imporing the rest of shot1 incl enforce check
@@ -0,0 +1,91 @@ | ||
1 | +#!/bin/bash | |
2 | +set -e | |
3 | + | |
4 | +debug=1 | |
5 | + | |
6 | +ehlo=pro5s2.nethence.com | |
7 | +#ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'` | |
8 | +echo using $ehlo as EHLO | |
9 | + | |
10 | +sep="sed ':a;s/\B[0-9]\{3\}\>/,&/;ta'" | |
11 | + | |
12 | +function checkmx { | |
13 | + #so far we only take first MX without attemping to query DANE for backup ones | |
14 | + primary=`host -4 -t MX $domain | sort --numeric-sort | head -1 | awk '{print $NF}'` | |
15 | + primary=${primary%\.} | |
16 | + | |
17 | + #has no MX record | |
18 | + if [[ $primary = record ]]; then | |
19 | + (( debug == 1 )) && echo -e $domain\\tnomx | |
20 | + elif [[ $primary = "3(NXDOMAIN)" ]]; then | |
21 | + (( debug == 1 )) && echo -e $domain\\tnxdomain | |
22 | + elif [[ $primary = "2(SERVFAIL)" ]]; then | |
23 | + (( debug == 1 )) && echo -e $domain\\tservfail | |
24 | + #;; connection timed out; no servers could be reached | |
25 | + elif [[ $primary = "reached" ]]; then | |
26 | + (( debug == 1 )) && echo -e $domain\\ttimeout | |
27 | + elif [[ $domain = $primary ]]; then | |
28 | + echo -e $domain\\tmx $primary equals-mx | |
29 | + else | |
30 | + ip=`host $domain | awk '{print $NF}'` | |
31 | + primaryip=`host $primary | awk '{print $NF}'` | |
32 | + if [[ $ip = $primaryip ]]; then | |
33 | + echo -e $domain\\tmx $primary but-same-ip | |
34 | + else | |
35 | + echo -e $domain\\tmx $primary | |
36 | + fi | |
37 | + unset ip primaryip | |
38 | + fi | |
39 | + unset primary | |
40 | +} | |
41 | + | |
42 | +function parselist { | |
43 | + [[ -z $1 ]] && echo error function $0 requires file argument && exit 1 | |
44 | + [[ ! -r $1 ]] && echo error function $0 cannot read file $1 && exit 1 | |
45 | + | |
46 | + echo writing to $1.mx ... | |
47 | + for domain in `cat $1`; do | |
48 | + checkmx | |
49 | + done > $1.mx && echo wrote to $1.mx; unset domain | |
50 | +} | |
51 | + | |
52 | +echo -n entering domains/mx/ ... | |
53 | +mkdir -p domains/mx/ | |
54 | +cd domains/mx/ && echo done | |
55 | + | |
56 | +echo -n splitting ptr.unique.nomadness.unique into 22 files... | |
57 | +split -a2 -d -nl/22 ../domains.unique domains.unique && echo done | |
58 | + | |
59 | +#TODO also check PTR FQDNs ptr.unique.nomadness[0-9][0-9] | |
60 | +#for input in ptr.unique.nomadness06.domains; do | |
61 | +#for input in domains.unique[0-9][0-9]; do | |
62 | +for input in domains.unique.moar; do | |
63 | + parselist $input & | |
64 | +done; unset input | |
65 | +jobs | |
66 | +cat <<EOF | |
67 | + | |
68 | +watch with | |
69 | + | |
70 | + ps auxfww | grep checkmx | |
71 | + tail -F domains/mx/*.mx | |
72 | + watch ls -lF domains/mx/*.mx | |
73 | + | |
74 | +EOF | |
75 | +time wait | |
76 | + | |
77 | +echo -n merging defined MX from \*.mx into mx ... | |
78 | +cut -f2 *.mx | grep -E '^mx ' | awk '{print $2}' > mx && echo done | |
79 | +wc -l mx | eval $sep | |
80 | + | |
81 | +#used fix on first shot (we did not use 'mx ' for equals and sameip) | |
82 | +#grep --no-filename equals-mx$ *.mx | awk '{print $1}' > mx.equals-mx | |
83 | +#grep --no-filename but-same-ip$ *.mx | awk '{print $2}' > mx.but-same-ip | |
84 | +#cat mx.equals-mx mx.but-same-ip >> mx | |
85 | + | |
86 | +echo -n unique into mx.unique ... | |
87 | +sort --version-sort -u mx > mx.unique && echo done | |
88 | +wc -l mx.unique | eval $sep | |
89 | + | |
90 | +#TODO 2/3rd-level vs all | |
91 | + |
@@ -0,0 +1,33 @@ | ||
1 | +#!/bin/bash | |
2 | + | |
3 | +[[ ! -x `which expect` ]] && echo install expect first && exit 1 | |
