Mail and domain check tools

I’ve been working on a few tools over the past few days. I’m personally using them whenever I create new mailboxes, move mailboxes from one server to another, create new web pages… My goal is to end up having a tool suite which provides all checks that I need in order to figure out whether the configuration of the web server, the mail server and dns server are fine.

I currently do not yet have a central page for all the tools but most of the tools have a navigation area where you can get access to the other tools. The following tools are currently available (more tools are on the way but not yet tested):

Check HTTP headers

In this tool, you can give a URL and the tool will show you the HTTP headers for this URL. It will also follow redirects and show you the headers for the redirected URLs. If you look up “”, you’ll see the following:

HTTP Response Code: 301
HTTP Response Code: 200

HTTP/1.0 301 Moved Permanently
Date: Mon, 02 Sep 2013 08:38:16 GMT
Server: Apache
Cache-Control: max-age=3600
Expires: Mon, 02 Sep 2013 09:38:16 GMT
Vary: Accept-Encoding,User-Agent
X-Powered-By: PleskLin
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

HTTP/1.0 200 OK
Date: Mon, 02 Sep 2013 08:38:17 GMT
Server: Apache
Pragma: public
Cache-Control: max-age=0, no-cache
Vary: Accept-Encoding
Content-Length: 53605
Connection: close
Content-Type: text/html; charset=UTF-8

The first line is displayed in blue to indicate a redirect and the second one is displayed in green. If we would end up getting a 4xx or 5xx return code, it’d be shown in red.

Check SMTP server

This tool will check the DNS settings for the mail server, connect to it and perform a few checks and show you a summary as well as the log of what was done. Here’s an example when you check the domain

DNS MX entries for

Priority Mail Server IP Address TTL
10 24975

Testing mail server:

IP address:


Server Identity:
Server IP address:
Reverse Banner:
Reverse DNS:

>>> EHLO






TLS support available.


220 ready for tls

TLS could be started.
Switched to TLS.

>>> MAIL FROM: <>

250 ok

>>> RCPT TO: <example@relay.check>

553 sorry, that domain isn’t in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1)

Not an open relay

>>> QUIT


Check Results
Reverse lookup of SMTP Banner –
SMTP Reverse DNS Mismatch –
TLS Support Supported
TLS Start Successful
Switch to TLS communication Successful
Open relay Not an open relay


I’ll also add in the future a description of what exactly needs to be fixed when something is marked as not OK but I guess it’s a good start (and it’s already enough for me since I know how to fix it ;-)).

Blacklist check

This tool will check whether the specified domain name or IP address is contained in anti-spam databases. This check will take much longer than the other ones since it will check 67 anti-spam databases. This tool uses Ajax to check multiple black lists in parallel for better performance. It checks for black list entries at over 60 anti-spam databases.

The information displayed should be pretty self-explanatory so I won’t go into details in this post.


This tool is basically just an online version of the whois tool you know from the command line. It will show the domain registration information for the specified IP address or a host name.

The information displayed should be pretty self-explanatory so I won’t go into details in this post.

Check Alexa Rank

This tool uses the script described in my previous post: PHP: Displaying the Alexa ranking of a web sit. If you enter as domain, you’ll get something like this:

Alexa Rank: 444,068
Number of links: 67


HTML Escape Tool

The HTML Escape Tool is already described in this post. So I won’t add anything to that.

Other tools

I’m currently working on the following tools which will hopefully be online within the next weeks:

  • An HTML code cleaner to make sure that all tags are properly closed, indented and capitalized.
  • A check for all DNS entries for a specified domain.

I guess I’ll have other ideas as I finish implementing these tools.

If you encounter any problem working with any of the tools please drop me a line.

postfix/smtp: certificate verification failed for gmail

We host our emails at gmail and on our new server keep getting the following message in /var/log/mail.err:

Apr 9 21:08:16 xxxxxx postfix/smtp[nnnnn]: certificate verification failed for[]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
I tried downloading and rehashing the certificates, but it didn’t make this error disappear until I figured out the solution to this problem was much simpler:

/etc/ssl/certs/ca-certificates.crt (or actually the file referenced by this link) contains all the CA certificates of root CAs and intermediate CA certificates. And all I needed to do was to tell postfix to load this file, by adding the following line to /etc/postfix/

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
And restarting postfix:

# service postfix restart
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.

And when sending a new email, no error message !

postfix/smtp: invalid sender domain (misconfigured dns?) (in reply to RCPT TO command)

A few days ago, we switched a newsletter function on our new server and got the following error messages in syslog:

Mar 28 18:17:50 xxxxxx postfix/smtp[29479]: 65EA137AE460:
host[nnn.nnn.nnn.nnn] said: 421 invalid sender domain
‘’ (misconfigured dns?) (in reply to RCPT TO command)

Mar 28 18:17:50 xxxxxx postfix/smtp[29479]: 65EA137AE460:
to=<>,[nnn.nnn.nnn.nnn]:25, delay=0.51,
delays=0/0/0.26/0.24, dsn=4.0.0, status=deferred (host[nnn.nnn.nnn.nnn] said: 421 invalid sender domain
‘’ (misconfigured dns?) (in reply to RCPT TO

The problem was that when our server was installed the mail name (in /etc/mailname) was set to some defaults (in our case which doesn’t match our hostname or any DNS entry related to our server. It should actually have been the fully qualified name of our server.

The problem was quickly solved by updating /etc/mailname:

hostname -A > /etc/mailname

And restarting postfix:

/etc/init.d/postfix restart