Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Description of Email Security testing tool in the diagnostics page

03/26/2020 1,011 People found this article helpful 197,463 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Email Security firmware 8.x and above, has the ability to run queries for several DNS records, ping , and SMTP tests. In this article we will be explaining those options in details and provide some test examples showing how a correct reply to our query should look like.

    Resolution

    The Diagnostics page is visible under Investigate |Tools | Diagnostics

    Image

    1. Run SMTP Test for specified Host or IP

    This command is to verify if port 25 is open.It does not allow sending an email.
    If the intention is to send an email, a manually telnet session to port 25 should be initiated.

    Output for an open port 25 :

    Image

    Output for a closed port 25:

    Image

    2. Query DNS for A record of the specified Host:

     

    This command performs a normal A record query to the DNS server configured under Manage | System Setup | Server | Host Configuration |Primary DNS server IP address and/or Fallback DNS server IP address

    An example output of this test is as follows:

    Image

    3. Query DNS for MX Record of the specified Host

    This command performs a normal MX record query to the DNS server configured under Manage | System Setup | Server | Host Configuration |Primary DNS server IP address and/or Fallback DNS server IP address 

    An example output of this test is as follows:

    Image

    4. Query DNS for SPF Policy of the specified Host

    The line starting with v=spf1 is an SPF record
    Below are examples of a domain that does not have a SPF records (soniclab.com) and a domain that does have a SPF record (sonicwall.com)

    Image

    5. Query DNS for DMARC Policy of the specified Host

    DMARC policies are published in the DNS as text (TXT) resource records (RR) and announce what an email receiver should do with non-aligned mail it receives.

    Image

    Consider an example DMARC TXT RR for the domain "sender.dmarcdomain.com" that reads:

    EXAMPLE: v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@dmarcdomain.com

    In this example, the sender requests that the receiver by default reject all non-aligned messages. A report is sent, in a specified aggregate format, about the rejections to the sender. If the sender was testing its configuration, it could replace "reject" with "quarantine" which would tell the receiver they shouldn't necessarily reject the message, but consider quarantining it.

    DMARC records follow the extensible "tag-value" syntax for DNS-based key records defined in DKIM.

    The following chart illustrates some of the available tags:

    Tag Name

    Purpose

    Sample

    v

    Protocol version

    v=DMARC1

    pct

    Percentage of messages subjected to filtering

    pct=20

    ruf

    Reporting URI for forensic reports

    ruf=mailto:authfail@example.com

    rua

    Reporting URI of aggregate reports

    rua=mailto:aggrep@example.com

    p

    Policy for organizational domain

    p=quarantine

    sp

    Policy for subdomains of the OD

    sp=reject

    adkim

    Alignment mode for DKIM

    adkim=s

    aspf

    Alignment mode for SPF

    aspf=r

     

     6. Query DNS for DKIM Policy of the specified Host 

    DKIM, is the result of merging Domain Keys and Identified Internet Mail. This merged specification has been the basis for a series of IETF standards-track specifications and support documents which eventually resulted in STD 76.

    DKIM records are in the following format:
    [selector]._domainkey.[domain]

    The selector and the domain are provided in the email headers of an email.
    Emails signed with DKIM have a DKIM header from which format can be created

    EXAMPLE:

    DKIM-Signature: v=1; a=rsa-sha256; d=examplesonicwall.com; s=dkim1; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2NzdfhsthjwyjDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=; b=dzdVyOfAKCdLXdJOgjsrjwryc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZVoG4ZHRNiYzR

    The correct DKIM format to query would look like the following:
    dkim1._domainkey.examplesonicwall.com

    7. Ping the specified Host of IP

    This performs a normal ICMP ping

    Image

    8. Connect to the specified Host 

    This command performs and checks if TCP handshake is possible with a specified host based on a telnet over port 25.
    If a domain is used, a DNS A record query would first take place .

    Image

     

    NOTE: If the navigation or the screenshot looks different from the one mentioned above , you may be in an older firmware version and would require a firmware upgrade. Please refer the link below to upgrade the firmware to latest version.

    https://www.sonicwall.com/en-us/support/knowledge-base/170504270079039

     

     

    Related Articles

    • Network Security Essentials eLearning Training Course
    • How do I check if syslogs are getting forwarded by an Email Security Appliance?
    • How to add inbound path in Hosted Email Security

    Categories

    • Email Security > Email Security Appliance
    • Email Security > Email Security Software
    • Email Security > Hosted Email Security

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top