountries');
-      // clear selection
      for (let i = 0; i < select.options.length; i++) {
        select.options[i].selected = false;
      }
@@ -611,7 +633,17 @@ function loadSettings() {
        }
      }

-      // Get current Fail2Ban Configuration
+      // Get SMTP settings
+      if (data.smtp) {
+        document.getElementById('smtpHost').value = data.smtp.host || '';
+        document.getElementById('smtpPort').value = data.smtp.port || 587;
+        document.getElementById('smtpUsername').value = data.smtp.username || '';
+        document.getElementById('smtpPassword').value = data.smtp.password || '';
+        document.getElementById('smtpFrom').value = data.smtp.from || '';
+        document.getElementById('smtpUseTLS').checked = data.smtp.useTLS || false;
+      }
+
+      // Get current Fail2Ban settings
      document.getElementById('bantimeIncrement').checked = data.bantimeIncrement || false;
      document.getElementById('banTime').value = data.bantime || '';
      document.getElementById('findTime').value = data.findtime || '';
@@ -625,57 +657,49 @@ function loadSettings() {
 }

 // Save settings when hit the save button
-function saveSettings(e) {
-  e.preventDefault(); // prevent form submission
+function saveSettings(event) {
+  event.preventDefault(); // prevent form submission

  showLoading(true);
-  const lang = document.getElementById('languageSelect').value;
-  const debugMode = document.getElementById("debugMode").checked;
-  const srcmail = document.getElementById('sourceEmail').value;
-  const destmail = document.getElementById('destEmail').value;
+  
+  // Gather form values
+  const smtpSettings = {
+    host: document.getElementById('smtpHost').value.trim(),
+    port: parseInt(document.getElementById('smtpPort').value, 10) || 587,
+    username: document.getElementById('smtpUsername').value.trim(),
+    password: document.getElementById('smtpPassword').value.trim(),
+    from: document.getElementById('smtpFrom').value.trim(),
+    useTLS: document.getElementById('smtpUseTLS').checked,
+  };

-  const select = document.getElementById('alertCountries');
-  let chosenCountries = [];
-  for (let i = 0; i < select.options.length; i++) {
-    if (select.options[i].selected) {
-      chosenCountries.push(select.options[i].value);
-    }
-  }
-  // If user selected "ALL", we override everything
-  if (chosenCountries.includes("ALL")) {
-    chosenCountries = ["all"];
-  }
+  const selectedCountries = Array.from(document.getElementById('alertCountries').selectedOptions).map(opt => opt.value);

-  const bantimeinc = document.getElementById('bantimeIncrement').checked;
-  const bant = document.getElementById('banTime').value;
-  const findt = document.getElementById('findTime').value;
-  const maxre = parseInt(document.getElementById('maxRetry').value, 10) || 1; // Default to 1 (if parsing fails)
-  const ignip = document.getElementById('ignoreIP').value;
+  const settingsData = {
+    language: document.getElementById('languageSelect').value,
+    debug: document.getElementById('debugMode').checked,
+    destemail: document.getElementById('destEmail').value.trim(),
+    alertCountries: selectedCountries.length > 0 ? selectedCountries : ["ALL"],
+    
+    bantimeIncrement: document.getElementById('bantimeIncrement').checked,
+    bantime: document.getElementById('banTime').value.trim(),
+    findtime: document.getElementById('findTime').value.trim(),
+    
+    maxretry: parseInt(document.getElementById('maxRetry').value, 10) || 3,
+    ignoreip: document.getElementById('ignoreIP').value.trim(),

-  const body = {
-    language: lang,
-    debug: debugMode,
-    sender: srcmail,
-    destemail: destmail,
-    alertCountries: chosenCountries,
-    bantimeIncrement: bantimeinc,
-    bantime: bant,
-    findtime: findt,
-    maxretry: maxre,
-    ignoreip: ignip
+    smtp: smtpSettings // (Includes SMTP settings)
  };

  fetch('/api/settings', {
    method: 'POST',
    headers: {'Content-Type': 'application/json'},
-    body: JSON.stringify(body)
+    body: JSON.stringify(settingsData),
  })
    .then(res => res.json())
    .then(data => {
      if (data.error) {
        alert('Error saving settings: ' + data.error + data.details);
      } else {
-        //alert(data.message || 'Settings saved');
        console.log("Settings saved successfully. Reload needed? " + data.reloadNeeded);
        if (data.reloadNeeded) {
          document.getElementById('reloadBanner').style.display = 'block';
@@ -719,6 +743,25 @@ function loadFilters() {
    .finally(() => showLoading(false));
 }

+function sendTestEmail() {
+  showLoading(true);
+
+  fetch('/api/settings/test-email', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' }
+  })
+    .then(res => res.json())
+    .then(data => {
+      if (data.error) {
+        alert('Error sending test email: ' + data.error);
+      } else {
+        alert('Test email sent successfully!');
+      }
+    })
+    .catch(error => alert('Error: ' + error))
+    .finally(() => showLoading(false));
+}
+
 // Called when clicking "Test Filter" button
 function testSelectedFilter() {
  const filterName = document.getElementById('filterSelect').value;