TESTMXLOOKUP(1) | Double Precision, Inc. | TESTMXLOOKUP(1) |
NAME¶
testmxlookup - Look up mail servers for a domain
SYNOPSIS¶
testmxlookup [@ip-address | --dnssec | --udpsize n | --sts | --sts-override=mode | --sts-purge] {domain}
testmxlookup {--sts-expire | --sts-cache-disable | --sts-cache-enable | --sts-cache-enable=size}
DESCRIPTION¶
testmxlookup reports the names and IP addresses of mail servers that receive mail for the domain, as well as the domain's published STS policy. This is useful in diagnosing mail delivery problems.
testmxlookup sends a DNS MX query for the specified domain, followed by A/AAAA queries, if needed. testmxlookup lists the hostname and the IP address of every mail server, and its MX priority. The domain's strict transport security (STS) policy status, if one is published, precedes the mail server list.
DIAGNOSTICS¶
The error message “Hard error” indicates that the domain does not exist, or does not have any mail servers. The error message "Soft error" indicates a temporary error condition (usually a network failure of some sorts, or the local DNS server is down).
“STS: testing” or “STS: enforcing” preceding the list of mail servers indicates that the domain publishes an STS policy. “ERROR: STS Policy verification failed” appearing after an individual mail server indicates that the mail server's name does not meet the domain's STS policy.
“STS: testing” or “STS: enforcing” by itself, with no further messages, indicates that all listed mail servers comply with the listed STS policy. If you are attempting to install your own STS policy this is a simple means of checking its validity.
OPTIONS¶
@ip-address
“ip-address” must be a literal, numeric, IP address.
--dnssec
This is a diagnostic option. Older DNS servers may respond with an error, to a DNSSEC query.
--udpsize n
--sts
--sts-cache-disable
--sts-cache-enable
--sts-override=policy
Note
This is a diagnostic or a testing tool. Courier may eventually purge the cached policy setting, or the domain can update its policy, replacing the overridden setting.
--sts-purge
--sts-expire
STRICT TRANSPORT SECURITY¶
Courier automatically downloads and caches domains' STS policy files by default, in an internal cache with a default size of 1000 domains.
Note
The cache size setting is approximate. Courier purges stale cache entries periodically, and the size of the cache can temporarily exceed its set size, by as much as a factor of two. /var/lib/courier/sts must be owned by courier:courier, and uses one file per mail domain. The maximum cache size depends on the capabilities of the underlying filesystem.
testmxlookup must be executed with sufficient privileges to access the cache directory (by root, or by courier). Without sufficient privileges testmxlookup still attempts to use the cache directory even without write permissions on it, as long as it's accessible, and attempts to download the STS policy for a domain that's not already cached; but, of course, won't be able to save the downloaded policy in the cache directory.
SEE ALSO¶
courier(8)[1], RFC 1035[2], RFC 8461[3].
AUTHOR¶
Sam Varshavchik
NOTES¶
- 1.
- courier(8)
- 2.
- RFC 1035
- 3.
- RFC 8461
10/28/2020 | Courier Mail Server |