#!/bin/bash

# Email Server Test Script
# This script helps test various components of your email server

set -euo pipefail

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

# Configuration
DOMAIN=""
HOSTNAME=""
TEST_EMAIL=""

# Get configuration
get_config() {
    if [[ -z "$DOMAIN" ]]; then
        read -p "Enter your domain (e.g., example.com): " DOMAIN
    fi
    if [[ -z "$HOSTNAME" ]]; then
        read -p "Enter your hostname (e.g., mail.example.com): " HOSTNAME
    fi
    if [[ -z "$TEST_EMAIL" ]]; then
        read -p "Enter test email address: " TEST_EMAIL
    fi
}

# Test functions
test_dns() {
    echo -e "${BLUE}Testing DNS Configuration...${NC}"
    
    echo "Checking MX record for $DOMAIN:"
    if dig +short MX $DOMAIN | grep -q $HOSTNAME; then
        echo -e "${GREEN}✓ MX record found${NC}"
    else
        echo -e "${RED}✗ MX record not found or incorrect${NC}"
    fi
    
    echo "Checking A record for $HOSTNAME:"
    if dig +short A $HOSTNAME | grep -q .; then
        echo -e "${GREEN}✓ A record found${NC}"
    else
        echo -e "${RED}✗ A record not found${NC}"
    fi
    
    echo "Checking SPF record for $DOMAIN:"
    if dig +short TXT $DOMAIN | grep -q "v=spf1"; then
        echo -e "${GREEN}✓ SPF record found${NC}"
    else
        echo -e "${RED}✗ SPF record not found${NC}"
    fi
    
    echo "Checking DKIM record for $DOMAIN:"
    if dig +short TXT mail._domainkey.$DOMAIN | grep -q "v=DKIM1"; then
        echo -e "${GREEN}✓ DKIM record found${NC}"
    else
        echo -e "${RED}✗ DKIM record not found${NC}"
    fi
    
    echo "Checking DMARC record for $DOMAIN:"
    if dig +short TXT _dmarc.$DOMAIN | grep -q "v=DMARC1"; then
        echo -e "${GREEN}✓ DMARC record found${NC}"
    else
        echo -e "${RED}✗ DMARC record not found${NC}"
    fi
    echo
}

test_services() {
    echo -e "${BLUE}Testing Service Status...${NC}"
    
    services=("postfix" "dovecot" "amavis" "spamassassin" "clamav-daemon" "opendkim" "apache2" "postgresql")
    
    for service in "${services[@]}"; do
        if systemctl is-active --quiet $service; then
            echo -e "${GREEN}✓ $service is running${NC}"
        else
            echo -e "${RED}✗ $service is not running${NC}"
        fi
    done
    echo
}

test_ports() {
    echo -e "${BLUE}Testing Port Connectivity...${NC}"
    
    ports=("25:SMTP" "587:Submission" "465:SMTPS" "143:IMAP" "993:IMAPS" "110:POP3" "995:POP3S")
    
    for port_info in "${ports[@]}"; do
        port=$(echo $port_info | cut -d: -f1)
        name=$(echo $port_info | cut -d: -f2)
        
        if nc -z localhost $port 2>/dev/null; then
            echo -e "${GREEN}✓ Port $port ($name) is open${NC}"
        else
            echo -e "${RED}✗ Port $port ($name) is closed${NC}"
        fi
    done
    echo
}

test_ssl() {
    echo -e "${BLUE}Testing SSL Certificates...${NC}"
    
    if [[ -f "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem" ]]; then
        echo -e "${GREEN}✓ SSL certificate found${NC}"
        
        # Check certificate validity
        if openssl x509 -in /etc/letsencrypt/live/$HOSTNAME/fullchain.pem -noout -checkend 86400; then
            echo -e "${GREEN}✓ SSL certificate is valid${NC}"
        else
            echo -e "${RED}✗ SSL certificate is expired or expiring soon${NC}"
        fi
        
        # Check certificate CN
        cn=$(openssl x509 -in /etc/letsencrypt/live/$HOSTNAME/fullchain.pem -noout -subject | grep -o "CN=[^,]*" | cut -d= -f2)
        if [[ "$cn" == "$HOSTNAME" ]]; then
            echo -e "${GREEN}✓ SSL certificate CN matches hostname${NC}"
        else
            echo -e "${RED}✗ SSL certificate CN ($cn) doesn't match hostname ($HOSTNAME)${NC}"
        fi
    else
        echo -e "${RED}✗ SSL certificate not found${NC}"
    fi
    echo
}

test_dkim() {
    echo -e "${BLUE}Testing DKIM Configuration...${NC}"
    
