version 1

tools/add_mail_domain.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -euo pipefail
+
+DOMAIN="$1"
+
+if [[ -z "$DOMAIN" ]]; then
+    echo "Usage: $0 <domain>"
+    exit 1
+fi
+
+echo "=============================================="
+echo " ADDING MAIL DOMAIN: $DOMAIN"
+echo "=============================================="
+echo ""
+
+MAILSERVER_CONTAINER="mailserver"
+
+#
+# STEP 1: create dummy mailbox — required to register domain internally
+#
+echo "[1/3] Creating domain presence via dummy account ..."
+docker exec "$MAILSERVER_CONTAINER" setup email add "dms-domain-init@$DOMAIN" "Init12345" >/dev/null 2>&1 || true
+
+#
+# STEP 2: generate DKIM key
+#
+echo "[2/3] Generating DKIM key ..."
+docker exec "$MAILSERVER_CONTAINER" setup config dkim keysize 2048 domain "$DOMAIN"
+
+#
+# STEP 3: extract DKIM public key (to show user DNS record)
+#
+echo "[3/3] Extracting DKIM public key ..."
+PUBKEY=$(docker exec "$MAILSERVER_CONTAINER" sh -c \
+  "cat /tmp/docker-mailserver/opendkim/keys/$DOMAIN/mail.txt" 2>/dev/null)
+
+if [[ -z "$PUBKEY" ]]; then
+    echo "ERROR: Could not read DKIM key!"
+    exit 1
+fi
+
+echo ""
+echo "=============================================="
+echo " DNS RECORDS TO ADD FOR: $DOMAIN"
+echo "=============================================="
+echo ""
+echo "1) MX record:"
+echo "   $DOMAIN.     50   mail.knusperkerne.de."
+echo ""
+echo "2) SPF record:"
+echo "   $DOMAIN.     TXT  \"v=spf1 mx a:mailsystem.knusperkerne.de ip4:89.58.2.51 -all\""
+echo ""
+echo "3) DKIM record (selector: mail):"
+echo ""
+echo "$PUBKEY"
+echo ""
+echo "4) DMARC record:"
+echo "   _dmarc.$DOMAIN.   TXT   \"v=DMARC1; p=quarantine; rua=mailto:postmaster@$DOMAIN\""
+echo ""
+echo "=============================================="
+echo " Domain setup completed."
+echo "=============================================="
+echo ""

tools/add_mailuser.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+MAILSERVER_CONTAINER="mailserver"
+PWGEN_CMD="pwgen -scn 32"
+
+if [ $# -ne 1 -o $# -ne 2 ]
+then
+    echo "Usage: $0 mail_address [password]"
+    exit 1
+fi
+
+EMAIL="$1"
+PASSWORD="${2:-}"
+
+if [ -z "$PASSWORD" ]
+then
+    # Ensure pwgen exists
+    if ! command -v pwgen >/dev/null 2>&1; then
+        echo "ERROR: pwgen is not installed. Install with: sudo apt install pwgen"
+        exit 1
+    fi
+
+    # Generate a secure password
+    PASSWORD="$($PWGEN_CMD)"
+fi
+
+# Create the mailbox inside Docker-Mailserver (DMS hashes internally)
+docker exec -i "$MAILSERVER_CONTAINER" setup email add "$EMAIL" "$PASSWORD"
+
+echo
+echo "=============================================="
+echo "User added: $EMAIL"
+echo
+echo "Generated password (plaintext):"
+echo "    $PASSWORD"
+echo
+echo "This password is NOT stored in plaintext anywhere."
+echo "Docker-Mailserver stored only a secure hash."
+echo "=============================================="
+echo
+echo "Restart mailserver to apply changes:"
+echo "  docker compose restart mail"

