#!/usr/bin/env bash # # mail_health_check.sh # # Full health checker for Docker-Mailserver: # - DNS (SPF, DKIM, DMARC, MX, A, rDNS) # - TLS (SMTP/587, SMTP/25, IMAPS/993) # - Authentication tests # - Local queue and service checks # DOMAIN="knusperkerne.de" MAIL_HOST="mailsystem.$DOMAIN" MAIL_IP="89.58.2.51" SMTP_PORT=587 IMAP_PORT=993 CONTAINER="mailserver" TEST_USER="lars@knusperkerne.de" TEST_PASS="REPLACE_WITH_REAL_PASSWORD" # (only needed for auth tests) COLOR_OK="\e[32m[OK]\e[0m" COLOR_WARN="\e[33m[WARN]\e[0m" COLOR_FAIL="\e[31m[FAIL]\e[0m" echo echo "==========================================" echo " MAILSERVER HEALTH CHECK" echo " Domain: $DOMAIN" echo " Host: $MAIL_HOST ($MAIL_IP)" echo "==========================================" echo # ------------------------------------------ # 1. DNS CHECKS # ------------------------------------------ echo "Checking DNS..." echo "------------------------------------------" MX=$(dig +short MX "$DOMAIN") A=$(dig +short A "$MAIL_HOST") SPF=$(dig +short TXT "$DOMAIN" | grep "v=spf1") DKIM=$(dig +short TXT "mail._domainkey.$DOMAIN") DMARC=$(dig +short TXT "_dmarc.$DOMAIN") RDNS=$(dig -x "$MAIL_IP" +short) [[ -n "$MX" ]] && echo -e "MX: $COLOR_OK $MX" || echo -e "MX: $COLOR_FAIL" [[ "$A" == "$MAIL_IP" ]] && echo -e "A: $COLOR_OK $A" || echo -e "A: $COLOR_FAIL" [[ -n "$SPF" ]] && echo -e "SPF: $COLOR_OK $SPF" || echo -e "SPF: $COLOR_FAIL" [[ -n "$DKIM" ]] && echo -e "DKIM: $COLOR_OK" || echo -e "DKIM: $COLOR_FAIL" [[ -n "$DMARC" ]] && echo -e "DMARC: $COLOR_OK" || echo -e "DMARC: $COLOR_FAIL" [[ -n "$RDNS" ]] && echo -e "rDNS: $COLOR_OK $RDNS" || echo -e "rDNS: $COLOR_FAIL" echo # ------------------------------------------ # 2. SMTP / TLS CHECK (587) # ------------------------------------------ echo "Checking SMTP TLS (Port 587)..." echo "------------------------------------------" TLS587=$(echo | openssl s_client -starttls smtp -connect "$MAIL_HOST:$SMTP_PORT" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*") if [[ -n "$TLS587" ]]; then echo -e "587/TLS: $COLOR_OK" echo "$TLS587" else echo -e "587/TLS: $COLOR_FAIL" fi echo # ------------------------------------------ # 3. SMTP / TLS CHECK (25) # ------------------------------------------ echo "Checking SMTP (Port 25)..." echo "------------------------------------------" TLS25=$(echo | openssl s_client -starttls smtp -connect "$MAIL_HOST:25" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*") if [[ -n "$TLS25" ]]; then echo -e "25/TLS: $COLOR_OK" echo "$TLS25" else echo -e "25/TLS: $COLOR_FAIL" fi echo # ------------------------------------------ # 4. IMAPS TLS CHECK # ------------------------------------------ echo "Checking IMAPS TLS (993)..." echo "------------------------------------------" TLS_IMAP=$(echo | openssl s_client -connect "$MAIL_HOST:$IMAP_PORT" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*") if [[ -n "$TLS_IMAP" ]]; then echo -e "993/TLS: $COLOR_OK" echo "$TLS_IMAP" else echo -e "993/TLS: $COLOR_FAIL" fi echo # ------------------------------------------ # 5. SMTP-AUTH TEST # ------------------------------------------ if [[ "$TEST_PASS" != "REPLACE_WITH_REAL_PASSWORD" ]]; then echo "Checking SMTP AUTH..." echo "------------------------------------------" AUTH_SMTP=$(swaks --to test@$DOMAIN \ --from "$TEST_USER" \ --server "$MAIL_HOST" \ --port 587 \ --auth LOGIN \ --auth-user "$TEST_USER" \ --auth-password "$TEST_PASS" \ --quit-after AUTH 2>&1) if echo "$AUTH_SMTP" | grep -q "235 "; then echo -e "SMTP AUTH: $COLOR_OK" else echo -e "SMTP AUTH: $COLOR_FAIL" echo "$AUTH_SMTP" fi else echo "SMTP AUTH TEST: skipped (no password configured)" fi echo # ------------------------------------------ # 6. IMAP AUTH TEST # ------------------------------------------ if [[ "$TEST_PASS" != "REPLACE_WITH_REAL_PASSWORD" ]]; then echo "Checking IMAP AUTH..." echo "------------------------------------------" AUTH_IMAP=$(swaks --server "$MAIL_HOST" \ --port 993 \ --auth-user "$TEST_USER" \ --auth-password "$TEST_PASS" \ --imap \ --quit-after AUTH 2>&1) if echo "$AUTH_IMAP" | grep -q "SUCCESS"; then echo -e "IMAP AUTH: $COLOR_OK" else echo -e "IMAP AUTH: $COLOR_FAIL" echo "$AUTH_IMAP" fi else echo "IMAP AUTH TEST: skipped (no password configured)" fi echo # ------------------------------------------ # 7. LOCAL MAILSERVER COMPONENTS # ------------------------------------------ echo "Checking local mail services (inside container)..." echo "------------------------------------------" docker exec "$CONTAINER" supervisorctl status postfix &>/dev/null && echo -e "Postfix: $COLOR_OK" || echo -e "Postfix: $COLOR_FAIL" docker exec "$CONTAINER" supervisorctl status dovecot &>/dev/null && echo -e "Dovecot: $COLOR_OK" || echo -e "Dovecot: $COLOR_FAIL" docker exec "$CONTAINER" supervisorctl status rspamd* &>/dev/null && echo -e "Rspamd: $COLOR_OK" || echo -e "Rspamd: $COLOR_FAIL" docker exec "$CONTAINER" supervisorctl status amavis &>/dev/null && echo -e "Amavis: $COLOR_OK" || echo -e "Amavis: $COLOR_WARN (optional)" QUEUE_SIZE=$(docker exec "$CONTAINER" mailq 2>/dev/null | grep -c "^[A-F0-9]") echo "Queue Size: $QUEUE_SIZE" echo echo "==========================================" echo " HEALTH CHECK COMPLETE" echo "==========================================" echo