Merge pull request #16 from steffenfritz/verifycheck

steffenfritz · web-flow · commit f193cef1e65e · 2023-02-15T23:29:53.000+01:00
added VRFY check
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 mxcheck
 *.tar.gz
 .DS_Store
+.idea
diff --git a/LICENSE b/LICENSE
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
-    mxcheck  Copyright (C) 2018  Steffen Fritz
+    mxcheck  Copyright (C) 2018-2023  Steffen Fritz
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 ROOT_DIR:=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 
 BINARY=mxcheck
-VERSION=1.4.2
+VERSION=1.5.0
 
 BUILD=`git rev-parse --short HEAD`
 PLATFORMS=darwin linux windows
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ It checks
   * the support of StartTLS and the certificate
   * open ports: 25, 465, 587
   * if the service is listed by blacklists
+  * if it leaks information by server string and VRFY command
   * and if the server is an open relay
 
 You can set mailFrom, mailTo, the DNS server, DKIM selector and output a report in tsv format.
@@ -18,7 +19,7 @@ You can set mailFrom, mailTo, the DNS server, DKIM selector and output a report
     -f, --mailfrom string    Set the mailFrom address (default "info@foo.wtf")
     -t, --mailto string      Set the mailTo address (default "info@baz.wtf")
     -n, --no-prompt          Answer yes to all questions
-    -s, --service string     The service host to check (default "localhost")
+    -s, --service string     The service host to check (mandatory flag)
     -S, --dkim-selector      The DKIM selector. If set a dkim check is performed on the provided service domain
     -v, --version            Version and license
     -w, --write-tsv          Write tsv formated report to file
@@ -27,7 +28,7 @@ You can set mailFrom, mailTo, the DNS server, DKIM selector and output a report
 
 # Version
 
-v1.4.2
+v1.5.0
 
 [![Go Report Card](https://goreportcard.com/badge/github.com/steffenfritz/mxcheck)](https://goreportcard.com/report/github.com/steffenfritz/mxcheck) 
 [![Go Reference](https://pkg.go.dev/badge/github.com/steffenfritz/mxcheck.svg)](https://pkg.go.dev/github.com/steffenfritz/mxcheck)
@@ -47,9 +48,9 @@ or
 
     ./mxcheck -s 2600.com
     ./mxcheck -s 2600.com -v
-    ./mxcheck -s 2600.com -v -d 8.8.8.8
-    ./mxcheck -s 2600.com -v -n -f info@baz.com -t boss@foo.org -w -S default
-    ./mxcheck -s 2600.com -v -n -f info@baz.com -t boss@foo.org -w -S default -b
+    ./mxcheck -s 2600.com -d 8.8.8.8
+    ./mxcheck -s 2600.com -n -f info@baz.com -t boss@foo.org -w -S default
+    ./mxcheck -s 2600.com -n -f info@baz.com -t boss@foo.org -w -S default -b
     
    [![asciicast](https://asciinema.org/a/471229.svg)](https://asciinema.org/a/471229)
     
diff --git a/main.go b/main.go
@@ -47,6 +47,7 @@ type mxresult struct {
 	starttls     bool
 	tlscertvalid bool
 	openrelay    bool
+	vrfysupport  bool
 }
 
 var (
@@ -274,11 +275,13 @@ func main() {
 					WarningLogger.Println(err.Error())
 				}
 
+				// Server string
 				if len(orresult.serverstring) > 0 {
 					InfoLogger.Printf("Server Banner: %s", orresult.serverstring)
 					singlemx.serverstring = strings.ReplaceAll(orresult.serverstring, "\r\n", "")
 				}
 
+				// TLS test
 				singlemx.starttls = orresult.tlsbool
 				if orresult.tlsbool {
 					InfoLogger.Println(Green("StartTLS supported"))
@@ -295,19 +298,30 @@ func main() {
 					InfoLogger.Println(Red("Certificate not valid"))
 				}
 
+				// VRFY test
+				singlemx.vrfysupport = orresult.vrfybool
+				if orresult.vrfybool {
+					InfoLogger.Println(Red("VRFY command supported."))
+				} else {
+					InfoLogger.Println(Green("VRFY command not supported."))
+				}
+
+				// Sender accepted
 				singlemx.fakesender = orresult.senderboolresult
 				if orresult.senderboolresult {
 					InfoLogger.Println("Fake sender accepted.")
 				} else {
 					InfoLogger.Println("Fake sender not accepted.")
 				}
 
+				// Recipient accepted
 				if orresult.rcptboolresult {
 					InfoLogger.Println("Recipient accepted.")
 				} else {
 					InfoLogger.Println("Recipient not accepted. Skipped further open relay tests.")
 				}
 
