U.S. Department of Defense / Creative Commons The "Baker" explosion, part of Operation Crossroads, at Bikini Atoll, 1946.

External tools for checking my configurations

In the course of continually updating my various services’ configurations, I crave external verification that I haven’t broken everything.

Depending on the service I’m working with, I have a handful of tools I rely on to validate my changes.

SSL

Whenever I need to test changes to my sites’ SSL configurations, I consult the SSL Server Test that Qualys provides: https://www.ssllabs.com/ssltest/index.html. Their reporting is quite detailed and easy to read, and it performs its checks via both IPv4 and IPv6 connections as an added reassurance.

Blacklists

Managing my own mailserver, my IPs’ reputations are a concern. To ensure I’m alerted should any of my IPs be blacklisted, I utilize a service from MxToolbox.com: http://mxtoolbox.com/blacklists.aspx.

IPs can be checked at will, while MxToolbox also offers free blacklist monitoring for two addresses. Automated monitoring for more than two IPs starts at $30 per month.

DNS Configuration

dnsinspect.com is my preferred method of checking my DNS configurations. It reports on glue records, performs both IPv4 and IPv6 DNS checks, and also provides web- and mailserver diagnostics.

Mailserver Configuration

This has been, by far, the hardest category to identify appropriate tools for. In large part, this is because there are so many different considerations when evaluating a mailserver’s implementation. Is the concern with sending or receiving mail? Are we testing the server’s ability to be a mailserver, its capacity to defend against spam, or the security of its configuration?

Given the many concerns, I’ve several tools that I leverage to provide a broad perspective:

  • Email Security Grader: one of the more-comprehensive solutions I’ve found, it checks both a mailserver’s setup and security configuration.
  • CheckTLS.com: another tool with many features, this one is focused primarily on the security of the server’s setup.
  • Microsoft’s Connectivity Tests: this provides functional tests targeting IMAP, POP, and SMTP, along with general deliverability tests.

Notably, several of the questions I posed aren’t addressed by these tools.

More to come

This is just a small subset of the list of external tools I’ve compiled, this group focusing on very broad needs. In the future, I’ll post about how I test DKIM signing and verify that my mailserver is as secure as possible, among many, many other concerns.