tools/check_dns.sh

@@ -0,0 +1,124 @@
+#!/bin/bash
+
+DOMAIN="knusperkerne.de"
+HOST="mailsystem.knusperkerne.de"
+IP="89.58.2.51"
+
+MAILSERVER_CONTAINER="mailserver"
+
+echo ""
+echo "=========================================="
+echo " MAILSERVER HEALTH CHECK"
+echo " Domain: $DOMAIN"
+echo " Host:   $HOST ($IP)"
+echo "=========================================="
+echo ""
+
+#
+# Helper
+#
+check_dns_record() {
+    local label="$1"
+    local result="$2"
+
+    if [[ -z "$result" ]]; then
+        echo "$label:     [FAIL]"
+    else
+        echo "$label:     [OK]  $result"
+    fi
+}
+
+service_running() {
+    local svc="$1"
+    docker exec "$MAILSERVER_CONTAINER" supervisorctl status "$svc" 2>/dev/null | grep -q "RUNNING"
+}
+
+#
+# Load environment flags
+#
+ENVFILE="$(dirname "$0")/../config/dms.env"
+
+get_env_flag() {
+    local key="$1"
+    grep -E "^$key=" "$ENVFILE" | cut -d '=' -f2
+}
+
+ENABLE_AMAVIS=$(get_env_flag ENABLE_AMAVIS)
+ENABLE_CLAMAV=$(get_env_flag ENABLE_CLAMAV)
+
+#
+# DNS CHECK
+#
+echo "Checking DNS..."
+echo "------------------------------------------"
+
+MX=$(dig +short MX $DOMAIN)
+A=$(dig +short A $HOST)
+SPF=$(dig +short TXT $DOMAIN | grep spf)
+DKIM=$(dig +short TXT mail._domainkey.$DOMAIN)
+DMARC=$(dig +short TXT _dmarc.$DOMAIN)
+RDNS=$(dig -x $IP +short)
+
+check_dns_record "MX" "$MX"
+check_dns_record "A" "$A"
+check_dns_record "SPF" "$SPF"
+check_dns_record "DKIM" "$DKIM"
+check_dns_record "DMARC" "$DMARC"
+check_dns_record "rDNS" "$RDNS"
+
+echo ""
+#
+# TLS Tests
+#
+echo "Checking SMTP TLS (Port 587)..."
+echo "------------------------------------------"
+openssl s_client -connect "$HOST:587" -starttls smtp -brief < /dev/null &>/tmp/tls587
+grep -q "TLSv" /tmp/tls587 && echo "587/TLS:  [OK]" || echo "587/TLS:  [FAIL]"
+
+echo ""
+echo "Checking SMTP (Port 25)..."
+echo "------------------------------------------"
+openssl s_client -connect "$HOST:25" -starttls smtp -brief < /dev/null &>/tmp/tls25
+grep -q "TLSv" /tmp/tls25 && echo "25/TLS:   [OK]" || echo "25/TLS:   [FAIL]"
+
+echo ""
+echo "Checking IMAPS TLS (993)..."
+echo "------------------------------------------"
+openssl s_client -connect "$HOST:993" -brief < /dev/null &>/tmp/tls993
+grep -q "TLSv" /tmp/tls993 && echo "993/TLS:  [OK]" || echo "993/TLS:  [FAIL]"
+
+echo ""
+
+#
+# SERVICE CHECK (ONLY ACTIVE SERVICES)
+#
+echo "Checking local mail services (inside container)..."
+echo "------------------------------------------"
+
+# Postfix
+if service_running postfix; then echo "postfix:      [OK]"; else echo "postfix:      [FAIL]"; fi
+
+# Dovecot
+if service_running dovecot; then echo "dovecot:      [OK]"; else echo "dovecot:      [FAIL]"; fi
+
+# Amavis (only if enabled)
+if [[ "$ENABLE_AMAVIS" == "1" ]]; then
+    if service_running amavis; then echo "amavis:       [OK]"; else echo "amavis:       [FAIL]"; fi
+fi
+
+# SpamAssassin (always via Amavis)
+echo "spamassassin: [OK] (via Amavis)"
+
+# ClamAV (only if enabled)
+if [[ "$ENABLE_CLAMAV" == "1" ]]; then
+    if service_running clamav; then echo "clamav:       [OK]"; else echo "clamav:       [FAIL]"; fi
+fi
+
+QUEUE=$(docker exec "$MAILSERVER_CONTAINER" mailq | grep -c "^[A-F0-9]")
+echo "Queue Size: $QUEUE"
+echo ""
+
+echo "=========================================="
+echo " HEALTH CHECK COMPLETE"
+echo "=========================================="
+echo ""

