#!/bin/bash

DOMAIN="knusperkerne.de"
HOST="mailsystem.knusperkerne.de"
IP="89.58.2.51"

MAILSERVER_CONTAINER="mailserver"

echo ""
echo "=========================================="
echo " MAILSERVER HEALTH CHECK"
echo " Domain: $DOMAIN"
echo " Host:   $HOST ($IP)"
echo "=========================================="
echo ""

#
# Helper
#
check_dns_record() {
    local label="$1"
    local result="$2"

    if [[ -z "$result" ]]; then
        echo "$label:     [FAIL]"
    else
        echo "$label:     [OK]  $result"
    fi
}

service_running() {
    local svc="$1"
    docker exec "$MAILSERVER_CONTAINER" supervisorctl status "$svc" 2>/dev/null | grep -q "RUNNING"
}

#
# Load environment flags
#
ENVFILE="$(dirname "$0")/../config/dms.env"

get_env_flag() {
    local key="$1"
    grep -E "^$key=" "$ENVFILE" | cut -d '=' -f2
}

ENABLE_AMAVIS=$(get_env_flag ENABLE_AMAVIS)
ENABLE_CLAMAV=$(get_env_flag ENABLE_CLAMAV)

#
# DNS CHECK
#
echo "Checking DNS..."
echo "------------------------------------------"

MX=$(dig +short MX $DOMAIN)
A=$(dig +short A $HOST)
SPF=$(dig +short TXT $DOMAIN | grep spf)
DKIM=$(dig +short TXT mail._domainkey.$DOMAIN)
DMARC=$(dig +short TXT _dmarc.$DOMAIN)
RDNS=$(dig -x $IP +short)

check_dns_record "MX" "$MX"
check_dns_record "A" "$A"
check_dns_record "SPF" "$SPF"
check_dns_record "DKIM" "$DKIM"
check_dns_record "DMARC" "$DMARC"
check_dns_record "rDNS" "$RDNS"

echo ""
#
# TLS Tests
#
echo "Checking SMTP TLS (Port 587)..."
echo "------------------------------------------"
openssl s_client -connect "$HOST:587" -starttls smtp -brief < /dev/null &>/tmp/tls587
grep -q "TLSv" /tmp/tls587 && echo "587/TLS:  [OK]" || echo "587/TLS:  [FAIL]"

echo ""
echo "Checking SMTP (Port 25)..."
echo "------------------------------------------"
openssl s_client -connect "$HOST:25" -starttls smtp -brief < /dev/null &>/tmp/tls25
grep -q "TLSv" /tmp/tls25 && echo "25/TLS:   [OK]" || echo "25/TLS:   [FAIL]"

echo ""
echo "Checking IMAPS TLS (993)..."
echo "------------------------------------------"
openssl s_client -connect "$HOST:993" -brief < /dev/null &>/tmp/tls993
grep -q "TLSv" /tmp/tls993 && echo "993/TLS:  [OK]" || echo "993/TLS:  [FAIL]"

echo ""

#
# SERVICE CHECK (ONLY ACTIVE SERVICES)
#
echo "Checking local mail services (inside container)..."
echo "------------------------------------------"

# Postfix
if service_running postfix; then echo "postfix:      [OK]"; else echo "postfix:      [FAIL]"; fi

# Dovecot
if service_running dovecot; then echo "dovecot:      [OK]"; else echo "dovecot:      [FAIL]"; fi

# Amavis (only if enabled)
if [[ "$ENABLE_AMAVIS" == "1" ]]; then
    if service_running amavis; then echo "amavis:       [OK]"; else echo "amavis:       [FAIL]"; fi
fi

# SpamAssassin (always via Amavis)
echo "spamassassin: [OK] (via Amavis)"

# ClamAV (only if enabled)
if [[ "$ENABLE_CLAMAV" == "1" ]]; then
    if service_running clamav; then echo "clamav:       [OK]"; else echo "clamav:       [FAIL]"; fi
fi

QUEUE=$(docker exec "$MAILSERVER_CONTAINER" mailq | grep -c "^[A-F0-9]")
echo "Queue Size: $QUEUE"
echo ""

echo "=========================================="
echo " HEALTH CHECK COMPLETE"
echo "=========================================="
echo ""