    # Find all domains with DKIM keys
    dkim_domains=()
    if [[ -d "/etc/opendkim/keys" ]]; then
        while IFS= read -r -d '' domain_dir; do
            domain=$(basename "$domain_dir")
            dkim_domains+=("$domain")
        done < <(find /etc/opendkim/keys -mindepth 1 -maxdepth 1 -type d -print0)
    fi
    
    if [[ ${#dkim_domains[@]} -eq 0 ]]; then
        echo -e "${RED}✗ No DKIM domains found${NC}"
        return
    fi
    
    for domain in "${dkim_domains[@]}"; do
        if opendkim-testkey -d "$domain" -s mail -vvv 2>&1 | grep -q "key OK"; then
            echo -e "${GREEN}✓ DKIM key test passed for $domain${NC}"
        else
            echo -e "${RED}✗ DKIM key test failed for $domain${NC}"
            echo "  Run: opendkim-testkey -d $domain -s mail -vvv"
        fi
    done
    echo
}

test_authentication() {
    echo -e "${BLUE}Testing SMTP Authentication...${NC}"
    
    if echo "quit" | telnet localhost 587 2>/dev/null | grep -q "250-AUTH"; then
        echo -e "${GREEN}✓ SMTP AUTH is available${NC}"
    else
        echo -e "${RED}✗ SMTP AUTH is not available${NC}"
    fi
    echo
}

test_database() {
    echo -e "${BLUE}Testing Database Connection...${NC}"
    
    if sudo -u postgres psql -d postfix -c "SELECT 1;" >/dev/null 2>&1; then
        echo -e "${GREEN}✓ Database connection successful${NC}"
        
        # Check tables
        tables=$(sudo -u postgres psql -d postfix -t -c "SELECT tablename FROM pg_tables WHERE schemaname='public';" | xargs)
        if [[ "$tables" == *"domains"* && "$tables" == *"mailbox"* && "$tables" == *"aliases"* ]]; then
            echo -e "${GREEN}✓ Required database tables exist${NC}"
            
            # Check configured domains
            domain_count=$(sudo -u postgres psql -d postfix -t -c "SELECT COUNT(*) FROM domains WHERE active='1';" | xargs)
            echo -e "${GREEN}✓ Database has $domain_count active domain(s)${NC}"
            
            if [[ $domain_count -gt 0 ]]; then
                echo "Active domains:"
                sudo -u postgres psql -d postfix -t -c "SELECT '  - ' || domain FROM domains WHERE active='1';" | grep -v "^$"
            fi
        else
            echo -e "${RED}✗ Required database tables missing${NC}"
        fi
    else
        echo -e "${RED}✗ Database connection failed${NC}"
    fi
    echo
}

test_email_flow() {
    echo -e "${BLUE}Testing Email Flow...${NC}"
    
    if [[ -n "$TEST_EMAIL" ]]; then
        echo "Sending test email to $TEST_EMAIL..."
        if echo "This is a test email from your email server." | mail -s "Email Server Test" $TEST_EMAIL; then
            echo -e "${GREEN}✓ Test email sent${NC}"
            echo "Check your inbox for the test email"
        else
            echo -e "${RED}✗ Failed to send test email${NC}"
        fi
    else
        echo -e "${YELLOW}! No test email provided, skipping email flow test${NC}"
    fi
    echo
}

check_logs() {
    echo -e "${BLUE}Recent Log Entries...${NC}"
    
    echo "=== Postfix Logs (last 10 lines) ==="
    tail -10 /var/log/mail.log | grep postfix || echo "No recent postfix logs"
    
    echo
    echo "=== Dovecot Logs (last 5 lines) ==="
    tail -5 /var/log/mail.log | grep dovecot || echo "No recent dovecot logs"
    
    echo
    echo "=== Setup Log (last 5 lines) ==="
    if [[ -f "/var/log/email-server-setup.log" ]]; then
        tail -5 /var/log/email-server-setup.log
    else
        echo "Setup log not found"
    fi
    echo
}

main() {
    echo -e "${BLUE}Email Server Test Suite${NC}"
    echo "======================"
    echo
    
    get_config
    
    test_dns
    test_services
    test_ports
    test_ssl
    test_dkim
    test_authentication
    test_database
    test_email_flow
    check_logs
    
    echo -e "${GREEN}Testing completed!${NC}"
    echo
    echo -e "${YELLOW}Online testing tools:${NC}"
    echo "- MX Toolbox: https://mxtoolbox.com/"
    echo "- Mail Tester: https://www.mail-tester.com/"
    echo "- DKIM Validator: https://dkimvalidator.com/"
}

main "$@"