Shell script to remote test AUTH with STARTTLS at postfix/dovecot server

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Shell script to remote test AUTH with STARTTLS at postfix/dovecot server

Dominic Raferd
I regularly test my remote mail servers (which use postfix - with
dovecot for authentication) to check they are live and functioning,
including that they are responding correctly to authorised login with
STARTTLS.

I currently use this (sorry about line breaks, the original is on one line):

timeout 20 /bin/bash -c "{ time (sleep 2; echo \"EHLO $(hostname
-f)\"; sleep 0.3; echo -n \"AUTH PLAIN \"; printf '%s\0%s\0%s'
\"$USERNAME\" \"$USERNAME\" \"$PASSWORD\"|base64; sleep 0.3; echo
\"QUIT\"; sleep 2; exit) | openssl s_client -connect $MX -starttls
smtp 2>/dev/null >${TMPF}0; } 2>${TMPF}2"

It usually works, but occasionally it gives timeout errors even though
the server is in fact ok. The problem is that the entire one-sided
conversation is piped through to openssl with preset time delays. Is
there a better way to do this (with a shell script) - in particular a
way to await (and check) the expected response from the server before
sending the next command in the sequence?
Reply | Threaded
Open this post in threaded view
|

Re: Shell script to remote test AUTH with STARTTLS at postfix/dovecot server

Alex JOST-2
Am 20.03.2018 um 09:15 schrieb Dominic Raferd:

> I regularly test my remote mail servers (which use postfix - with
> dovecot for authentication) to check they are live and functioning,
> including that they are responding correctly to authorised login with
> STARTTLS.
>
> I currently use this (sorry about line breaks, the original is on one line):
>
> timeout 20 /bin/bash -c "{ time (sleep 2; echo \"EHLO $(hostname
> -f)\"; sleep 0.3; echo -n \"AUTH PLAIN \"; printf '%s\0%s\0%s'
> \"$USERNAME\" \"$USERNAME\" \"$PASSWORD\"|base64; sleep 0.3; echo
> \"QUIT\"; sleep 2; exit) | openssl s_client -connect $MX -starttls
> smtp 2>/dev/null >${TMPF}0; } 2>${TMPF}2"
>
> It usually works, but occasionally it gives timeout errors even though
> the server is in fact ok. The problem is that the entire one-sided
> conversation is piped through to openssl with preset time delays. Is
> there a better way to do this (with a shell script) - in particular a
> way to await (and check) the expected response from the server before
> sending the next command in the sequence?
>

Take a look at SWAKS.

   http://www.jetmore.org/john/code/swaks/

--
Alex JOST
Reply | Threaded
Open this post in threaded view
|

Re: Shell script to remote test AUTH with STARTTLS at postfix/dovecot server

Dominic Raferd


On 20 March 2018 at 08:34, Alex JOST <[hidden email]> wrote:
Am 20.03.2018 um 09:15 schrieb Dominic Raferd:
I regularly test my remote mail servers (which use postfix - with
dovecot for authentication) to check they are live and functioning,
including that they are responding correctly to authorised login with
STARTTLS.

I currently use this (sorry about line breaks, the original is on one line):

timeout 20 /bin/bash -c "{ time (sleep 2; echo \"EHLO $(hostname
-f)\"; sleep 0.3; echo -n \"AUTH PLAIN \"; printf '%s\0%s\0%s'
\"$USERNAME\" \"$USERNAME\" \"$PASSWORD\"|base64; sleep 0.3; echo
\"QUIT\"; sleep 2; exit) | openssl s_client -connect $MX -starttls
smtp 2>/dev/null >${TMPF}0; } 2>${TMPF}2"

It usually works, but occasionally it gives timeout errors even though
the server is in fact ok. The problem is that the entire one-sided
conversation is piped through to openssl with preset time delays. Is
there a better way to do this (with a shell script) - in particular a
way to await (and check) the expected response from the server before
sending the next command in the sequence?


Take a look at SWAKS.

  http://www.jetmore.org/john/code/swaks/

​Thanks for the tip - that is the perfect tool for the job.​
Reply | Threaded
Open this post in threaded view
|

Re: Shell script to remote test AUTH with STARTTLS at postfix/dovecot server

@lbutlr
In reply to this post by Dominic Raferd
On 2018-03-20 (02:15 MDT), Dominic Raferd <[hidden email]> wrote:
>
> openssl s_client -connect <server:587> -starttls smtp

This is all I ever do. Unless I've been changing the configuration, I know that if submission is responding, it is working.

If I have been changing the configuration, I know this.

It also doesn't involve putting a password into a shell snippet where I assume it wold be visible in a ps check.

--
There's a city in my mind Come along and take that ride
And it's all right, baby it's all right
And it's very far away But it's growing day by day
And it's all right, baby it's all right