#!/bin/bash
# nslookup & openssl must be installed!
OPTIND=1 # Reset in case getopts has been used previously in the shell.
DOMAINNAME=""
PRGNAME=${0##*/}
 
function showHelp {
    echo $PRGNAME" -d <mail domain>"
    echo "Example: "$PRGNAME" -d gmail.com "
}
 
while getopts "h?d:" opt; do
    case "$opt" in
    h|\?)
        showHelp
        exit 0
        ;;
    d) 
    DOMAINNAME=$OPTARG
        ;;
    esac
done
 
shift $((OPTIND-1))
 
[ "$1" = "--" ] && shift
 
if [ -z "${DOMAINNAME}" ]; then
    showHelp
    exit
fi
 
# tell what domain that will be checked
echo "TLS check for SMTP server for domain "$DOMAINNAME", hang on this could take a while...."
# find MX record, used first one that we find.
MXLIST=$(nslookup -query=mx $DOMAINNAME | grep $DOMAINNAME |cut -d ' ' -f5)
 
for mxrec in $MXLIST
do
    #echo "checking MX record "$mxrec
    OUTPUT=$(echo "Q"|openssl s_client  -starttls smtp  -crlf -connect $mxrec:25 2>/dev/null | tr -d ' '| grep Protocol: | cut -d ':' -f2)
    if [ -z "${OUTPUT}" ]; then
        echo $mxrec" version is not available or TLS not supported"
    else
        echo $mxrec" version is "$OUTPUT
    fi
done
echo "domain "$DOMAINNAME" ready."