iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
various fixes
[distro-setup] / mailtest-check
1 #!/bin/bash
2
3 # Usage: mail-test-check [slow] [anything]
4 #
5 # slow: do slow checks, like spamassassin
6 #
7 # anything: consider non-interactive, dont print unless something went
8 # wrong
9
10
11 source /b/errhandle/err
12
13 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
14
15 shopt -s nullglob
16
17 e() { $int || return 0; printf "mailtest-check: %s\n" "$*"; }
18
19
20 ## Minutes before we give error.
21 # We run this cronjob along with sending the test email every 5 minutes,
22 # so give it 1 minute to arrive, then if the latest email is older than
23 # 7 minutes, the last 2 haven't arrived in a reasonable amount of time.
24 # However, when machines reboot things can get delayed, so add 10 mins,
25 # not sure if that is a good number or not.
26 min_limit=17
27
28
29 # spamassassin checking takes about 8 seconds. only do that every
30 # once in a while.
31 slow=false
32 if [[ $1 == slow ]]; then
33 slow=true
34 shift
35 fi
36
37 int=false
38 if [[ $SUDO_USER || $SSH_CONNECTION ]]; then
39 int=true
40 fi
41
42 if [[ $1 == int ]]; then
43 int=true
44 fi
45
46 if [[ $1 == nonint ]]; then
47 int=false
48 fi
49
50
51 if ! $int; then
52 sleep 60
53 fi
54
55 # avoid errors like this:
56 # Nov 8 08:16:05.439 [6080] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/WLBLEval.pm: lib/Mail/SpamAssassin/Plugin/WLBLEval.pm: Permission denied at (eval 59) line 1.
57 #Nov 8 08:16:05.439 [6080] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/VBounce.pm: lib/Mail/SpamAssassin/Plugin/VBounce.pm: Permission denied at (eval 60) line 1.
58 # i dont know why, i just found the solution online
59 cd /m/md
60 # TODO, get je to deliver the local mailbox: /m/md/INBOX
61 # dovecot appears to setup, i can t be sure.
62
63 case $HOSTNAME in
64 bk)
65 folders=(/m/md/{expertpathologyreview.com,amnimal.ninja}/testignore)
66 froms=(ian@iankelling.org z@zroe.org testignore@je.b8.nz iank@gnu.org)
67 ;;
68 je)
69 froms=(ian@iankelling.org z@zroe.org testignore@expertpathologyreview.com testignore@amnimal.ninja)
70 folders=(/m/md/je.b8.nz/testignore)
71 ;;
72 *)
73 folders=(/m/md/l/testignore)
74 froms=(testignore@je.b8.nz testignore@expertpathologyreview.com testignore@amnimal.ninja ian@iankelling.org z@zroe.org iank@gnu.org)
75 if ! $int; then
76 timeout 120 rsync --chown iank:iank -e "ssh -oIdentitiesOnly=yes -F /dev/null -i /root/.ssh/jtuttle" -t --inplace -r 'jtuttle@fencepost.gnu.org:/home/j/jtuttle/Maildir/new/' /m/md/l/testignore/new
77 fi
78 ;;
79 esac
80
81 getspamdpid() {
82 if [[ ! $spamdpid || ! -d /proc/$spamdpid ]]; then
83 # try twice in case we are restarting, it happens.
84 for i in 1 2; do
85 spamdpid=$(systemctl show --property MainPID --value spamassassin | sed 's/^[10]$//' ||:)
86 if [[ $spamdpid ]]; then
87 break
88 fi
89 sleep 30
90 done
91 fi
92 }
93 getspamdpid
94 pr() {
95 if [[ -e /var/lib/prometheus/node-exporter ]]; then
96 cat >>/var/lib/prometheus/node-exporter/mailtest-check.prom.$$
97 fi
98 }
99 pr <<EOF
100 mailtest_check_found_spamd_pid_bool $(( ${spamdpid:-0} > 0 ))
101 EOF
102 e spamdpid: $spamdpid
103 if [[ ! $spamdpid ]]; then
104 echo $HOSTNAME mailtest spamd pid not found. systemctl status spamassassin:
105 systemctl status spamassassin
106 fi
107 tmpfile=$(mktemp)
108 declare -i unexpected=0
109 for folder in ${folders[@]}; do
110 for from in ${froms[@]}; do
111 latest=
112 last_sec=0
113
114 if ! grep -rlFx "From: $from" $folder/{new,cur} >$tmpfile; then
115 e "no message found from: $from"
116 continue
117 fi
118 # webmail sends them to cur it seems
119 while read -r file; do
120 if [[ $file -nt $latest ]]; then
121 latest=$file
122 fi
123 done <$tmpfile
124
125 if [[ ! $latest ]]; then
126 # 10 is an arbitrary bad value
127 unexpected+=10
128 else
129 to=$(awk '/^Envelope-to: / {print $2}' $latest)
130 last_sec=$(awk '/^Subject: / {print $4}' $latest)
131
132 if $slow; then
133 if ! $int; then
134 find $folder/new $folder/cur -type f -mmin +1080 -delete
135 fi
136 getspamdpid
137 if [[ $spamdpid ]]; then
138 if [[ $(readlink /proc/$$/ns/net) != "$(readlink /proc/$spamdpid/ns/net)" ]]; then
139 spamcpre="nsenter -t $spamdpid -n -m"
140 fi
141
142 declare -A results
143 # pyzor fails for our test message, so dont put useless load on their
144 # servers.