tools/check_mail_usage.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+#
+# check_mail_usage.sh
+#
+# Checks Maildir usage by executing du inside the Docker-Mailserver container.
+#
+# Usage:
+#   ./check_mail_usage.sh
+#
+
+CONTAINER="mailserver"
+MAILDIR="/var/mail"
+
+echo "Scanning Maildir sizes inside container '$CONTAINER' ..."
+echo
+
+TMPFILE=$(mktemp)
+
+# List <domain>/<user> directories inside container
+docker exec "$CONTAINER" bash -c "
+    find $MAILDIR -mindepth 2 -maxdepth 2 -type d
+" | while read -r DIR; do
+    SIZE_MB=$(docker exec "$CONTAINER" bash -c "du -sm \"$DIR\" | awk '{print \$1}'")
+    USER=$(basename "$DIR")
+    DOMAIN=$(basename "$(dirname "$DIR")")
+    echo \"$SIZE_MB MB  $USER@$DOMAIN\" >> "$TMPFILE"
+done
+
+echo "======================"
+echo "   MAILDIR USAGE"
+echo "======================"
+echo
+
+sort -nr "$TMPFILE" | head -n 10
+
+echo
+echo "----------------------"
+TOTAL=$(docker exec "$CONTAINER" bash -c "du -sm $MAILDIR | awk '{print \$1}'")
+echo "Total mail storage used: $TOTAL MB"
+echo "----------------------"
+
+rm "$TMPFILE"

tools/generate_dkim.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+#
+# generate_dkim.sh
+# Generate a new DKIM selector for a domain for Docker-Mailserver.
+#
+# Usage:
+#   ./generate_dkim.sh <domain>
+#
+# Example:
+#   ./generate_dkim.sh knusperkerne.de
+#
+
+DOMAIN="$1"
+CONTAINER="mailserver"      # Name of your DMS container
+SELECTOR="mail"             # Default DKIM selector
+DKIM_PATH="/tmp/docker-mailserver/opendkim/keys/$DOMAIN"
+
+if [ -z "$DOMAIN" ]; then
+    echo "Usage: $0 <domain>"
+    exit 1
+fi
+
+echo "Generating DKIM key for domain: $DOMAIN"
+echo "Selector: $SELECTOR"
+echo
+
+# Generate DKIM key inside the DMS container
+docker exec "$CONTAINER" \
+  setup config dkim \
+  --domain "$DOMAIN" \
+  --selector "$SELECTOR" \
+  --bits 2048
+
+if [ $? -ne 0 ]; then
+    echo "ERROR: DKIM generation failed."
+    exit 1
+fi
+
+echo "DKIM key generated successfully."
+echo
+
+# Show public DKIM key for DNS
+echo "Your DKIM TXT record (add to DNS):"
+echo "----------------------------------"
+docker exec "$CONTAINER" \
+  cat "$DKIM_PATH/$SELECTOR.txt"
+
+echo "----------------------------------"
+echo
+echo "DKIM generation complete."

