useful-scripts/mailcheck at master · xtcM4nimal/useful-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
#!/bin/bash

# Purpose : All in one mail script for information gathering and diagnostics

###################################
# Defining colours and definitions
###################################

colred=$(tput setaf 1)    #Red
colgrn=$(tput setaf 2)    #Green
colyel=$(tput setaf 3)    #Yellow
colblu=$(tput setaf 4)    #Blue
colmag=$(tput setaf 5)    #Magenta
colcya=$(tput setaf 6)    #Cyan
reset=$(tput sgr0)	  #Reset

PWDDIR='/var/log/'
PWDDIRTMP='/root'
SLASH='====================================================================================='
octet="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])"
IP4="^$octet\\.$octet\\.$octet\\.$octet$"

##############################
# Defining Functions
##############################

function smtpconn {

NUM=$(grep "SMTP connection outbound" $PWDDIR/exim_mainlog | grep $argument | awk '{print$1}' | wc -l)
DAYS=$(grep "SMTP connection outbound" $PWDDIR/exim_mainlog | grep $argument | awk '{print$1}' | sort | uniq)

echo "${colgrn}$SLASH${reset}
The domain ${colred}$argument${reset} has had ${colred}$NUM${reset} SMTP connections
to this server on the following days
${colgrn}$SLASH${reset}
${colyel}$DAYS${reset}
${colgrn}$SLASH${reset}"

}

function ec {
echo "This seems to have worked"
echo $argument
}

function doveuser {

DOVE1=$(grep "A=dovecot_login" $PWDDIR/exim_mainlog | sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##' | awk '"$6 =~ $IP4" {print $5,$6}' | sort | uniq | grep $argument | sort )
DOVE=$(grep "A=dovecot_login" $PWDDIR/exim_mainlog | sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##' | grep $argument | awk '{print $5}'| sort | uniq)
DOVE2=$(grep "A=dovecot_login" $PWDDIR/exim_mainlog | sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##' | awk '{print $6}' | sort | uniq | grep $argument | sort )

echo -e "${colgrn}$SLASH${reset}
These are the current DoveCot login users for ${colred}$argument${reset}
${colgrn}$SLASH${reset}
$DOVE
${colgrn}$SLASH${reset}"
echo -e "These are the ${colred}UNIQUE IPs${reset} Dovecot authenticated per User for ${colred}$argument${reset}
${colgrn}$SLASH${reset}
$DOVE1
${colgrn}$SLASH${reset}"

}

function disk {

USER=$(grep $argument /etc/trueuserdomains | awk '{print$2}')
USAGE=$(du -sh /home/$USER/mail/$argument/* | awk -F"/" '{print$1,$6}')

echo -e "${colgrn}$SLASH${reset}
Disk Usage of all mailboxes for ${colred}$argument${reset}
${colgrn}$SLASH${reset}
$USAGE
${colgrn}$SLASH${reset}"

}

function proto {

USERS=$(awk '/-login: Login:/ {print$6,$7,$8}' $PWDDIR/maillog | grep $argument | awk -F"=" '{print$2}' | sed 's/[<>,]//g' | sort | uniq | sed '/cpanel/d')
LOGINS=$(awk '/-login: Login:/ {print$6,$8}' $PWDDIR/maillog | grep $argument | sort | uniq)
LOGINS2=$(echo $LOGINS | grep -c login)
PROT=$(echo $LOGINS | awk -F":" '{print$1}')
POP=$(echo $LOGINS | grep -c "pop3")
IMAP=$(echo $LOGINS | grep -c "imap")
PIP=$(grep "pop3-login: Login:" $PWDDIR/maillog | grep $argument | awk -F"=" '{print$4}' | awk -F"," '{print$1}' | sort | uniq)
USER=$argument

if [ "$POP" = 1 ] && [ "$IMAP" = 1 ]
then
echo "$USER use BOTH POP3 and IMAP Protocols"
elif  [ "$POP" = 1 ] && [ "$IMAP" = 0 ]
then
echo -e "${colgrn}$SLASH${reset}
${colred}$USER uses POP3 Protocol Only from the following IPs:${reset}
$PIP
${colgrn}$SLASH${reset}"
else
echo "
${colgrn}$SLASH${reset}
${colred}$USER uses IMAP Protocol Only${reset}
${colgrn}$SLASH${reset}"
fi

