X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=blobdiff_plain;f=mailtest-check;h=7adec9281f094932ae30efee2651bbf3f65ac8cd;hp=e99789594fc131d04c75a237e94da434e848c82f;hb=HEAD;hpb=46fb17d56b093264b69cc20192603da2604111ca diff --git a/mailtest-check b/mailtest-check index e997895..856d774 100755 --- a/mailtest-check +++ b/mailtest-check @@ -1,14 +1,35 @@ #!/bin/bash +# I, Ian Kelling, follow the GNU license recommendations at +# https://www.gnu.org/licenses/license-recommendations.en.html. They +# recommend that small programs, < 300 lines, be licensed under the +# Apache License 2.0. This file contains or is part of one or more small +# programs. If a small program grows beyond 300 lines, I plan to switch +# its license to GPL. -# Usage: mail-test-check [slow] [anything] +# Copyright 2024 Ian Kelling + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Usage: mail-test-check [slow] [int|nonint] # # slow: do slow checks, like spamassassin # -# anything: consider non-interactive, dont print unless something went +# for non-interactive, dont print unless something went # wrong -source /b/errhandle/err +source /b/bash-bear-trap/bash-bear [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" @@ -19,7 +40,7 @@ e() { $int || return 0; printf "mailtest-check: %s\n" "$*"; } getspamdpid() { if [[ ! $spamdpid || ! -d /proc/$spamdpid ]]; then # try twice in case we are restarting, it happens. - for i in 1 2; do + for (( i=0; i<2; i++ )); do spamdpid=$(systemctl show --property MainPID --value spamassassin | sed 's/^[10]$//' ||:) if [[ $spamdpid ]]; then break @@ -28,11 +49,6 @@ getspamdpid() { done fi } -pr() { - if $doprom && [[ -e /var/lib/prometheus/node-exporter ]]; then - cat >>/var/lib/prometheus/node-exporter/mailtest-check.prom.$$ - fi -} #### begin arg processing #### @@ -57,10 +73,11 @@ if [[ $1 == nonint ]]; then fi #### end arg processing #### - -if ! $int; then - sleep 60 -fi +# we put this in to avoid dns errors that happen on reboot, +# but I want to debug them. +# if ! $int; then +# sleep 60 +# fi # TODO, get je to deliver the local mailbox: /m/md/INBOX @@ -80,6 +97,7 @@ esac main() { + local -a p_unexpected_spamd_results p_missing_dnswl p_last_usec case $HOSTNAME in bk) folders=(/m/md/{expertpathologyreview.com,amnimal.ninja}/testignore) @@ -91,9 +109,34 @@ main() { ;; *) folders=(/m/md/l/testignore) - froms=(testignore@je.b8.nz testignore@expertpathologyreview.com testignore@amnimal.ninja ian@iankelling.org z@zroe.org iank@gnu.org) + froms=(testignore@je.b8.nz testignore@expertpathologyreview.com testignore@amnimal.ninja ian@iankelling.org z@zroe.org) if ! $int; then - timeout 120 rsync --chown iank:iank -e "ssh -oIdentitiesOnly=yes -F /dev/null -i /root/.ssh/jtuttle" -t --inplace -r 'jtuttle@fencepost.gnu.org:/home/j/jtuttle/Maildir/new/' /m/md/l/testignore/new + ### begin rsyncing fencepost email ### + # We dont want to exit if rsync fails, that will get caught by + # our later test by virtue of not having the latest email. + did_rsync=false + try_start_time=$EPOCHSECONDS + try_limit=140 # somewhat arbitrary value + while ! $did_rsync; do + try_left=$(( try_limit - ( EPOCHSECONDS - try_start_time) )) + timeout=120 # somewhat arbitrary value + if (( try_left < 0 )); then + echo "mailtest-check: failed to rsync