Implement complete SPF/DKIM/DMARC validation and email deliverability testing

SPF/DKIM/DMARC Check: - Complete implementation to validate email authentication records - Checks SPF record for proper terminator and mechanisms - Checks DKIM record with common selector detection - Validates DMARC policy, alignment, and reporting - Tries common DKIM selectors (default, k1, k2, google, selector1, selector2) - Analyzes SPF/DKIM/DMARC strength (EXCELLENT/GOOD/PARTIAL/CRITICAL) - Provides actionable recommendations for missing records - Shows configuration examples for each authentication method Email Deliverability Test: - 5-step comprehensive deliverability testing - Step 1: Validates SPF/DKIM/DMARC records exist - Step 2: Tests SMTP connectivity to MX records - Step 3: Checks server IP against major blacklists (Spamhaus, SpamCop, Barracuda, SORBS, CBL) - Step 4: Validates reverse DNS (PTR record) configuration - Step 5: Sends actual test email to verify end-to-end delivery - Integrated blacklist detection with difficulty ratings - Links to related diagnostic tools - Provides troubleshooting guidance for failed tests Key Features: - User-friendly input prompts for domain and test recipient - Color-coded output (success, warning, error) - Comprehensive test summary with next steps - Integration with existing email diagnostics tools - Clear recommendations for each test result - Cross-references to blacklist-check, email-diagnostics, and mail-log-analyzer These tools complete the email infrastructure validation suite, allowing administrators to comprehensively validate email authentication, deliverability, and blacklist status from one integrated toolset. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-02-06 20:26:35 -05:00
parent a6556bd540
commit 9fb9d950ea
2 changed files with 522 additions and 5 deletions
@@ -1,12 +1,280 @@
 #!/bin/bash

+################################################################################
+# Email Deliverability Test - Comprehensive Email Sending Validation
+################################################################################
+# Purpose: Test email deliverability with authentication checks and blacklist detection
+# Validates SPF/DKIM/DMARC, tests SMTP connection, checks blacklists
+################################################################################
+
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
 source "$SCRIPT_DIR/lib/common-functions.sh"
+source "$SCRIPT_DIR/lib/system-detect.sh"
+source "$SCRIPT_DIR/lib/email-functions.sh"

 show_banner "Email Deliverability Test"

-print_info "This module tests email sending and receiving"
-print_warning "Coming soon - Under development"
+# Get input from user
 echo ""
-print_info "For now, use: echo 'Test' | mail -s 'Test' your@email.com"
+read -p "Enter domain to test (e.g., example.com): " TARGET_DOMAIN
+if [ -z "$TARGET_DOMAIN" ]; then
+    print_error "Domain required"
+    exit 1
+fi
+
+read -p "Enter test recipient email (will receive test email): " TEST_EMAIL
+if [ -z "$TEST_EMAIL" ]; then
+    print_error "Recipient email required"
+    exit 1
+fi
+
+read -p "Enter sender email address (e.g., test@$TARGET_DOMAIN): " SENDER_EMAIL
+if [ -z "$SENDER_EMAIL" ]; then
+    SENDER_EMAIL="test@$TARGET_DOMAIN"
+fi
+
+print_info "Starting comprehensive deliverability test..."
+echo ""
+
+################################################################################
+# Test 1: Authentication Records Check
+################################################################################
+
+print_header "Step 1: Email Authentication Records"
+echo ""
+
+# SPF Check
+print_info "Checking SPF record..."
+spf_record=$(dig +short TXT "$TARGET_DOMAIN" 2>/dev/null | grep "^\"v=spf1" | sed 's/"//g')
+if [ -n "$spf_record" ]; then
+    print_success "  ✓ SPF record found"
+else
+    print_warning "  ⚠ SPF record not found (may affect deliverability)"
+fi
+echo ""
+
+# DKIM Check
+print_info "Checking DKIM record..."
