← 返回 Skills 市场

Mailserver Maintenance

Name: Mailserver Maintenance
Author: axelhu

作者 AxelHu · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install mailserver-maintenance

功能描述

docker-mailserver 启动/停止/状态检查/故障排查。出站链路（DMS→cloud SMTP relay）和收件队列问题。发送失败、队列积压、Cloud relay 无响应时触发。不负责邮件收发使用（见 email-usage）。

使用说明 (SKILL.md)

Mailserver 维护

SSH 配置（IP 不暴露）

容器内 SSH 通过 ~/.ssh/config 连接 cloud：

Host cloudrelay
    HostName 101.43.110.225
    User administrator
    IdentityFile /home/cloudrelay/.ssh/id_rsa
    StrictHostKeyChecking=no
    BatchMode=yes

连接：ssh -F /home/cloudrelay/.ssh/config cloudrelay "..."

启动（DMS Docker）

cd ~/docker-mailserver && docker compose up -d mailserver
docker exec mailserver supervisorctl status

Cloud SMTP AUTH Relay（Windows cloud）

# 检查状态
ssh -F /home/cloudrelay/.ssh/config cloudrelay "cmd /c netstat -ano | findstr :2526 | findstr LISTEN"

# 启动
ssh -F /home/cloudrelay/.ssh/config cloudrelay "powershell -Command Start-ScheduledTask -TaskName MailRelay2526Watchdog"

# 停止
ssh -F /home/cloudrelay/.ssh/config cloudrelay "powershell -Command Stop-ScheduledTask -TaskName MailRelay2526Watchdog"

状态检查

# Cloud relay 端口
ssh -F /home/cloudrelay/.ssh/config cloudrelay "cmd /c netstat -ano | findstr :2526 | findstr LISTEN"

# Docker 容器
docker ps | grep -E "mailserver|relay"

# 邮件队列
docker exec mailserver postqueue -p

# DMS 日志（最近20行）
docker exec mailserver tail -20 /var/log/mail/mail.log

# Cloud relay 日志
ssh -F /home/cloudrelay/.ssh/config cloudrelay "powershell -Command Get-Content C:\smtp_auth_relay.log -Tail 10"

故障排查

发送失败 / 队列积压

# 1. Cloud relay 在线？
ssh -F /home/cloudrelay/.ssh/config cloudrelay "cmd /c netstat -ano | findstr :2526 | findstr LISTEN"

# 2. SSH key 权限？
docker exec mailserver ls -la /home/cloudrelay/.ssh/id_rsa

# 3. SSH 测试
docker exec mailserver ssh -F /home/cloudrelay/.ssh/config cloudrelay echo OK

# 4. 强制重试
docker exec mailserver postqueue -f

# 5. 查看队列
docker exec mailserver postqueue -p

Cloud relay 无响应

# watchdog 进程？
ssh -F /home/cloudrelay/.ssh/config cloudrelay "powershell -Command Get-Process python | Select Id"

# 错误日志
ssh -F /home/cloudrelay/.ssh/config cloudrelay "powershell -Command Get-Content C:\smtp_auth_relay_err.log -Tail 10"

# 重启 watchdog
ssh -F /home/cloudrelay/.ssh/config cloudrelay "powershell -Command Stop-ScheduledTask -TaskName MailRelay2526Watchdog; Start-ScheduledTask -TaskName MailRelay2526Watchdog"

收件卡住 / deferred

# amavis 端口监听？
docker exec mailserver ss -tlnp | grep 10025

# master.cf 配置？
docker exec mailserver postconf -n | grep dmsrelay

停止

# Cloud relay
ssh -F /home/cloudrelay/.ssh/config cloudrelay "powershell -Command Stop-ScheduledTask -TaskName MailRelay2526Watchdog"

# DMS
cd ~/docker-mailserver && docker compose down

端到端测试

echo "Test" | docker exec -i mailserver mail -s "Health Check" [email protected]
sleep 15 && docker exec mailserver tail -5 /var/log/mail/mail.log | grep -v "No decoder"

