Add script 'check_prosody_auth.sh'.

2026-04-17 09:43:17 +02:00
parent a8d895e1b2
commit d0e12e5cf8
1 changed files with 38 additions and 0 deletions
--- a/check_prosody_auth.sh
+++ b/check_prosody_auth.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# --------------------
+# This script checks whether the 'prosody' service has logged any Dovecot authentication errors within 
+# the last check interval (MONITORING_INTERVAL)
+#
+# It is a good idea to run this script as a cron job every check interval minutes (MONITORING_INTERVAL).
+# --------------------
+
+LOGFILE="/var/log/prosody_auth_check.log"
+TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
+DOVECOT_HOST="a.mx.oopen.de"
+DOVECOT_PORT="44444"
+MONITORING_INTERVAL=6
+
+# Test 1: Ist Dovecot überhaupt erreichbar?
+if ! timeout 8 bash -c "echo >/dev/tcp/$DOVECOT_HOST/$DOVECOT_PORT" 2>/dev/null; then
+    echo "$TIMESTAMP WARN: Dovecot nicht erreichbar - Prosody-Restart wäre sinnlos, überspringe" >> $LOGFILE
+    exit 1
+fi
+
+# Test 2: Genau der bekannte Fehler in den letzten 6 Minuten?
+ERROR_COUNT=$(journalctl -u prosody --since "${MONITORING_INTERVAL} minutes ago" --no-pager 2>/dev/null | \
+    grep -c "sasl_dovecot: Could not read from socket" || true)
+
+if [ "$ERROR_COUNT" -gt 0 ]; then
+    echo "$TIMESTAMP ERROR: sasl_dovecot socket-Fehler erkannt ($ERROR_COUNT×) – starte Prosody neu" >> $LOGFILE
+    systemctl restart prosody
+    sleep 5
+    if systemctl is-active --quiet prosody; then
+        echo "$TIMESTAMP OK: Prosody erfolgreich neugestartet" >> $LOGFILE
+    else
+        echo "$TIMESTAMP CRITICAL: Prosody-Neustart fehlgeschlagen!" >> $LOGFILE
+    fi
+    exit 0
+fi
+
+echo "$TIMESTAMP OK: Keine Auth-Fehler" >> $LOGFILE