• R/O
  • SSH
  • HTTPS

masspie: Commit


Commit MetaInfo

Revision22 (tree)
Zeit2020-02-19 15:43:47
Autorelge

Log Message

imporing the rest of shot1 incl enforce check

Ändern Zusammenfassung

Diff

--- checkmx.bash (nonexistent)
+++ checkmx.bash (revision 22)
@@ -0,0 +1,91 @@
1+#!/bin/bash
2+set -e
3+
4+debug=1
5+
6+ehlo=pro5s2.nethence.com
7+#ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'`
8+echo using $ehlo as EHLO
9+
10+sep="sed ':a;s/\B[0-9]\{3\}\>/,&/;ta'"
11+
12+function checkmx {
13+ #so far we only take first MX without attemping to query DANE for backup ones
14+ primary=`host -4 -t MX $domain | sort --numeric-sort | head -1 | awk '{print $NF}'`
15+ primary=${primary%\.}
16+
17+ #has no MX record
18+ if [[ $primary = record ]]; then
19+ (( debug == 1 )) && echo -e $domain\\tnomx
20+ elif [[ $primary = "3(NXDOMAIN)" ]]; then
21+ (( debug == 1 )) && echo -e $domain\\tnxdomain
22+ elif [[ $primary = "2(SERVFAIL)" ]]; then
23+ (( debug == 1 )) && echo -e $domain\\tservfail
24+ #;; connection timed out; no servers could be reached
25+ elif [[ $primary = "reached" ]]; then
26+ (( debug == 1 )) && echo -e $domain\\ttimeout
27+ elif [[ $domain = $primary ]]; then
28+ echo -e $domain\\tmx $primary equals-mx
29+ else
30+ ip=`host $domain | awk '{print $NF}'`
31+ primaryip=`host $primary | awk '{print $NF}'`
32+ if [[ $ip = $primaryip ]]; then
33+ echo -e $domain\\tmx $primary but-same-ip
34+ else
35+ echo -e $domain\\tmx $primary
36+ fi
37+ unset ip primaryip
38+ fi
39+ unset primary
40+}
41+
42+function parselist {
43+ [[ -z $1 ]] && echo error function $0 requires file argument && exit 1
44+ [[ ! -r $1 ]] && echo error function $0 cannot read file $1 && exit 1
45+
46+ echo writing to $1.mx ...
47+ for domain in `cat $1`; do
48+ checkmx
49+ done > $1.mx && echo wrote to $1.mx; unset domain
50+}
51+
52+echo -n entering domains/mx/ ...
53+mkdir -p domains/mx/
54+cd domains/mx/ && echo done
55+
56+echo -n splitting ptr.unique.nomadness.unique into 22 files...
57+split -a2 -d -nl/22 ../domains.unique domains.unique && echo done
58+
59+#TODO also check PTR FQDNs ptr.unique.nomadness[0-9][0-9]
60+#for input in ptr.unique.nomadness06.domains; do
61+#for input in domains.unique[0-9][0-9]; do
62+for input in domains.unique.moar; do
63+ parselist $input &
64+done; unset input
65+jobs
66+cat <<EOF
67+
68+watch with
69+
70+ ps auxfww | grep checkmx
71+ tail -F domains/mx/*.mx
72+ watch ls -lF domains/mx/*.mx
73+
74+EOF
75+time wait
76+
77+echo -n merging defined MX from \*.mx into mx ...
78+cut -f2 *.mx | grep -E '^mx ' | awk '{print $2}' > mx && echo done
79+wc -l mx | eval $sep
80+
81+#used fix on first shot (we did not use 'mx ' for equals and sameip)
82+#grep --no-filename equals-mx$ *.mx | awk '{print $1}' > mx.equals-mx
83+#grep --no-filename but-same-ip$ *.mx | awk '{print $2}' > mx.but-same-ip
84+#cat mx.equals-mx mx.but-same-ip >> mx
85+
86+echo -n unique into mx.unique ...
87+sort --version-sort -u mx > mx.unique && echo done
88+wc -l mx.unique | eval $sep
89+
90+#TODO 2/3rd-level vs all
91+
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
--- checksmtp.bash (nonexistent)
+++ checksmtp.bash (revision 22)
@@ -0,0 +1,33 @@
1+#!/bin/bash
