mxcheck is a command line tool. Therefore all examples are using your local terminal.
A minimal run just needs the -s flag. The flag provides the service that is going to be checked.
mxcheck queries all MX entries and then gathers more DNS information. After that it starts a port scan, reads the server flag, compares hostname to PTR entry, StartTLS and the validity of certificates. It also checks if the server leaks information by supporting the VRFY command. After that it checks if the mail server is an open relay by trying to send an e-mail without authentication.
mxcheck -s example.com
The result looks like this. Depending on your terminal emulator, the findings will be red or green marked:
INFO: 2023/03/01 13:52:47 Checking: example.com INFO: 2023/03/01 13:52:47 Found MX: INFO: 2023/03/01 13:52:47 mx01.example.com. INFO: 2023/03/01 13:52:47 Continue [y/n]: y INFO: 2023/03/01 13:52:51 Checking for A record INFO: 2023/03/01 13:52:51 IP address MX: 166.255.256.162 INFO: 2023/03/01 13:52:51 AS Number: 2033 INFO: 2023/03/01 13:52:51 AS Country: US INFO: 2023/03/01 13:52:51 Checking for PTR record INFO: 2023/03/01 13:52:52 PTR entry: mx01.example.com. INFO: 2023/03/01 13:52:52 PTR matches MX record INFO: 2023/03/01 13:52:52 Checking for SPF record INFO: 2023/03/01 13:52:52 SPF set INFO: 2023/03/01 13:52:52 example.com. 3600 IN TXT "v=spf1 mx a ip4:2126.96.36.199/32 a:mx01.example.com~all" INFO: 2023/03/01 13:52:52 Checking for MTA-STS INFO: 2023/03/01 13:52:52 MTA-STS not set INFO: 2023/03/01 13:52:52 Checking for open e-mail ports INFO: 2023/03/01 13:53:12 Open ports:  INFO: 2023/03/01 13:53:12 Checking for open relay INFO: 2023/03/01 13:53:15 Server Banner: 220 mx01.example.COM ESMTP Postfix INFO: 2023/03/01 13:53:15 StartTLS supported INFO: 2023/03/01 13:53:15 Certificate is valid INFO: 2023/03/01 13:53:15 VRFY command not supported. INFO: 2023/03/01 13:53:15 Fake sender accepted. INFO: 2023/03/01 13:53:15 Recipient not accepted. Skipped further open relay tests. INFO: 2023/03/01 13:53:15 Server is not an open relay INFO: 2023/03/01 13:53:15 Test finished.
There is no check whether the server needs authentication. However, you can do two runs:
The first one uses a from and to address outside the mail server’s scope, e.g.:
mxcheck -s example.com -f email@example.com -t firstname.lastname@example.org
The second one uses a from and a to address from the mail server’s scope, e.g.:
mxcheck -s example.com -f email@example.com -t firstname.lastname@example.org
If the first one returns Server is not an open relay and the second one returns Server is probably an open relay the server is not an open relay, but you can send mails from local to local addresses without authentication