Monthly Archives: January 2016

MxToolbox Use Cases: Firewall Setup

Testing Firewalls

Testing firewall setup can be a tricky business.  There are thousands of ports to scan and many types of options that make configurations complicated.  While MxToolbox can’t know every firewall and test every variation, we can give you tips on how to probe your firewall externally using our tools to see if everything is setup properly.

Pre-Test

Before you begin testing your firewall setup, you’ll want to make a few lists:

  1. Make a list of IP addresses and server names.  You should have two lists:  one for public facing servers that you want to be able to access and another for private servers that should not be externally facing.
  2. Make a list of ports that should be accessible on the firewall, based upon the types of servers you have that are public facing.
  3. You may also want to make a list of ports you absolutely want blocked for security reasons.  We have a few in our Portscan Tool.

Verifying Setup

During setup verification, you will run a series of tests against both your public IP addresses and private servers to ensure your firewall is appropriately blocking traffic and permitting only what you want.

  1. Run a port scan on your firewall.  This will tell you if most common ports are open
  2. Ping both lists of servers: IP addresses you want to be public and servers you don’t want to be public.
  3. Run a Traceroute to all public facing servers so you can be sure that traffic is running through your firewall.
  4. Run SMTP, HTTP, or TCP tests on all public facing servers for each port/service combination that the server will be running.  Alternatively, you could simply run a port scan for each server.

On-going Server Maintenance

On-going, you may want to ensure your firewall is open to the ports/services you have specified.  The best way to test this is through regular monitoring.

  1. Setup SMTP monitors for all mail servers behind the firewall
  2. Setup HTTP monitors for all web servers behind the firewall
  3. Setup TCP monitors for all other services on those servers.

Monitors are the best way to know immediately when a service or server goes down.  MxToolbox monitors are constantly probing your systems to check availability, giving you peace of mind knowing that you will know if something goes wrong.

MxToolbox Use Cases: Webserver Setup

Setting up a Web Server

Setting up a webserver for a new or existing domain can be a fairly trivial task with the right tools.  An administrator needs to balance configuring web server software, DNS setup, load-balancing, redundancy, and firewalls.  Here are few tools that might simplify your setup process:

Pre-Check

  1. Run a blacklist check on the IP addresses that you plan to use for your web server.  A blacklisted IP address should not be used for mail servers or web servers as this is an indication of potential fraudulent or spammer activity.

Verifying Setup

We’ll pick-up after you have assigned the IP addresses, and installed the OS and web server software.  From there you will want to verify that your server is up and running and accepting HTTP or HTTPS connects:

  1. Run an HTTP or HTTPS test on each IP that will accept email.  This will perform several tests against your server and give you results on your web configuration. HTTPS tests add a few additional areas related to configuration of the secure socket layer, including certificate checks.

Verifying DNS Setup

  1. Check that you have properly configured A records for the server(s).

On-going Server Maintenance

  1. Setup a web monitor on each IP that will serve as a web server.  This will perform several tests against your server and give you granular results on the status of your HTTP or HTTPS configuration.

Today, almost every online service runs off an HTTP or HTTPS backend.  Knowing that your services are up and running is incredibly important.  With MxToolbox Monitoring solutions, you can be sure that your services are up and performing while you concentrate on making them even better.

MxToolbox Use Cases: Setting up a Mail Server

Setting up a Mail Server

Setting up a new mailserver can be a time-consuming and error-prone process, especially if it involves setting up a server for a new domain.  An administrator needs to balance new email security configurations with DNS setup, redundancy and firewalls.  While these can greatly improve security and email deliverability, they can complicate setup.

Here are a few suggestions for using MxToolbox to ease your mail server setup:

Pre-Check

  1. Run a blacklist check on the IP addresses that you plan to use for your server.  A blacklisted IP address should not be used for mail servers.

Verifying your Setup

We’ll start after you have assigned the IP addresses, and installed the OS and email server software.  From there you will want to verify that your server is up and running and accepting email:

  1. Run an SMTP test on each IP that will accept email.  This will perform several tests against your server and give you results on your SMTP configuration.
  2. Check that the appropriate Email TCP ports are available and responding through your firewalls to these servers.
    1. SMTP on port 25
    2. POP on 110 and 995
    3. IMAP on 143 and 993
    4. Outbound SMTP on 587
    5. OWA on 443
  3. Run a Port scan to make sure other ports are shutdown

Verify your DNS Setup

  1. Check your MX records to ensure they are pointing to the new server.
  2. Check that you have properly configured A records for the server.
  3. Check the servers PTR records to ensure they point back to the domain.
  4. Check your SPF records on the domain.

Final Setup

  1. Send us a test message.  Our Email Deliverability report will give you an in-depth report on email headers, hops and more.
  2. Setup your user lists.  We have an Email Extraction tool that can help you assemble simple lists of email users for addition to your server.

Advanced Testing

You might decide to adopt additional standards to address email delivery and spam issues.  MxToolbox is excited to offer tools that can analyze the setup of both DKIM and DMARC standards.

  1. Check your DKIM setup.  This can be useful for email deliverability as signing emails with a DKIM key can reduce bouncebacks.
  2. Check your DMARC setup.  DMARC can improve email delivery as a fully configured record gives recipients the means to communicate issues with your email.  If you monitor your abuse post, you can uncover and remove issues that might cause blacklisting.

On-Going Server Maintenance

We encourage our customers to setup a regular maintenance plan for their email servers.  Realistically, load issues arise, as do DNS and firewall complications.  The best way to prevent these is to know about them before they take out your email.  Here are a few recommendations to keep your servers up and running:

  1. Setup a Blacklist monitor for each IP address.  Blacklisting can cause lingering email delivery issues.  You want to know when your servers have been blacklisted.
  2. Setup monitors for your email systems MX and A records for this email server.  Typically, these shouldn’t change, but a monitor will ensure you know immediately if something does change.
  3. Setup SMTP monitors for IP address of each server.  SMTP monitors will constantly check your servers to ensure they are up to send and receive email.
  4. Setup a Mailflow monitor for each server.  Our premium Mailflow monitor constantly checks the end-to-end health of your mailservers by measuring traffic flow through the server.  

Monitors give you peace of mind.  You’ll know immediately when there is a service slowdown or outage and be free to concentrate on other issues.