+				// Open Relay test
 				if orresult.orboolresult {
 					singlemx.openrelay = true
 					InfoLogger.Println(Red("Server is probably an open relay"))
diff --git a/mxcheck.1 b/mxcheck.1
@@ -22,17 +22,17 @@
 .\" %%%LICENSE_END
 
 
-.TH mxcheck 1 "November 2022" "version 1.4.2"
+.TH mxcheck 1 "February 2023" "version 1.5.0"
 
 .SH NAME
 mxcheck
 .SH SYNOPSIS
 .B mxcheck [OPTION]
 .SH DESCRIPTION
 mxcheck is an info scanner for e-mail servers. It checks the following DNS records: A, MX, PTR, SPF, MTA-STS and DKIM.
-It also checks for StartTLS support and the validity of the certificate.
+It also checks for StartTLS support and the validity of the certificate and if the VRFY command is supported.
 After scanning the tcp ports 25, 465 and 587 mxcheck checks if the e-mail server is an open relay by trying to send a single message.
-It also checks whether the service is blacklisted.
+It also checks whether the service is blacklisted by querying public blacklist services.
 
 .SH FLAGS
 mxcheck  
diff --git a/openrelay.go b/openrelay.go
@@ -21,6 +21,7 @@ type openResult struct {
 	serverstring     string
 	tlsbool          bool
 	tlsvalid         bool
+	vrfybool         bool
 }
 
 // openRelay checks if a mail server sends email without
@@ -69,6 +70,12 @@ func openRelay(mailFrom string, mailTo string, targetHost string) (openResult, e
 		}
 	}
 
+	// Check if server supports VRFY command. The
+	vrfyerr := c.Verify(mailFrom)
+	if vrfyerr == nil {
+		or.vrfybool = true
+	}
+
 	// Set from value
 	err = c.Mail(mailFrom)
 	if err != nil {
diff --git a/output.go b/output.go
@@ -58,6 +58,7 @@ func writeTSV(targetHostName string, runresult runresult, blacklist bool) error
 		err = tsv.Write([]string{"MTA-STS Set", strconv.FormatBool(mxentry.stsset)})
 		err = tsv.Write([]string{"STARTTLS Supported", strconv.FormatBool(mxentry.starttls)})
 		err = tsv.Write([]string{"Certificate Valid", strconv.FormatBool(mxentry.tlscertvalid)})
+		err = tsv.Write([]string{"VRFY Supported", strconv.FormatBool(mxentry.vrfysupport)})
 		err = tsv.Write([]string{"Fake Sender Accepted", strconv.FormatBool(mxentry.fakesender)})
 		err = tsv.Write([]string{"Fake Recipient Accepted", strconv.FormatBool(mxentry.fakercpt)})
 		err = tsv.Write([]string{"Open Relay", strconv.FormatBool(mxentry.openrelay)})
diff --git a/versionmsg.go b/versionmsg.go
@@ -3,11 +3,10 @@ package main
 // Version is used by the Makefile to set the version
 var Version string
 
-
 // Build is used by the Makefile to set the build, i.e. short git fingerprint
 var Build string
 
-var info = "mxcheck --  Copyright (C) 2019-2022  Steffen Fritz -- "
+var info = "mxcheck --  Copyright (C) 2019-2023  Steffen Fritz -- "
 
 var license = `This program comes with ABSOLUTELY NO WARRANTY.
 This is free software under GPL-3.0, and you are welcome to 

-Original file line number
+Diff line change
@@ @@ -1,3 +1,4 @@ @@
 mxcheck
 *.tar.gz
 .DS_Store
 +.idea
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ type openResult struct {`
`21`	`21`	`serverstring string`
`22`	`22`	`tlsbool bool`
`23`	`23`	`tlsvalid bool`
	`24`	`+ vrfybool bool`
`24`	`25`	`}`
`25`	`26`
`26`	`27`	`// openRelay checks if a mail server sends email without`
`@@ -69,6 +70,12 @@ func openRelay(mailFrom string, mailTo string, targetHost string) (openResult, e`
`69`	`70`	`}`
`70`	`71`	`}`
`71`	`72`
	`73`	`+ // Check if server supports VRFY command. The`
	`74`	`+ vrfyerr := c.Verify(mailFrom)`
	`75`	`+ if vrfyerr == nil {`
	`76`	`+ or.vrfybool = true`
	`77`	`+ }`
	`78`	`+`
`72`	`79`	`// Set from value`
`73`	`80`	`err = c.Mail(mailFrom)`
`74`	`81`	`if err != nil {`