Mail and domain check tools

I’ve been working on a few tools over the past few days. I’m personally using them whenever I create new mailboxes, move mailboxes from one server to another, create new web pages… My goal is to end up having a tool suite which provides all checks that I need in order to figure out whether the configuration of the web server, the mail server and dns server are fine.

I currently do not yet have a central page for all the tools but most of the tools have a navigation area where you can get access to the other tools. The following tools are currently available (more tools are on the way but not yet tested):

Check HTTP headers

In this tool, you can give a URL and the tool will show you the HTTP headers for this URL. It will also follow redirects and show you the headers for the redirected URLs. If you look up “https://benohead.com”, you’ll see the following:

HTTP Response Code: 301
HTTP Response Code: 200

HTTP/1.0 301 Moved Permanently
Date: Mon, 02 Sep 2013 08:38:16 GMT
Server: Apache
X-Pingback: https://benohead.com/xmlrpc.php
Location: https://benohead.com/
Cache-Control: max-age=3600
Expires: Mon, 02 Sep 2013 09:38:16 GMT
Vary: Accept-Encoding,User-Agent
X-Powered-By: PleskLin
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

HTTP/1.0 200 OK
Date: Mon, 02 Sep 2013 08:38:17 GMT
Server: Apache
X-Pingback: https://benohead.com/xmlrpc.php
Pragma: public
Cache-Control: max-age=0, no-cache
Vary: Accept-Encoding
X-Mod-Pagespeed: 1.4.26.4-3396
Content-Length: 53605
Connection: close
Content-Type: text/html; charset=UTF-8

The first line is displayed in blue to indicate a redirect and the second one is displayed in green. If we would end up getting a 4xx or 5xx return code, it’d be shown in red.

Check SMTP server

This tool will check the DNS settings for the mail server, connect to it and perform a few checks and show you a summary as well as the log of what was done. Here’s an example when you check the domain benohead.com:

DNS MX entries for benohead.com

Priority Mail Server IP Address TTL
10 mail.benohead.com 94.102.209.13 24975

Testing mail server: mail.benohead.com

IP address: 94.102.209.13

220 1a-8627.antagusserver.de ESMTP

Server Identity: 1a-8627.antagusserver.de
Server IP address: 109.235.59.67
Reverse Banner: 1a-8627.antagusserver.de
Reverse DNS: 1A-7583.antagus.de

>>> EHLO benohead.com

250-1a-8627.antagusserver.de

250-AUTH=LOGIN CRAM-MD5 PLAIN

250-AUTH LOGIN CRAM-MD5 PLAIN

250-STARTTLS

250-PIPELINING

250 8BITMIME

TLS support available.

>>> STARTTLS

220 ready for tls

TLS could be started.
Switched to TLS.

>>> MAIL FROM: <example@benohead.com>

250 ok

>>> RCPT TO: <example@relay.check>

553 sorry, that domain isn’t in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1)

Not an open relay

>>> QUIT

Summary

Check Results
Reverse lookup of SMTP Banner 1A-7583.antagus.de – 1a-8627.antagusserver.de
SMTP Reverse DNS Mismatch 1a-8627.antagusserver.de – 1a-8627.antagusserver.de
TLS Support Supported
TLS Start Successful
Switch to TLS communication Successful
Open relay Not an open relay

 

I’ll also add in the future a description of what exactly needs to be fixed when something is marked as not OK but I guess it’s a good start (and it’s already enough for me since I know how to fix it ;-)).

Blacklist check

This tool will check whether the specified domain name or IP address is contained in anti-spam databases. This check will take much longer than the other ones since it will check 67 anti-spam databases. This tool uses Ajax to check multiple black lists in parallel for better performance. It checks for black list entries at over 60 anti-spam databases.

The information displayed should be pretty self-explanatory so I won’t go into details in this post.

Whois

This tool is basically just an online version of the whois tool you know from the command line. It will show the domain registration information for the specified IP address or a host name.

The information displayed should be pretty self-explanatory so I won’t go into details in this post.

Check Alexa Rank

This tool uses the script described in my previous post: PHP: Displaying the Alexa ranking of a web sit. If you enter benohead.com as domain, you’ll get something like this:

Domain: benohead.com
Alexa Rank: 444,068
Number of links: 67

 

HTML Escape Tool

The HTML Escape Tool is already described in this post. So I won’t add anything to that.

Other tools

I’m currently working on the following tools which will hopefully be online within the next weeks:

  • An HTML code cleaner to make sure that all tags are properly closed, indented and capitalized.
  • A check for all DNS entries for a specified domain.

I guess I’ll have other ideas as I finish implementing these tools.

If you encounter any problem working with any of the tools please drop me a line.

New security policies at T-Online: mail delivery not working

In February, T-Online has changed its security policies and now blocks any “generic host name”. 



The following error message can then be seen in the mail log files:
deferral: Connected to 194.25.134.9 but greeting failed./Remote host said: 554 IP=xxx.xxx.xxx.xxx – A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.) (BL)


If you connect to the SMTP port of this t-online mail server (telnet 194.25.134.9 25), you’ll also get the same message.


