- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Description of Email Security testing tool in the diagnostics page
03/26/2020 
1,011 People found this article helpful
43,803 Views
Description
Email Security firmware 8.x and above, has the ability to run queries for several DNS records, ping , and SMTP tests. In this article we will be explaining those options in details and provide some test examples showing how a correct reply to our query should look like.
Resolution
The Diagnostics page is visible under Investigate |Tools | Diagnostics
1. Run SMTP Test for specified Host or IP
This command is to verify if port 25 is open.It does not allow sending an email.
If the intention is to send an email, a manually telnet session to port 25 should be initiated.
Output for an open port 25 :
Output for a closed port 25:
2. Query DNS for A record of the specified Host:
This command performs a normal A record query to the DNS server configured under Manage | System Setup | Server | Host Configuration |Primary DNS server IP address and/or Fallback DNS server IP address
An example output of this test is as follows:
3. Query DNS for MX Record of the specified Host
This command performs a normal MX record query to the DNS server configured under Manage | System Setup | Server | Host Configuration |Primary DNS server IP address and/or Fallback DNS server IP address
An example output of this test is as follows:
4. Query DNS for SPF Policy of the specified Host
The line starting with v=spf1 is an SPF record
Below are examples of a domain that does not have a SPF records (soniclab.com) and a domain that does have a SPF record (sonicwall.com)
5. Query DNS for DMARC Policy of the specified Host
DMARC policies are published in the DNS as text (TXT) resource records (RR) and announce what an email receiver should do with non-aligned mail it receives.
Consider an example DMARC TXT RR for the domain "sender.dmarcdomain.com" that reads:
EXAMPLE: v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@dmarcdomain.com
In this example, the sender requests that the receiver by default reject all non-aligned messages. A report is sent, in a specified aggregate format, about the rejections to the sender. If the sender was testing its configuration, it could replace "reject" with "quarantine" which would tell the receiver they shouldn't necessarily reject the message, but consider quarantining it.
DMARC records follow the extensible "tag-value" syntax for DNS-based key records defined in DKIM.
The following chart illustrates some of the available tags:
Tag Name | Purpose | Sample |
v | Protocol version | v=DMARC1 |
pct | Percentage of messages subjected to filtering | pct=20 |
ruf | Reporting URI for forensic reports | ruf=mailto:authfail@example.com |
rua | Reporting URI of aggregate reports | rua=mailto:aggrep@example.com |
p | Policy for organizational domain | p=quarantine |
sp | Policy for subdomains of the OD | sp=reject |
adkim | Alignment mode for DKIM | adkim=s |
aspf | Alignment mode for SPF | aspf=r |
6. Query DNS for DKIM Policy of the specified Host
DKIM, is the result of merging Domain Keys and Identified Internet Mail. This merged specification has been the basis for a series of IETF standards-track specifications and support documents which eventually resulted in STD 76.
DKIM records are in the following format:
[selector]._domainkey.[domain]
The selector and the domain are provided in the email headers of an email.
Emails signed with DKIM have a DKIM header from which format can be created
EXAMPLE:
DKIM-Signature: v=1; a=rsa-sha256; d=examplesonicwall.com; s=dkim1; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2NzdfhsthjwyjDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=; b=dzdVyOfAKCdLXdJOgjsrjwryc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZVoG4ZHRNiYzR
The correct DKIM format to query would look like the following:
dkim1._domainkey.examplesonicwall.com
7. Ping the specified Host of IP
This performs a normal ICMP ping
8. Connect to the specified Host
This command performs and checks if TCP handshake is possible with a specified host based on a telnet over port 25.
If a domain is used, a DNS A record query would first take place .
NOTE: If the navigation or the screenshot looks different from the one mentioned above , you may be in an older firmware version and would require a firmware upgrade. Please refer the link below to upgrade the firmware to latest version.
https://www.sonicwall.com/en-us/support/knowledge-base/170504270079039
Related Articles
- SonicWall Hosted Email Security FAQ
- Email Security Junk Box & Message Log Update Issues (Y2K22 Bug)
- Email Security Junk Box & Message Log Update Issues - Y2K22 Bug
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO