Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/steffenfritz/mxcheck
mxcheck is an info and security scanner for e-mail servers.
https://github.com/steffenfritz/mxcheck
dmarc dns email infosec itsecurity mail mailserver scanner security smtp smtpd
Last synced: 3 months ago
JSON representation
mxcheck is an info and security scanner for e-mail servers.
- Host: GitHub
- URL: https://github.com/steffenfritz/mxcheck
- Owner: steffenfritz
- License: gpl-3.0
- Created: 2018-09-24T20:32:16.000Z (about 6 years ago)
- Default Branch: main
- Last Pushed: 2024-07-28T18:37:32.000Z (4 months ago)
- Last Synced: 2024-07-28T19:50:09.351Z (4 months ago)
- Topics: dmarc, dns, email, infosec, itsecurity, mail, mailserver, scanner, security, smtp, smtpd
- Language: Go
- Homepage: https://mxcheck.fritz.wtf
- Size: 2.77 MB
- Stars: 50
- Watchers: 5
- Forks: 6
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
- Authors: AUTHORS.rst
Awesome Lists containing this project
- awesome-opensource-email - mxcheck - mxcheck is an info and security scanner for e-mail servers. `GPL v-3`, `Go` (Security / Security Check)
README
mxcheck is an info scanner for e-mail servers.
It checks
* DNS records: A, MX, PTR, SPF, MTA-STS, DKIM, DMARC
* AS Number and AS Country
* the support of StartTLS and the certificate
* open ports: 25, 465, 587
* if the service is listed by blacklists
* if it leaks information by server string and VRFY command
* and if the server is an open relay
You can set mailFrom, mailTo, the DNS server, DKIM selector and output a report in tsv format.
-b, --blacklist Check if the service is on blacklists
-d, --dnsserver string The dns server to be requested (default "8.8.8.8")
-f, --mailfrom string Set the mailFrom address (default "[email protected]")
-t, --mailto string Set the mailTo address (default "[email protected]")
-n, --no-prompt Answer yes to all questions
-s, --service string The service host to check (mandatory flag)
-S, --dkim-selector The DKIM selector. If set a dkim check is performed on the provided service domain
-v, --version Version and license
-u, --updatecheck Check if a new version of mxcheck is available
-w, --write-tsv Write tsv formated report to file
# Version
v1.6.1
[](https://goreportcard.com/report/github.com/steffenfritz/mxcheck)
[](https://pkg.go.dev/github.com/steffenfritz/mxcheck)
[](https://www.gnu.org/licenses/gpl-3.0)
[](https://ci.appveyor.com/project/steffenfritz/mxcheck)
[](https://houndci.com)
[](https://www.bestpractices.dev/projects/9171)
# Installation
go install github.com/steffenfritz/mxcheck
or
download a pre-compiled binary.
# Usage Example
./mxcheck -s 2600.com
./mxcheck -s 2600.com -v
./mxcheck -s 2600.com -d 8.8.8.8
./mxcheck -s 2600.com -n -f [email protected] -t [email protected] -w -S default
./mxcheck -s 2600.com -n -f [email protected] -t [email protected] -w -S default -b
[](https://asciinema.org/a/471229)
# Check for authentication
There is no check whether the server needs authentication. However, you can do two runs:
The first one uses a from and to address outside the mail server's scope, e.g.:
./mxcheck -s example.com -f [email protected] -t [email protected]
The second one uses a from and a to address from the mail server's scope, e.g.:
./mxcheck -s example.com -f [email protected] -t [email protected]
If the first one returns ``Server is not an open relay`` and the second one returns `Server is probably an open relay` the server is not an open relay, but you can send mails from local to local addresses without authentication.
# Documentation and contact
mxcheck has a man page :)
Furthermore, you can find a documentation and contact information here: https://mxcheck.fritz.wtf
The logo was created by Alex/Lignum5. Thanks, mate :)