version 1

2025-11-20 22:32:15 +01:00
commit e74a891919
23 changed files with 914 additions and 0 deletions
--- a/tools/check_dns.sh
+++ b/tools/check_dns.sh
@@ -0,0 +1,124 @@
+#!/bin/bash
+
+DOMAIN="knusperkerne.de"
+HOST="mailsystem.knusperkerne.de"
+IP="89.58.2.51"
+
+MAILSERVER_CONTAINER="mailserver"
+
+echo ""
+echo "=========================================="
+echo " MAILSERVER HEALTH CHECK"
+echo " Domain: $DOMAIN"
+echo " Host:   $HOST ($IP)"
+echo "=========================================="
+echo ""
+
+#
+# Helper
+#
+check_dns_record() {
+    local label="$1"
+    local result="$2"
+
+    if [[ -z "$result" ]]; then
+        echo "$label:     [FAIL]"
+    else
+        echo "$label:     [OK]  $result"
+    fi
+}
+
+service_running() {
+    local svc="$1"
+    docker exec "$MAILSERVER_CONTAINER" supervisorctl status "$svc" 2>/dev/null | grep -q "RUNNING"
+}
+
+#
+# Load environment flags
+#
+ENVFILE="$(dirname "$0")/../config/dms.env"
+
+get_env_flag() {
+    local key="$1"
+    grep -E "^$key=" "$ENVFILE" | cut -d '=' -f2
+}
+
+ENABLE_AMAVIS=$(get_env_flag ENABLE_AMAVIS)
+ENABLE_CLAMAV=$(get_env_flag ENABLE_CLAMAV)
+
+#
+# DNS CHECK
+#
+echo "Checking DNS..."
+echo "------------------------------------------"
+
+MX=$(dig +short MX $DOMAIN)
+A=$(dig +short A $HOST)
+SPF=$(dig +short TXT $DOMAIN | grep spf)
+DKIM=$(dig +short TXT mail._domainkey.$DOMAIN)
+DMARC=$(dig +short TXT _dmarc.$DOMAIN)
+RDNS=$(dig -x $IP +short)
+
+check_dns_record "MX" "$MX"
+check_dns_record "A" "$A"
+check_dns_record "SPF" "$SPF"
+check_dns_record "DKIM" "$DKIM"
+check_dns_record "DMARC" "$DMARC"
+check_dns_record "rDNS" "$RDNS"
+
+echo ""
+#
+# TLS Tests
+#
+echo "Checking SMTP TLS (Port 587)..."
+echo "------------------------------------------"
+openssl s_client -connect "$HOST:587" -starttls smtp -brief < /dev/null &>/tmp/tls587
+grep -q "TLSv" /tmp/tls587 && echo "587/TLS:  [OK]" || echo "587/TLS:  [FAIL]"
+
+echo ""
+echo "Checking SMTP (Port 25)..."
+echo "------------------------------------------"
+openssl s_client -connect "$HOST:25" -starttls smtp -brief < /dev/null &>/tmp/tls25
+grep -q "TLSv" /tmp/tls25 && echo "25/TLS:   [OK]" || echo "25/TLS:   [FAIL]"
+
+echo ""
+echo "Checking IMAPS TLS (993)..."
+echo "------------------------------------------"
+openssl s_client -connect "$HOST:993" -brief < /dev/null &>/tmp/tls993
+grep -q "TLSv" /tmp/tls993 && echo "993/TLS:  [OK]" || echo "993/TLS:  [FAIL]"
+
+echo ""
+
+#
+# SERVICE CHECK (ONLY ACTIVE SERVICES)
+#
+echo "Checking local mail services (inside container)..."
+echo "------------------------------------------"
+
+# Postfix
+if service_running postfix; then echo "postfix:      [OK]"; else echo "postfix:      [FAIL]"; fi
+
+# Dovecot
+if service_running dovecot; then echo "dovecot:      [OK]"; else echo "dovecot:      [FAIL]"; fi
+
+# Amavis (only if enabled)
+if [[ "$ENABLE_AMAVIS" == "1" ]]; then
+    if service_running amavis; then echo "amavis:       [OK]"; else echo "amavis:       [FAIL]"; fi
+fi
+
+# SpamAssassin (always via Amavis)
+echo "spamassassin: [OK] (via Amavis)"
+
+# ClamAV (only if enabled)
+if [[ "$ENABLE_CLAMAV" == "1" ]]; then
+    if service_running clamav; then echo "clamav:       [OK]"; else echo "clamav:       [FAIL]"; fi
+fi
+
+QUEUE=$(docker exec "$MAILSERVER_CONTAINER" mailq | grep -c "^[A-F0-9]")
+echo "Queue Size: $QUEUE"
+echo ""
+
+echo "=========================================="
+echo " HEALTH CHECK COMPLETE"
+echo "=========================================="
+echo ""