steffenfritz / mxcheck Goto Github PK
View Code? Open in Web Editor NEWmxcheck is an info and security scanner for e-mail servers.
Home Page: https://mxcheck.fritz.wtf
License: GNU General Public License v3.0
mxcheck is an info and security scanner for e-mail servers.
Home Page: https://mxcheck.fritz.wtf
License: GNU General Public License v3.0
mxcheck should give more information regarding the provider of the mail service.
More information could be gathered via GeoIP, e.g. https://pkg.go.dev/github.com/oschwald/geoip2-golang#section-readme
** Describe the solution you'd like
mxcheck should check for DMARC DNS entries.
We need a type for it and validation where possible.
Describe the bug
When checking a domain with a CNAME'd There is a Go Panic regarding
To Reproduce
Check a domain with a CNAME'd DMARC record
Can be created using: https://mxtoolbox.com/dmarc/dmarc-setup-cname
Expected behavior
DMARC report :-D
Screenshots
user@server:~$ mxcheck -n -s < REDACTED >.nl -S default
INFO: 2024/05/14 15:24:50 == Checking: < REDACTED >.nl ==
INFO: 2024/05/14 15:24:50 Found MX:
INFO: 2024/05/14 15:24:50 < REDACTED >-nl.mail.protection.outlook.com.
INFO: 2024/05/14 15:24:50 == Checking DKIM record ==
INFO: 2024/05/14 15:24:50 DKIM not set or wrong selector
INFO: 2024/05/14 15:24:50 == Checking DMARC record ==
panic: interface conversion: dns.RR is *dns.CNAME, not *dns.TXT
goroutine 1 [running]:
main.getDMARC({0x7fff3566f5fd?, 0xc0000c95d8?}, {0x70ad2f, 0x7})
/home/user/go/pkg/mod/github.com/steffenfritz/[email protected]/dns.go:245 +0x3cc
main.main()
/home/user/go/pkg/mod/github.com/steffenfritz/[email protected]/main.go:167 +0xd56
System (please complete the following information):
Describe the solution you'd like
mxcheck should be able to return a scan result in the form of Nagios-compatible plugins. Nagios-compatible plugins can be used with Icinga, Checkmk and more.
Describe the solution you'd like
mxcheck, run with a specific flag, should return a string in the following form
0 "My service" myvalue=73;80;90 My output text who may contain spaces
Add check for SMTP smuggling if possible.
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Is your feature request related to a problem? Please describe.
mxcheck should check the TLS version and mark v1.2 as yellow and v1.3+ as green
Describe the solution you'd like
mxcheck should check for DKIM DNS entries.
We need a type for it and validation where possible.
See https://www.ietf.org/rfc/rfc6376.txt and updates in RFC 8301 and RFC 8463.
Describe the bug
When a valid rcpt from the mail server's scope is used it may happen that the standard output differs from the tsv written file
To Reproduce
Steps to reproduce the behavior:
Run mxcheck with a valid rcpt from the mail server's scope an dwrite results to file, using -w flag
Expected behavior
The tsv output should show the same and correct result
Is your feature request related to a problem? Please describe.
When a server does not support STARTTLS and a client does not enforce aka has "implicit TLS" it might drop to an insecure connection.
Describe the solution you'd like
mxcheck should check for opportunistic vs implicit TLS. opportunistic should be yellow or red and implicit green.
Describe the solution you'd like
Read at least the server message to get an idea of the used server software.
Describe alternatives you've considered
A better solution would be to include nmap's nmap-service-probe https://raw.githubusercontent.com/nmap/nmap/master/nmap-service-probes
If the SPF entry is too long the result cannot be unpacked because the message is truncated
dns: failed to unpack truncated message
Describe the solution you'd like
mxcheck should show the autonomous system number of the IP address of each mx
Additional context
Team Cymru's service can be used https://team-cymru.com/community-services/ip-asn-mapping/
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
There should be a flag that checks if a new version of mxcheck is available
Is your feature request related to a problem? Please describe.
mxcheck should have DANE support
Describe the solution you'd like
In a first version check if a DANE entry is set and fetch all information. In a second version a validation could be added (then in a new ticket/issue)
Additional context
https://datatracker.ietf.org/doc/html/rfc6698
https://datatracker.ietf.org/doc/html/rfc7218
https://datatracker.ietf.org/doc/html/rfc7672
https://datatracker.ietf.org/doc/html/rfc7673
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.