}

function cwd {

DIRS=$(grep cwd $PWDDIR/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | tail -n 7 | sed '6d' | sed '6d')

echo "${colgrn}$SLASH${reset}
The following directories are responsible for highest executed mail on the server
${colgrn}$SLASH${reset}
$DIRS
${colgrn}$SLASH${reset}
${colred}If you are concerned about spam on this server you should investigate these further.${reset}
${colgrn}$SLASH${reset}"

}

function receive {
IDS=$(grep $argument $PWDDIR/exim_mainlog | grep "=>" | awk '{print$3}' | sort | uniq)
echo ${colgrn}$SLASH${reset}
echo "Below are the UNIQUE email address sending mail to ${colred}$argument${reset}"
echo ${colgrn}$SLASH${reset}
for i in $IDS; do grep $i $PWDDIR/exim_mainlog | grep "<=" | awk '{print$5}' | grep "@";done | sort | uniq
echo ${colgrn}$SLASH${reset}
}

function send {
TMPARG=$(echo $argument)

echo ${colgrn}$SLASH${reset}
    read -p "Would you like to check outbound connections for a specific destination? [y/N]: " choiceone
    if [ $choiceone = "y" ]; then
  echo "Please enter the destination email address"
  read destination
  grep "SMTP connection outbound" $PWDDIR/exim_mainlog | grep $TMPARG | grep $destination
else
  grep "SMTP connection outbound" $PWDDIR/exim_mainlog | grep $TMPARG
fi
  echo ${colgrn}$SLASH${reset}
}

####################
# Check arguments
####################

while getopts ":a:b:c:d:i:r:p:s" opt; do
  case $opt in
a)
      # Check SMTP connections for domain
      argument="$OPTARG"
      smtpconn
      ;;

b)
      # Checks Unique Dovecot login users
      argument="$OPTARG"
      doveuser
      ;;

c)
  # Checks users using both imap and pop3 or only 1 of them
  argument="$OPTARG"
  proto
  ;;

d)
  # Checks the size of all mailboxes for the domain as an argument.
  argument="$OPTARG"
  disk
  ;;

r)
  # Checks all unique email addresses successfully delivering mail to specific mailbox.
  argument="$OPTARG"
  receive
  ;;

p)
  # Checks all SMTP connections for domain - destination email address optional.
  argument="$OPTARG"
  send
  ;;

s)
  # Checks the top 5 CWDs for invoked sendmail excluding root. No argument needed.
        argument="$OPTARG"
        cwd
        ;;

\?)
      echo "Invalid option: -$OPTARG" >&2
      ;;

:)
      echo "Option -$OPTARG requires an argument." >&2
      exit 1
      ;;
  esac
done

if [ $# -eq 0 ]; then
  echo -e "\nUsage: \n"
  echo -e "mailcheck ${colgrn}[OPTION]${reset} ${colred}[Domain]\[User]${reset}\n"
  echo -e "-a \t Check SMTP connections for domain."
  echo -e "-b \t Checks Unique Dovecot login users"
  echo -e "-c \t Checks users using both imap and pop3 or only 1 of them."
  echo -e "-d \t Checks the size of all mailboxes for the domain as an argument"
  echo -e "-r \t Checks all unique IDs and mail addresses for a mailbox."
  echo -e "-p \t Checks all SMTP connections for a domain - destination email address optional."
  echo -e "-s \t Checks the top 5 CWDs for invoked sendmail on the server. Possible SPAM"
fi