详细架构图、组件清单、配置文件路径 → references/architecture.md

安全使用建议

This skill appears to implement the maintenance tasks it claims, but several things don't add up — treat it cautiously. Before installing or running it: 1) Verify the skill author and provenance (the ownerId in _meta.json differs from the registry summary). 2) Confirm whether your environment actually should contain the SSH private key at /home/cloudrelay/.ssh/id_rsa; don't let the agent access or transmit private keys unless you explicitly trust the skill and owner. 3) Ensure required binaries (docker, docker-compose, ssh) exist and are appropriate for the environment; update the skill metadata if needed. 4) Validate the hard-coded external IP/host (101.43.110.225) is a legitimate relay you control — otherwise the skill will connect to an external server. 5) Run the steps manually in a staging environment first; do not allow autonomous invocation until provenance and credential handling are confirmed. If you cannot verify the owner or the remote host, consider rejecting the skill.

功能分析

Type: OpenClaw Skill Name: mailserver-maintenance Version: 1.0.2 The skill bundle enables remote command execution on a hardcoded external IP (101.43.110.225) via SSH and PowerShell, which is a high-risk capability. It manages sensitive credentials like SSH private keys and disables host key verification (StrictHostKeyChecking=no) in SKILL.md. While these actions are consistent with the stated purpose of maintaining a mail server and its cloud relay, the broad remote access and hardcoded infrastructure provide a significant attack surface for potential abuse.

能力评估

ℹ Purpose & Capability

The name/description (docker-mailserver + cloud SMTP relay maintenance) align with the runtime instructions: docker compose, docker exec, postqueue, and SSH to a cloud relay are expected. However, SKILL.md hard-codes an external IP (101.43.110.225) and references specific local paths (/home/axelhu, /home/cloudrelay/.ssh/id_rsa) and Windows scheduled tasks which tie the skill to a particular environment. Metadata mismatch: the top-level Owner ID shown to you (kn7b...) differs from ownerId in _meta.json (s172yaxx...), which is a provenance/integrity red flag.

⚠ Instruction Scope

Instructions direct the agent to run privileged maintenance actions (docker compose up/down, docker exec, postqueue -f) and to use SSH from inside the container to an external host. They explicitly reference sensitive paths (checking permissions of /home/cloudrelay/.ssh/id_rsa) and run remote commands on a remote Windows host (Start/Stop-ScheduledTask). While these are plausible for this purpose, they assume presence of SSH and docker inside the runtime environment and require access to a private key stored in the container. The skill does not instruct to avoid leaking that key, nor does it declare the key or host as a required credential.

✓ Install Mechanism

Instruction-only skill with no install spec or code files; nothing is written to disk by the registry package itself. This lowers supply-chain risk. However, runtime commands will interact with system binaries and remote hosts.

⚠ Credentials

The skill declares no required environment variables or primary credential, yet its instructions rely on an SSH identity file (/home/cloudrelay/.ssh/id_rsa) and an SSH config that references a specific external host. Not declaring the SSH credential or the external host in the metadata is an incoherence: the agent (or operator) must already possess a sensitive private key in a specific path for the steps to work. The skill also implicitly requires binaries (docker, ssh, docker-compose) even though requires.anyBinaries is empty.

✓ Persistence & Privilege

The skill does not request always:true and does not ask to persist credentials or modify other skills. Autonomous invocation is allowed by platform default (disable-model-invocation: false) — combine this with other concerns if you plan to allow unattended/autonomous runs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install mailserver-maintenance
安装完成后，直接呼叫该 Skill 的名称或使用 /mailserver-maintenance 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Adds SSH config-based connection instructions to avoid exposing IP addresses. - Updates all SSH command examples to use the ssh config and host alias ("cloudrelay") for improved security and convenience. - Adjusts related troubleshooting and permission checks to align with new SSH usage. - No changes to core mailserver commands or process flow.

v1.0.1

- Updated references to detailed architecture documentation location in the skill guide. - No changes to operational instructions or procedures.

v1.0.0

Initial release of mailserver-maintenance skill. - Provides start/stop/status/troubleshooting commands for docker-mailserver. - Covers outbound SMTP relay (DMS→cloud SMTP relay) and mail queue issues. - Includes troubleshooting steps for delivery failures, queue backlogs, and relay unresponsiveness. - Not responsible for mailbox usage (see email-usage skill). - Reference to architecture and component details in `references/architecture.md`.

元数据

Slug mailserver-maintenance

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题