145 # example line that sed is parsing:
146 # (-0.1 / 5.0 requ) DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,SPF_HELO_PASS=-0.001,SPF_PASS=-0.001,TVD_SPACE_RATIO=0.001 autolearn=_AUTOLEARN
147 raw_results="$($spamcpre sudo -u Debian-exim spamassassin -t --cf='score PYZOR_CHECK 0' <"$latest" | tail -n2 | head -n1 | sed -r 's/^\([^)]*\) *//;s/=[^, ]*([, ]|$)/ /g')"
148 for r in $raw_results; do
149 case $r in
150 # got this in an update 2022-01. dun care
151 T_SCC_BODY_TEXT_LINE|SCC_BODY_SINGLE_WORD) : ;;
152 # we have a new domain, ignore this.
153 # it seems like some versions of spamassassin do BODY_SINGLE_WORD, others dont, we dun care.
154 # bayes_00 is a new one indicating ham, we dont care if its missing.
155 BAYES_00|BODY_SINGLE_WORD|FROM_FMBLA_NEWDOM*|autolearn) : ;;
156 SPF_HELO_NEUTRAL)
157 # some of my domains use neutral spf, treat them the same.
158 results[SPF_HELO_PASS]=t
159 ;;
160 *)
161 results[$r]=t
162 ;;
163 esac
164 done
165 # debugging
166 # e results = ${!results[@]}
167 missing=()
168
169 keys=(DKIM_SIGNED DKIM_VALID{,_AU,_EF} SPF_HELO_PASS SPF_PASS TVD_SPACE_RATIO)
170 if [[ $to == *@gnu.org && $from == *@gnu.org ]]; then
171 keys=(ALL_TRUSTED TVD_SPACE_RATIO)
172 elif [[ $to == *@gnu.org ]]; then
173 # eggs has RCVD_IN_DNSWL_MED
174 keys+=(RCVD_IN_DNSWL_MED)
175 elif [[ $from == *@gnu.org ]]; then
176 # eggs has these
177 keys+=(RCVD_IN_DNSWL_MED DKIMWL_WL_HIGH)
178 fi
179
180 for t in ${keys[@]}; do
181 if [[ ${results[$t]} ]]; then
182 unset "results[$t]"
183 elif [[ $t == DKIM_VALID_EF && $from == *@[^.]*.[^.]*.[^.]* ]]; then
184 :
185 # third level domains dont hit this. its because
186 # /usr/share/perl5/Mail/SpamAssassin/Plugin/DKIM.pm checks
187 # if its signed with the registryboundaries domain. afaik:
188 # we need the actual domain to sign it, this would result in
189 # a second signature. I only use second level domains for
190 # testing atm, fsf doesnt use them for anything but the
191 # forum and I dont expect that to have any deliverability
192 # problems. So, not bothering atm.
193 else
194 missing+=($t)
195 fi
196 done
197 if (( ${#results[@]} || ${#missing[@]} )); then
198 printf "$HOSTNAME spamtest %s/%s\n" "$latest"
199 if (( ${#results[@]} )); then
200 printf "unexpected %s" "${!results[*]} "
201 fi
202 if (( ${#missing[@]} )); then
203 printf "missing %s" "${missing[*]}"
204 fi
205 echo
206 echo mailtest-check: cat $latest:
207 cat $latest
208 echo mailtest-check: end of cat
209 printf "$(tput setaf 5 2>/dev/null ||:)█$(tput sgr0 2>/dev/null||:)%.0s" $(eval echo "{1..${COLUMNS:-60}}")
210 fi
211 fi # if spamdpid
212 fi # if $slow
213 fi # if [[ $latest ]]
214
215 now=$EPOCHSECONDS
216 limit=$(( now - 60 * min_limit ))
217 age_sec=$(( now - last_sec ))
218 e $((age_sec / 60)):$(( age_sec % 60 )) ago. to:$to from:$from $latest
219
220 if (( last_sec <= limit )); then
221 echo $HOSTNAME mailtest $folder $from $(date -d @$last_sec +'%a %m-%d %H:%M')
222 fi
223 # usec = unix seconds
224 pr <<EOF
225 mailtest_check_last_usec{folder="$folder",from="$from"} $last_sec
226 EOF
227 done
228 done
229 if $slow; then
230 pr <<EOF
231 mailtest_check_unexpected_spamd_results $unexpected
232 EOF
233 fi
234
235 dir=/var/lib/prometheus/node-exporter
236 if [[ -e $dir ]]; then
237 mv $dir/mailtest-check.prom.$$ $dir/mailtest-check.prom
238 fi
~16k lines of my .bashrc + lots of my configs