2+
3+[[ ! -x `which expect` ]] && echo install expect first && exit 1
4+
5+#echo -n entering domains/mx/dane/ ...
6+#mkdir -p domains/mx/dane/
7+#cd domains/mx/dane/
8+
9+#echo -n splitting mx.unique into 50 pieces...
10+#split -a2 -d -nl/50 ../mx.unique mx.unique && echo done
11+
12+echo -n starting 50 processes to process those...
13+#for piece in mx.unique49; do
14+for piece in mx.unique[0-9][0-9]; do
15+ echo writing to $piece.starttls
16+ for mx in `cat $piece`; do
17+ timeout --preserve-status --kill-after=5s 1m $HOME/masspie/checksmtp.exp $mx
18+ done > $piece.starttls 2> $piece.starttls.enforce &
19+ unset mx
20+done && echo done; unset piece
21+
22+cat <<EOF
23+
24+watch live with
25+
26+ ps auxfww | grep checksmtp | grep -v grep
27+ tail -F mx.unique00.starttls
28+ tail -F mx.unique00.starttls.enforce
29+
30+EOF
31+
32+time wait
33+
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
--- checkssl.bash (nonexistent)
+++ checkssl.bash (revision 22)
@@ -0,0 +1,68 @@
1+#!/bin/bash
2+set -e
3+
4+debug=0
5+
6+[[ ! -f $HOME/masspie/cacert.pem ]] && echo $HOME/masspie/cacert.pem is required && exit 1
7+
8+ehlo=pro5s2.nethence.com
9+#ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'`
10+echo using $ehlo as EHLO
11+
12+function checkssl {
13+ [[ -z $mx ]] && echo function $0 requires \$mx && exit 1
14+
15+ #we only need the last result with 'Verify', as it repeats in parenthesis what 'Verification' said above
16+ if raw=`echo Q | timeout --preserve-status -k 5s 10s /usr/local/bin/openssl s_client -4 -showcerts -verify 5 -CAfile $HOME/masspie/cacert.pem -starttls smtp -name $ehlo -servername $mx -connect $mx:25 -crlf 2>/dev/null`; then
17+ issuer=`echo "$raw" | grep -E '^issuer='`
18+ cipher=`echo "$raw" | grep -E 'Cipher is|^Server public key is'`
19+
20+ [[ -n $issuer ]] && echo -e $mx\\t$issuer >> $piece.ssl.issuer
21+ [[ -n $cipher ]] && echo -e $mx\\t$cipher >> $piece.ssl.cipher
22+
23+ unset issuer cipher
24+ fi
25+ result=`echo "$raw" | grep -E 'Cipher is|Verify return code'`
26+ echo -e $mx\\t$result
27+
28+ #-CApath /etc/ssl/certs
29+ #-brief
30+ #-verify_return_error
31+
32+ unset raw result
33+}
34+
35+function processpiece {
36+ rm -f $piece.ssl.issuer $piece.ssl.cipher
37+ for mx in `cat $piece`; do
38+ checkssl
39+ done > $piece.ssl && echo $piece done || echo $piece FAIL; unset mx
40+}
41+
42+#echo -n entering domains/mx/dane/ ...
43+#mkdir -p domains/mx/dane/
44+#cd domains/mx/dane/
45+
46+#echo -n splitting mx.unique into 50 pieces...
47+#split -a2 -d -nl/50 ../mx.unique mx.unique && echo done
48+
49+#real 392m40.484s
50+#user 195m10.038s
51+#sys 33m7.304s
52+echo -n starting 50 processes to process those...
53+#for piece in mx.unique48; do
54+echo writing to mx.uniqueXX.ssl mx.uniqueXX.ssl.issuer mx.uniqueXX.ssl.cipher
55+for piece in mx.unique[0-9][0-9]; do
56+ processpiece &
57+done && echo all pieces processing done || echo all pieces processing FAIL; unset piece
58+cat <<EOF
59+
60+watch live with
61+
62+ ps auxfww | grep checkssl | grep -v grep
63+ cd mass/splitted/domains/mx/dane/
64+ tail -F *.ssl
65+
66+EOF
67+time wait
68+
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Show on old repository browser