tools/health_check.sh

@@ -0,0 +1,177 @@
+#!/usr/bin/env bash
+#
+# mail_health_check.sh
+#
+# Full health checker for Docker-Mailserver:
+# - DNS (SPF, DKIM, DMARC, MX, A, rDNS)
+# - TLS (SMTP/587, SMTP/25, IMAPS/993)
+# - Authentication tests
+# - Local queue and service checks
+#
+
+DOMAIN="knusperkerne.de"
+MAIL_HOST="mailsystem.$DOMAIN"
+MAIL_IP="89.58.2.51"
+SMTP_PORT=587
+IMAP_PORT=993
+CONTAINER="mailserver"
+TEST_USER="lars@knusperkerne.de"
+TEST_PASS="REPLACE_WITH_REAL_PASSWORD"   # (only needed for auth tests)
+COLOR_OK="\e[32m[OK]\e[0m"
+COLOR_WARN="\e[33m[WARN]\e[0m"
+COLOR_FAIL="\e[31m[FAIL]\e[0m"
+
+echo
+echo "=========================================="
+echo " MAILSERVER HEALTH CHECK"
+echo " Domain: $DOMAIN"
+echo " Host:   $MAIL_HOST ($MAIL_IP)"
+echo "=========================================="
+echo
+
+# ------------------------------------------
+# 1. DNS CHECKS
+# ------------------------------------------
+echo "Checking DNS..."
+echo "------------------------------------------"
+
+MX=$(dig +short MX "$DOMAIN")
+A=$(dig +short A "$MAIL_HOST")
+SPF=$(dig +short TXT "$DOMAIN" | grep "v=spf1")
+DKIM=$(dig +short TXT "mail._domainkey.$DOMAIN")
+DMARC=$(dig +short TXT "_dmarc.$DOMAIN")
+RDNS=$(dig -x "$MAIL_IP" +short)
+
+[[ -n "$MX" ]]    && echo -e "MX:       $COLOR_OK  $MX"    || echo -e "MX:       $COLOR_FAIL"
+[[ "$A" == "$MAIL_IP" ]] && echo -e "A:        $COLOR_OK  $A" || echo -e "A:        $COLOR_FAIL"
+[[ -n "$SPF" ]]   && echo -e "SPF:      $COLOR_OK  $SPF"   || echo -e "SPF:      $COLOR_FAIL"
+[[ -n "$DKIM" ]]  && echo -e "DKIM:     $COLOR_OK"         || echo -e "DKIM:     $COLOR_FAIL"
+[[ -n "$DMARC" ]] && echo -e "DMARC:    $COLOR_OK"         || echo -e "DMARC:    $COLOR_FAIL"
+[[ -n "$RDNS" ]]  && echo -e "rDNS:     $COLOR_OK  $RDNS"  || echo -e "rDNS:     $COLOR_FAIL"
+
+echo
+
+# ------------------------------------------
+# 2. SMTP / TLS CHECK (587)
+# ------------------------------------------
+echo "Checking SMTP TLS (Port 587)..."
+echo "------------------------------------------"
+
+TLS587=$(echo | openssl s_client -starttls smtp -connect "$MAIL_HOST:$SMTP_PORT" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*")
+
+if [[ -n "$TLS587" ]]; then
+    echo -e "587/TLS:  $COLOR_OK"
+    echo "$TLS587"
+else
+    echo -e "587/TLS:  $COLOR_FAIL"
+fi
+
+echo
+
+# ------------------------------------------
+# 3. SMTP / TLS CHECK (25)
+# ------------------------------------------
+echo "Checking SMTP (Port 25)..."
+echo "------------------------------------------"
+
+TLS25=$(echo | openssl s_client -starttls smtp -connect "$MAIL_HOST:25" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*")
+
+if [[ -n "$TLS25" ]]; then
+    echo -e "25/TLS:   $COLOR_OK"
+    echo "$TLS25"
+else
+    echo -e "25/TLS:   $COLOR_FAIL"
+fi
+
+echo
+
+# ------------------------------------------
+# 4. IMAPS TLS CHECK
+# ------------------------------------------
+echo "Checking IMAPS TLS (993)..."
+echo "------------------------------------------"
+
+TLS_IMAP=$(echo | openssl s_client -connect "$MAIL_HOST:$IMAP_PORT" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*")
+
+if [[ -n "$TLS_IMAP" ]]; then
+    echo -e "993/TLS:  $COLOR_OK"
+    echo "$TLS_IMAP"
+else
+    echo -e "993/TLS:  $COLOR_FAIL"
+fi
+
+echo
+
+# ------------------------------------------
+# 5. SMTP-AUTH TEST
+# ------------------------------------------
+if [[ "$TEST_PASS" != "REPLACE_WITH_REAL_PASSWORD" ]]; then
+    echo "Checking SMTP AUTH..."
+    echo "------------------------------------------"
+
+    AUTH_SMTP=$(swaks --to test@$DOMAIN \
+                      --from "$TEST_USER" \
+                      --server "$MAIL_HOST" \
+                      --port 587 \
+                      --auth LOGIN \
+                      --auth-user "$TEST_USER" \
+                      --auth-password "$TEST_PASS" \
+                      --quit-after AUTH 2>&1)
+
+    if echo "$AUTH_SMTP" | grep -q "235 "; then
+        echo -e "SMTP AUTH: $COLOR_OK"
+    else
+        echo -e "SMTP AUTH: $COLOR_FAIL"
+        echo "$AUTH_SMTP"
+    fi
+else
+    echo "SMTP AUTH TEST: skipped (no password configured)"
+fi
+
+echo
+
+# ------------------------------------------
+# 6. IMAP AUTH TEST
+# ------------------------------------------
+if [[ "$TEST_PASS" != "REPLACE_WITH_REAL_PASSWORD" ]]; then
+    echo "Checking IMAP AUTH..."
+    echo "------------------------------------------"
+
+    AUTH_IMAP=$(swaks --server "$MAIL_HOST" \
+                      --port 993 \
+                      --auth-user "$TEST_USER" \
+                      --auth-password "$TEST_PASS" \
+                      --imap \
+                      --quit-after AUTH 2>&1)
+
+    if echo "$AUTH_IMAP" | grep -q "SUCCESS"; then
+        echo -e "IMAP AUTH: $COLOR_OK"
+    else
+        echo -e "IMAP AUTH: $COLOR_FAIL"
+        echo "$AUTH_IMAP"
+    fi
+else
+    echo "IMAP AUTH TEST: skipped (no password configured)"
+fi
+
+echo
+
+# ------------------------------------------
+# 7. LOCAL MAILSERVER COMPONENTS
+# ------------------------------------------
+echo "Checking local mail services (inside container)..."
+echo "------------------------------------------"
+
+docker exec "$CONTAINER" supervisorctl status postfix &>/dev/null && echo -e "Postfix:   $COLOR_OK" || echo -e "Postfix:   $COLOR_FAIL"
+docker exec "$CONTAINER" supervisorctl status dovecot &>/dev/null && echo -e "Dovecot:   $COLOR_OK" || echo -e "Dovecot:   $COLOR_FAIL"
+docker exec "$CONTAINER" supervisorctl status rspamd* &>/dev/null && echo -e "Rspamd:    $COLOR_OK" || echo -e "Rspamd:    $COLOR_FAIL"
+docker exec "$CONTAINER" supervisorctl status amavis &>/dev/null && echo -e "Amavis:    $COLOR_OK" || echo -e "Amavis:    $COLOR_WARN (optional)"
+
+QUEUE_SIZE=$(docker exec "$CONTAINER" mailq 2>/dev/null | grep -c "^[A-F0-9]")
+echo "Queue Size: $QUEUE_SIZE"
+echo
+
+echo "=========================================="
+echo " HEALTH CHECK COMPLETE"
+echo "=========================================="
+echo

