diff --git a/check_prosody_auth.sh b/check_prosody_auth.sh
new file mode 100755
index 0000000..863abb7
--- /dev/null
+++ b/check_prosody_auth.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# --------------------
+# This script checks whether the 'prosody' service has logged any Dovecot authentication errors within 
+# the last check interval (MONITORING_INTERVAL)
+#
+# It is a good idea to run this script as a cron job every check interval minutes (MONITORING_INTERVAL).
+# --------------------
+
+LOGFILE="/var/log/prosody_auth_check.log"
+TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
+DOVECOT_HOST="a.mx.oopen.de"
+DOVECOT_PORT="44444"
+MONITORING_INTERVAL=6
+
+# Test 1: Ist Dovecot überhaupt erreichbar?
+if ! timeout 8 bash -c "echo >/dev/tcp/$DOVECOT_HOST/$DOVECOT_PORT" 2>/dev/null; then
+    echo "$TIMESTAMP WARN: Dovecot nicht erreichbar - Prosody-Restart wäre sinnlos, überspringe" >> $LOGFILE
+    exit 1
+fi
+
+# Test 2: Genau der bekannte Fehler in den letzten 6 Minuten?
+ERROR_COUNT=$(journalctl -u prosody --since "${MONITORING_INTERVAL} minutes ago" --no-pager 2>/dev/null | \
+    grep -c "sasl_dovecot: Could not read from socket" || true)
+
+if [ "$ERROR_COUNT" -gt 0 ]; then
+    echo "$TIMESTAMP ERROR: sasl_dovecot socket-Fehler erkannt ($ERROR_COUNT×) – starte Prosody neu" >> $LOGFILE
+    systemctl restart prosody
+    sleep 5
+    if systemctl is-active --quiet prosody; then
+        echo "$TIMESTAMP OK: Prosody erfolgreich neugestartet" >> $LOGFILE
+    else
+        echo "$TIMESTAMP CRITICAL: Prosody-Neustart fehlgeschlagen!" >> $LOGFILE
+    fi
+    exit 0
+fi
+
+echo "$TIMESTAMP OK: Keine Auth-Fehler" >> $LOGFILE