This means that every administrator of a hosted server has to make sure that:


1) it’s reverse IP mapping points to a non-generic domain name. This entry is called “PTR record”, “Reverse DNS” or “Reverse Mapping” depending on where your server is hosted. Here a few examples:
– mail.xxxxxx.com is OK
– xxxxxx.com is OK
– sxxxxxxxx.onlinehome-server.info is not OK


For 1&1 customers: this can be done in the 1&1 Control Center. Click on “1&1 server”, then click “IP addresses”, then click on the IP address of your server and enter a domain/subdomain that you own and which A record maps to this IP address in “reverse mapping” (and don’t forget to save).


Note: The propagation of this record can take a few hours up to 1 or 2 days. It is explained here how to check the record.


2) the “HELO record” of your mail server also contains the same domain/subdomain.
– qmail: Update the file /var/qmail/control/me and restart with:

        /etc/init.d/qmail restart
– postfix: Update the file /etc/postfix/main.cf and restart with:
        /etc/init.d/postfix restart



You can check whether it’s fine now by connecting to port 25 of your server e.g.:


# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mail.xxxxxx.com ESMTP
HELO
250 mail.xxxxxx.com


After that is all done, send an email to tosa@rx.t-online.de stating the IP address of the server and the changes performed and you should get an answer within a few hours. After that it’s usually a matter of 2 hours to be able to send emails to T-Online addresses again.


You can check whether it’s already fixed by connecting to one of t-online mail servers:

# telnet 194.25.134.9 25
Trying 194.25.134.9…
Connected to 194.25.134.9.
Escape character is ‘^]’.
220-mailin20.aul.t-online.de T-Online ESMTP receiver fssmtpd2025 ready.
220 T-Online ESMTP receiver ready.


Script to monitor DNS entries



Here's a script we're using to monitor the DNS entries for all our domains. This script is called once a day with a cron job.


The script reads a file containing a list of domains to monitor (one domain name per line). The path to this file can be configure with the variable DOMAINLIST.


Every time the script is run, it copies the results of the last run to OLDLOG (can be configured in the script) and writes the new results in NEWLOG (also configurable).


Then it performs a diff. If no changes occurred between the two runs, nothing happens. If something changed, an email is sent to the configured email addresses (variable EMAILS) containing the diff results.




#!/bin/bash


DOMAINLIST="/home/scripts/domains.list”


MAIL="/usr/bin/mail"
EMAILS="henri.benoit@gmail.com xxx.xxx@xxx.com"


OLDLOG="/root/monitordns.OLD"
NEWLOG="/root/monitordns.CURRENT"
TEMPLOG="/root/monitordns.$$"


echo> $OLDLOG
mv $NEWLOG $OLDLOG


while read line
do


echo "Checking $line:" | tee -a $NEWLOG
dig +nocomments $line ANY | grep -v ";" | grep -v "^$" | awk '{ $2=""; print "'$line': "$0; }' | sort | tee -a $NEWLOG
echo "" | tee -a $NEWLOG


done < $DOMAINLIST


echo "-------------------------------------------------------------"


diff -y --suppress-common-lines $OLDLOG $NEWLOG > $TEMPLOG


if [ -s $TEMPLOG ] ; then
  for EMAIL in $EMAILS
  do
    $MAIL -s "DNS status update" $EMAIL < $TEMPLOG
  done
fi
rm -f $TEMPLOG


Reverse lookup


The Domain Name System supports not only the resolution of domain names (e.g. amazing.web.de) to IP addresses (e.g. 85.213.318.24), but also the reverse direction, using so-called reverse lookups.


For a reverse lookup, the IP address (e.g. 85.213.318.24) is divided into its components in reversed the order (e.g. 24.318.213.85). Then, the string “.in-addr.arpa” is added to it (e.g. 24.318.213.85.in-addr.arpa).


The obtained identifier can then be used to perform a usual DNS query but for a PTR record (not for an A record). The PTR record contains a reference (pointer) to another DNS entry (to the address corresponding to the domain name).


This query can be performed with dig:


# dig ptr 24.318.213.85.in-addr.arpa

;; ANSWER SECTION:
24.318.213.85.in-addr.arpa. nnnnn IN PTR xxx.xxx.com.




An easier way (without computing the reverse lookup string):


# dig -x 85.213.318.24

;; ANSWER SECTION:
24.318.213.85.in-addr.arpa. nnnnn IN PTR xxx.xxx.com.



or just use the host command:


# host 85.213.318.24
24.318.213.85.in-addr.arpa domain name pointer xxx.xxx.com.



Additionally, if you want to see whether a changed record has been propagated to a given Name Server, you can use nslookup:



# nslookup
> server dns00.sda.t-online.de
Default server: dns00.sda.t-online.de
Address: 195.145.119.62#53
> set q=ptr
> xxx.xxx.xxx.xxx
Server: dns00.sda.t-online.de
Address: 195.145.119.62#53


Non-authoritative answer:
xxx.xxx.xxx.xxx.in-addr.arpa name = xxxxxx.com.



Authoritative answers can be found from:

> exit

The “server” command basically says to use another Name Server. “set q=ptr” sets to the query type to PTR.