tools/test_imaps_login.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# Usage: ./test_imaps_login.sh <server> <email> <password>
+# Example: ./test_imaps_login.sh mailsystem.knusperkerne.de postmaster@knusperkerne.de PASSWORT
+
+SERVER="$1"
+USER="$2"
+PASS="$3"
+
+if [ -z "$SERVER" ] || [ -z "$USER" ] || [ -z "$PASS" ]; then
+    echo "Usage: $0 <server> <email> <password>"
+    exit 1
+fi
+
+echo -e "a LOGIN $USER $PASS\r\na LOGOUT\r\n" | \
+openssl s_client -connect "$SERVER:993" -quiet

tools/test_smtp_submission.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Usage: ./test_smtp_submission.sh <server> <email> <password>
+# Example: ./test_smtp_submission.sh mailsystem.knusperkerne.de postmaster@knusperkerne.de PASSWORT
+
+SERVER="$1"
+USER="$2"
+PASS="$3"
+
+if [ -z "$SERVER" ] || [ -z "$USER" ] || [ -z "$PASS" ]; then
+    echo "Usage: $0 <server> <email> <password>"
+    exit 1
+fi
+
+swaks \
+  --to "$USER" \
+  --from "$USER" \
+  --server "$SERVER" \
+  --auth LOGIN \
+  --auth-user "$USER" \
+  --auth-password "$PASS" \
+  --port 587 \
+  --tls \
+  --quit-after MAIL