+for sel in default k1 k2 google selector1 selector2; do
+    dkim_record=$(dig +short TXT "${sel}._domainkey.${TARGET_DOMAIN}" 2>/dev/null | grep "^\"v=DKIM1")
+    if [ -n "$dkim_record" ]; then
+        print_success "  ✓ DKIM record found (selector: $sel)"
+        break
+    fi
+done
+if [ -z "$dkim_record" ]; then
+    print_warning "  ⚠ DKIM record not found (recommend enabling for better deliverability)"
+fi
+echo ""
+
+# DMARC Check
+print_info "Checking DMARC record..."
+dmarc_record=$(dig +short TXT "_dmarc.${TARGET_DOMAIN}" 2>/dev/null | grep "^\"v=DMARC1" | sed 's/"//g')
+if [ -n "$dmarc_record" ]; then
+    print_success "  ✓ DMARC record found"
+else
+    print_warning "  ⚠ DMARC record not found (recommended for authentication monitoring)"
+fi
+echo ""
+
+################################################################################
+# Test 2: SMTP Connection Test
+################################################################################
+
+print_header "Step 2: SMTP Connection Test"
+echo ""
+
+print_info "Testing SMTP connectivity..."
+
+# Get MX records
+MX_RECORDS=$(dig +short MX "$TARGET_DOMAIN" 2>/dev/null | head -5)
+
+if [ -z "$MX_RECORDS" ]; then
+    print_error "  ✗ No MX records found for $TARGET_DOMAIN"
+    echo "    Cannot test SMTP connectivity"
+else
+    print_success "  ✓ MX records found:"
+    echo "$MX_RECORDS" | while read priority server; do
+        server=$(echo "$server" | sed 's/\.$//')
+        echo "    • Priority $priority: $server"
+
+        # Try to connect to SMTP
+        if timeout 3 bash -c "echo 'QUIT' | nc -w 1 $server 25" &>/dev/null; then
+            print_success "      ✓ SMTP port 25 responds"
+        else
+            print_warning "      ⚠ SMTP port 25 not responding (may use port 587/465)"
+        fi
+    done
+fi
+echo ""
+
+################################################################################
+# Test 3: Blacklist Check (from email-diagnostics)
+################################################################################
+
+print_header "Step 3: Server IP Blacklist Check"
+echo ""
+
+# Get server's public IP
+print_info "Detecting server IP address..."
+SERVER_IP=$(curl -s ifconfig.me 2>/dev/null || curl -s icanhazip.com 2>/dev/null || echo "")
+
+if [ -z "$SERVER_IP" ]; then
+    print_warning "  ⚠ Could not detect server IP (skipping blacklist check)"
+else
+    print_success "  Server IP: $SERVER_IP"
+    echo ""
+
+    # Check major blacklists
+    BLACKLISTS_DB=(
+        "zen.spamhaus.org|Spamhaus"
+        "bl.spamcop.net|SpamCop"
+        "bl.barracudacentral.org|Barracuda"
+        "dnsbl.sorbs.net|SORBS"
+        "cbl.abuseat.org|CBL"
+    )
+
+    print_info "Checking major blacklists..."
+    REVERSED_IP=$(echo $SERVER_IP | awk -F. '{print $4"."$3"."$2"."$1}')
+
+    listed=0
+    for entry in "${BLACKLISTS_DB[@]}"; do
+        IFS='|' read -r rbl_host rbl_name <<< "$entry"
+
+        if dig +short +timeout=2 "${REVERSED_IP}.${rbl_host}" A 2>/dev/null | grep -q .; then
+            print_error "    ✗ $rbl_name: LISTED (may cause delivery issues)"
+            ((listed++))
+        else
+            print_success "    ✓ $rbl_name: Not listed"
+        fi
+    done
+
+    if [ $listed -gt 0 ]; then
+        echo ""
+        print_warning "  ⚠ Your IP is listed on $listed blacklist(s)"
+        echo "    Recommendation: Use blacklist-check tool for delisting options"
+    fi
+fi
+echo ""
+
+################################################################################
+# Test 4: Reverse DNS Check
+################################################################################
+
+print_header "Step 4: Reverse DNS (PTR Record) Check"
+echo ""
+
+print_info "Checking reverse DNS..."
