Mass MX lookup for Inbound Mail Routes within Proofpoint
Update-03/10/23
The Harvest and Resolve tool referenced no longer exist. I have made a similar tool leveraging a simple PowerShell script.
Script
Scripts/BulkMXLookup.ps1 at main · gorillatechrepo/Scripts (github.com)
While this article probably won’t apply to 99 percent of the people reading it, I thought I would throw it out there so that maybe a few readers could take something away from it.
I feel this article will definitely help businesses who must follow strict compliance guidelines and host mail for many domains. In this case all domains must have their MX records pointed to our server. The following method provides a way to audit all domains quickly.
- Log into your Proofpoint Appliance using the proper credentials using a SSH client such as PUTTY.
- Escalate privileges to become root user by running the following command: su root
- Change the working directory to the location of the mailertable by running the following command : cd /etc/mail
- Now we will parse the data within mailertable by running the following command:
cat mailertable | grep “your inbound mail route destination ( should be an IP)” | awk ‘{print $1}’ > domainlist.txt
This command works by opening the mailertable and then searching for any line containing “192.xxx.x.xxx”. The reason we search for this IP is because all “Accepted Domains” must be pointed to our mail servers to process mail. This is called an “Inbound Route”. Once the search for any item associated with “192.xxx.x.xxx” is found it strips all data except for the domain name. It then writes the results to a text file called domainlist.txt
- Move domainlist.txt to a assessable directory by running the following command: mv domainlist.txt /home /support/domainlist.txt >> replace “support” with the home directory of your choosing
- Connect to Proofpoint Appliance using any SCP client on port 22. (WinSCP, FileZilla)
- Navigate to /home/yourdirectory
- Download domainlist.txt to your local machine
- Open the program Harvest and Resolve. This program is nothing but a bulk lookup tool. It queries name server by using the dig mx (domainname) command.
- Click “Load” from the menu bar and select “From File”
- Ensure that all files is selected as the “File Type”
- Locate domainlist.txt and click open.
- Click “Start”
- Upon the process completing click “Export”
- Name the file MXTODAYSDATE(Replace TODAYSDATE with the date).
You now have a spreadsheet containing all domains and their associated MX records.