4 | + | |
5 | +#echo -n entering domains/mx/dane/ ... | |
6 | +#mkdir -p domains/mx/dane/ | |
7 | +#cd domains/mx/dane/ | |
8 | + | |
9 | +#echo -n splitting mx.unique into 50 pieces... | |
10 | +#split -a2 -d -nl/50 ../mx.unique mx.unique && echo done | |
11 | + | |
12 | +echo -n starting 50 processes to process those... | |
13 | +#for piece in mx.unique49; do | |
14 | +for piece in mx.unique[0-9][0-9]; do | |
15 | + echo writing to $piece.starttls | |
16 | + for mx in `cat $piece`; do | |
17 | + timeout --preserve-status --kill-after=5s 1m $HOME/masspie/checksmtp.exp $mx | |
18 | + done > $piece.starttls 2> $piece.starttls.enforce & | |
19 | + unset mx | |
20 | +done && echo done; unset piece | |
21 | + | |
22 | +cat <<EOF | |
23 | + | |
24 | +watch live with | |
25 | + | |
26 | + ps auxfww | grep checksmtp | grep -v grep | |
27 | + tail -F mx.unique00.starttls | |
28 | + tail -F mx.unique00.starttls.enforce | |
29 | + | |
30 | +EOF | |
31 | + | |
32 | +time wait | |
33 | + |
@@ -0,0 +1,68 @@ | ||
1 | +#!/bin/bash | |
2 | +set -e | |
3 | + | |
4 | +debug=0 | |
5 | + | |
6 | +[[ ! -f $HOME/masspie/cacert.pem ]] && echo $HOME/masspie/cacert.pem is required && exit 1 | |
7 | + | |
8 | +ehlo=pro5s2.nethence.com | |
9 | +#ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'` | |
10 | +echo using $ehlo as EHLO | |
11 | + | |
12 | +function checkssl { | |
13 | + [[ -z $mx ]] && echo function $0 requires \$mx && exit 1 | |
14 | + | |
15 | + #we only need the last result with 'Verify', as it repeats in parenthesis what 'Verification' said above | |
16 | + if raw=`echo Q | timeout --preserve-status -k 5s 10s /usr/local/bin/openssl s_client -4 -showcerts -verify 5 -CAfile $HOME/masspie/cacert.pem -starttls smtp -name $ehlo -servername $mx -connect $mx:25 -crlf 2>/dev/null`; then | |
17 | + issuer=`echo "$raw" | grep -E '^issuer='` | |
18 | + cipher=`echo "$raw" | grep -E 'Cipher is|^Server public key is'` | |
19 | + | |
20 | + [[ -n $issuer ]] && echo -e $mx\\t$issuer >> $piece.ssl.issuer | |
21 | + [[ -n $cipher ]] && echo -e $mx\\t$cipher >> $piece.ssl.cipher | |
22 | + | |
23 | + unset issuer cipher | |
24 | + fi | |
25 | + result=`echo "$raw" | grep -E 'Cipher is|Verify return code'` | |
26 | + echo -e $mx\\t$result | |
27 | + | |
28 | + #-CApath /etc/ssl/certs | |
29 | + #-brief | |
30 | + #-verify_return_error | |
31 | + | |
32 | + unset raw result | |
33 | +} | |
34 | + | |
35 | +function processpiece { | |
36 | + rm -f $piece.ssl.issuer $piece.ssl.cipher | |
37 | + for mx in `cat $piece`; do | |
38 | + checkssl | |
39 | + done > $piece.ssl && echo $piece done || echo $piece FAIL; unset mx | |
40 | +} | |
41 | + | |
42 | +#echo -n entering domains/mx/dane/ ... | |
43 | +#mkdir -p domains/mx/dane/ | |
44 | +#cd domains/mx/dane/ | |
45 | + | |
46 | +#echo -n splitting mx.unique into 50 pieces... | |
47 | +#split -a2 -d -nl/50 ../mx.unique mx.unique && echo done | |
48 | + | |
49 | +#real 392m40.484s | |
50 | +#user 195m10.038s | |
51 | +#sys 33m7.304s | |
52 | +echo -n starting 50 processes to process those... | |
53 | +#for piece in mx.unique48; do | |
54 | +echo writing to mx.uniqueXX.ssl mx.uniqueXX.ssl.issuer mx.uniqueXX.ssl.cipher | |
55 | +for piece in mx.unique[0-9][0-9]; do | |
56 | + processpiece & | |
57 | +done && echo all pieces processing done || echo all pieces processing FAIL; unset piece | |
58 | +cat <<EOF | |
59 | + | |
60 | +watch live with | |
61 | + | |
62 | + ps auxfww | grep checkssl | grep -v grep | |
63 | + cd mass/splitted/domains/mx/dane/ | |
64 | + tail -F *.ssl | |
65 | + | |
66 | +EOF | |
67 | +time wait | |
68 | + |