+if [ -n "$SERVER_IP" ]; then
+    PTR_RECORD=$(dig +short -x "$SERVER_IP" 2>/dev/null)
+    if [ -n "$PTR_RECORD" ]; then
+        print_success "  ✓ PTR record found: $PTR_RECORD"
+        echo "    Reverse DNS is properly configured"
+    else
+        print_error "  ✗ PTR record not found"
+        echo "    Recommendation: Contact your hosting provider to set reverse DNS"
+    fi
+else
+    print_warning "  ⚠ Could not determine server IP (skip PTR check)"
+fi
+echo ""
+
+################################################################################
+# Test 5: Send Test Email
+################################################################################
+
+print_header "Step 5: Send Test Email"
+echo ""
+
+print_info "Composing and sending test email..."
+
+# Create test email
+TEST_EMAIL_FILE="/tmp/deliverability_test_$$.txt"
+cat > "$TEST_EMAIL_FILE" << EMAILEOF
+Subject: Email Deliverability Test from $TARGET_DOMAIN
+From: $SENDER_EMAIL
+To: $TEST_EMAIL
+Date: $(date -R)
+
+This is an automated email deliverability test from:
+Domain: $TARGET_DOMAIN
+Server IP: ${SERVER_IP:-Unknown}
+Timestamp: $(date)
+
+If you received this email, your email system is working correctly.
+
+Check the email headers to verify:
+- SPF authentication result
+- DKIM signature
+- DMARC alignment
+
+---
+Sent from Email Deliverability Test Tool
+EMAILEOF
+
+# Try to send email
+if command -v sendmail &> /dev/null; then
+    if sendmail "$TEST_EMAIL" < "$TEST_EMAIL_FILE" 2>/dev/null; then
+        print_success "  ✓ Test email sent successfully via sendmail"
+        echo "    Recipient should receive email at: $TEST_EMAIL"
+    else
+        print_warning "  ⚠ sendmail submission may have failed"
+    fi
+elif command -v mail &> /dev/null; then
+    if echo "" | mail -s "Email Deliverability Test" -r "$SENDER_EMAIL" "$TEST_EMAIL" 2>/dev/null; then
+        print_success "  ✓ Test email sent successfully via mail command"
+        echo "    Recipient should receive email at: $TEST_EMAIL"
+    else
+        print_warning "  ⚠ mail command submission may have failed"
+    fi
+else
+    print_warning "  ⚠ No mail sending utility found (sendmail/mail)"
+    echo "    Email sending cannot be tested on this system"
+fi
+
+rm -f "$TEST_EMAIL_FILE"
+echo ""
+
+################################################################################
+# Test Summary & Recommendations
+################################################################################
+
+print_header "Deliverability Test Summary"
+echo ""
+
+echo "📧 Test Configuration:"
+echo "  Domain: $TARGET_DOMAIN"
+echo "  Sender: $SENDER_EMAIL"
+echo "  Recipient: $TEST_EMAIL"
+if [ -n "$SERVER_IP" ]; then
+    echo "  Server IP: $SERVER_IP"
+fi
+echo ""
+
+echo "✅ Recommended Next Steps:"
+echo ""
+echo "1. Check recipient inbox for test email"
+echo "   Look for the email from $SENDER_EMAIL"
+echo ""
+echo "2. Review email headers:"
+echo "   - Verify 'Authentication-Results' header"
+echo "   - Check SPF, DKIM, DMARC results"
+echo "   - Look for any 'pass' or 'fail' indications"
+echo ""
+echo "3. If email didn't arrive:"
+echo "   - Check spam/junk folder"
+echo "   - Review mail server logs: tail -f /var/log/mail.log"
+echo "   - Use email-diagnostics tool: email-diagnostics"
+echo "   - Check blacklist status: blacklist-check"
+echo ""
+echo "4. For authentication issues:"
+echo "   - Validate records: spf-dkim-dmarc-check"
+echo "   - Analyze mail logs: mail-log-analyzer"
+echo ""
+
+echo "🔗 Related Tools:"
+echo "  • email-diagnostics  - Analyze specific email delivery issues"
+echo "  • blacklist-check    - Check IP reputation on RBLs"
+echo "  • spf-dkim-dmarc-check - Validate authentication records"
+echo "  • mail-log-analyzer  - Analyze mail server logs"
 echo ""