mother-docker-projects/dms-knusperkerne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dms-knusperkerne/tools/health_check.sh
Lars Klemstein e74a891919 version 1
2025-11-20 22:32:15 +01:00

178 lines
5.7 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
#
# mail_health_check.sh
#
# Full health checker for Docker-Mailserver:
# - DNS (SPF, DKIM, DMARC, MX, A, rDNS)
# - TLS (SMTP/587, SMTP/25, IMAPS/993)
# - Authentication tests
# - Local queue and service checks
#
DOMAIN="knusperkerne.de"
MAIL_HOST="mailsystem.$DOMAIN"
MAIL_IP="89.58.2.51"
SMTP_PORT=587
IMAP_PORT=993
CONTAINER="mailserver"
TEST_USER="lars@knusperkerne.de"
TEST_PASS="REPLACE_WITH_REAL_PASSWORD" # (only needed for auth tests)
COLOR_OK="\e[32m[OK]\e[0m"
COLOR_WARN="\e[33m[WARN]\e[0m"
COLOR_FAIL="\e[31m[FAIL]\e[0m"
echo
echo "=========================================="
echo " MAILSERVER HEALTH CHECK"
echo " Domain: $DOMAIN"
echo " Host: $MAIL_HOST ($MAIL_IP)"
echo "=========================================="
echo
# ------------------------------------------
# 1. DNS CHECKS
# ------------------------------------------
echo "Checking DNS..."
echo "------------------------------------------"
MX=$(dig +short MX "$DOMAIN")
A=$(dig +short A "$MAIL_HOST")
SPF=$(dig +short TXT "$DOMAIN" | grep "v=spf1")
DKIM=$(dig +short TXT "mail._domainkey.$DOMAIN")
DMARC=$(dig +short TXT "_dmarc.$DOMAIN")
RDNS=$(dig -x "$MAIL_IP" +short)
[[ -n "$MX" ]] && echo -e "MX: $COLOR_OK $MX" || echo -e "MX: $COLOR_FAIL"
[[ "$A" == "$MAIL_IP" ]] && echo -e "A: $COLOR_OK $A" || echo -e "A: $COLOR_FAIL"
[[ -n "$SPF" ]] && echo -e "SPF: $COLOR_OK $SPF" || echo -e "SPF: $COLOR_FAIL"
[[ -n "$DKIM" ]] && echo -e "DKIM: $COLOR_OK" || echo -e "DKIM: $COLOR_FAIL"
[[ -n "$DMARC" ]] && echo -e "DMARC: $COLOR_OK" || echo -e "DMARC: $COLOR_FAIL"
[[ -n "$RDNS" ]] && echo -e "rDNS: $COLOR_OK $RDNS" || echo -e "rDNS: $COLOR_FAIL"
echo
# ------------------------------------------
# 2. SMTP / TLS CHECK (587)
# ------------------------------------------
echo "Checking SMTP TLS (Port 587)..."
echo "------------------------------------------"
TLS587=$(echo | openssl s_client -starttls smtp -connect "$MAIL_HOST:$SMTP_PORT" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*")
if [[ -n "$TLS587" ]]; then
echo -e "587/TLS: $COLOR_OK"
echo "$TLS587"
else
echo -e "587/TLS: $COLOR_FAIL"
fi
echo
# ------------------------------------------
# 3. SMTP / TLS CHECK (25)
# ------------------------------------------
echo "Checking SMTP (Port 25)..."
echo "------------------------------------------"
TLS25=$(echo | openssl s_client -starttls smtp -connect "$MAIL_HOST:25" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*")
if [[ -n "$TLS25" ]]; then
echo -e "25/TLS: $COLOR_OK"
echo "$TLS25"
else
echo -e "25/TLS: $COLOR_FAIL"
fi
echo
# ------------------------------------------
# 4. IMAPS TLS CHECK
# ------------------------------------------
echo "Checking IMAPS TLS (993)..."
echo "------------------------------------------"
TLS_IMAP=$(echo | openssl s_client -connect "$MAIL_HOST:$IMAP_PORT" -servername "$MAIL_HOST" 2>/dev/null | grep -Eo "Protocol.*TLS|Cipher.*")
if [[ -n "$TLS_IMAP" ]]; then
echo -e "993/TLS: $COLOR_OK"
echo "$TLS_IMAP"
else
echo -e "993/TLS: $COLOR_FAIL"
fi
echo
# ------------------------------------------
# 5. SMTP-AUTH TEST
# ------------------------------------------
if [[ "$TEST_PASS" != "REPLACE_WITH_REAL_PASSWORD" ]]; then
echo "Checking SMTP AUTH..."
echo "------------------------------------------"
AUTH_SMTP=$(swaks --to test@$DOMAIN \
--from "$TEST_USER" \
--server "$MAIL_HOST" \
--port 587 \
--auth LOGIN \
--auth-user "$TEST_USER" \
--auth-password "$TEST_PASS" \
--quit-after AUTH 2>&1)
if echo "$AUTH_SMTP" | grep -q "235 "; then
echo -e "SMTP AUTH: $COLOR_OK"
else
echo -e "SMTP AUTH: $COLOR_FAIL"
echo "$AUTH_SMTP"
fi
else
echo "SMTP AUTH TEST: skipped (no password configured)"
fi
echo
# ------------------------------------------
# 6. IMAP AUTH TEST
# ------------------------------------------
if [[ "$TEST_PASS" != "REPLACE_WITH_REAL_PASSWORD" ]]; then
echo "Checking IMAP AUTH..."
echo "------------------------------------------"
AUTH_IMAP=$(swaks --server "$MAIL_HOST" \
--port 993 \
--auth-user "$TEST_USER" \
--auth-password "$TEST_PASS" \
--imap \
--quit-after AUTH 2>&1)
if echo "$AUTH_IMAP" | grep -q "SUCCESS"; then
echo -e "IMAP AUTH: $COLOR_OK"
else
echo -e "IMAP AUTH: $COLOR_FAIL"
echo "$AUTH_IMAP"
fi
else
echo "IMAP AUTH TEST: skipped (no password configured)"
fi
echo
# ------------------------------------------
# 7. LOCAL MAILSERVER COMPONENTS
# ------------------------------------------
echo "Checking local mail services (inside container)..."
echo "------------------------------------------"
docker exec "$CONTAINER" supervisorctl status postfix &>/dev/null && echo -e "Postfix: $COLOR_OK" || echo -e "Postfix: $COLOR_FAIL"
docker exec "$CONTAINER" supervisorctl status dovecot &>/dev/null && echo -e "Dovecot: $COLOR_OK" || echo -e "Dovecot: $COLOR_FAIL"
docker exec "$CONTAINER" supervisorctl status rspamd* &>/dev/null && echo -e "Rspamd: $COLOR_OK" || echo -e "Rspamd: $COLOR_FAIL"
docker exec "$CONTAINER" supervisorctl status amavis &>/dev/null && echo -e "Amavis: $COLOR_OK" || echo -e "Amavis: $COLOR_WARN (optional)"
QUEUE_SIZE=$(docker exec "$CONTAINER" mailq 2>/dev/null | grep -c "^[A-F0-9]")
echo "Queue Size: $QUEUE_SIZE"
echo
echo "=========================================="
echo " HEALTH CHECK COMPLETE"
echo "=========================================="
echo
Reference in New Issue View Git Blame Copy Permalink