fencepost > $try_limit seconds" + break + fi + if (( try_left < timeout )); then + timeout=$try_left + fi + if timeout $timeout rsync --chown iank:iank -e "ssh -oIdentitiesOnly=yes -F /dev/null -i /root/.ssh/jtuttle" -t --inplace -r 'jtuttle@fencepost.gnu.org:/home/j/jtuttle/Maildir/new/' /m/md/l/testignore/new; then + did_rsync=true + else + sleep 4 + fi + done + if ! $did_rsync; then + echo mailtest-check: warning: fencepost rsync failed + fi + ### end rsyncing fencepost email ### fi ;; esac @@ -120,9 +163,11 @@ EOF fi tmpfile=$(mktemp) declare -i unexpected=0 - declare -i missing_dnswl=0 for folder in ${folders[@]}; do for from in ${froms[@]}; do + declare -i missing_dnswl=0 + #declare -i dnsfail=0 + declare -i unexpected=0 latest= last_sec=0 @@ -138,6 +183,7 @@ EOF last_sec="$file_sec" fi done <$tmpfile + rm -f $tmpfile to=$(awk '/^Envelope-to: / {print $2}' $latest) @@ -170,6 +216,10 @@ EOF # it seems like some versions of spamassassin do BODY_SINGLE_WORD, others dont, we dun care. # bayes_00 is a new one indicating ham, we dont care if its missing. BAYES_00|BODY_SINGLE_WORD|FROM_FMBLA_NEWDOM*|autolearn) : ;; + + # These have somewhat randomly been added and removed, resulting in useless alerts, so ignore them. + RCVD_IN_DNSWL_MED|DKIMWL_WL_HIGH) : ;; + SPF_HELO_NEUTRAL) # some of my domains use neutral spf, treat them the same. results[SPF_HELO_PASS]=t @@ -186,12 +236,7 @@ EOF keys=(DKIM_SIGNED DKIM_VALID{,_AU,_EF} SPF_HELO_PASS SPF_PASS TVD_SPACE_RATIO) if [[ $to == *@gnu.org && $from == *@gnu.org ]]; then keys=(ALL_TRUSTED TVD_SPACE_RATIO) - elif [[ $to == *@gnu.org ]]; then - # eggs has RCVD_IN_DNSWL_MED - keys+=(RCVD_IN_DNSWL_MED) - elif [[ $from == *@gnu.org ]]; then - # eggs has these - keys+=(RCVD_IN_DNSWL_MED DKIMWL_WL_HIGH) + # from eggs had DKIMWL_WL_HIGH sometime in 2022, then DKIMWL_WL_MED unti march 2023 fi for t in ${keys[@]}; do @@ -233,23 +278,37 @@ EOF # echo mailtest-check: cat $latest: # cat $latest # echo mailtest-check: end of cat - # echo "$(tput setaf 5 2>/dev/null ||:)█$(tput sgr0 2>/dev/null||:)%.0s" $(eval echo "{1..${COLUMNS:-60}}") #fi fi rm -f $resultfile - unexpected=$(( unexpected + ${#results[@]} )) + for r in ${results[@]}; do + case $r in + # iank: for when we want to handle dns errors differently. + # also uncomment declaration of dnsfail above. + # DKIM_INVALID|T_SPF_TEMPERROR|T_SPF_HELO_TEMPERROR) + # dnsfail+=1 + # ;; + *) + unexpected=$(( unexpected + 1 )) + ;; + esac + done for miss in ${missing[@]}; do - # We expect dns reputation services to go down from time to time, so - # we count them separately and alert differently. + # At some point we had annoying dns failures that we couldn't solve so we + # we counted dns fail related results separately and alert differently. + # DKIM_VALID|DKIM_VALID_AU|DKIM_VALID_EF|SPF_HELO_PASS|SPF_PASS| case $miss in - RCVD_IN_DNSWL_MED|DKIMWL_WL_HIGH) - missing_dnswl+=1 - ;; *) unexpected+=1 ;; esac done + mapfile -O ${#p_missing_dnswl[@]} -t p_missing_dnswl <>$path + done + for l in "${p_missing_dnswl[@]}"; do + printf "%s\n" "$l" >>$path + done + for l in "${p_last_usec[@]}"; do + printf "%s\n" "$l" >>$path + done + mv $path $dir/mailtest-check.prom # note: node_textfile_mtime_seconds will tell us when this last happened. useful for debugging. fi }