Batch XML Input File

A Batch XML Input File is used to describe the test(s) to run. When we email Batch results to you we include this input file along with the output (i.e. results) so you have a record of exactly what was tested and the result. The Batch XML Input File can be created by hand, by an Excel workbook, or generated by a database.

There are many options and settings in a Batch XML Input File, but most are optional and default to the right thing.

Simple Batch XML Input File format

The simplest form of the input file looks like this (user values in bold):

<BatchTest TestType="receiver">
  <Target>personone@onedomain.com</Target>
  <Target>persontwo@twodomain.com</Target>
  <Delivery>
    <To>test@checktls.com</To>
    <Format>csv</Format>
  </Delivery>
</BatchTest>

See this XML File in a browser window. This file specifies two tests:

<BatchTest TestType = "receiver">
Top level element that opens the XML. The TestType attribute makes this a Receiver test.
<Target>
The email address to be tested, same as the eMail field on the interactive Receiver test.
<Delivery>
Starts a group of elements that describe where and how to send the test results.
<To>
The email address to which results should be sent (because it's under <Delivery>). Use multiple <To> elements to send results to more than one person. Be sure to add @CheckTLS.com to your approved senders list to make sure the email gets through.
<Format>
Indicates which of the output formats to use to report results -- see Results Formats below.
</Delivery>
Ends the group of elements describing where and how to send the test results.
</BatchTest>
Ends the XML.

Complete Batch XML Input File format

The XML Schema Definition (XSD) for BatchTest XML files is here: BatchTest XML Schema (xsd)

While the simple XML format above works for most testing, the Batch XML Input File has options to roll-up multiple tests into a single number, suppress results if they are good enough, and test private email systems. A complete XML input file looks like this (user values in bold):


<?xml version="1.0"?>

<BatchTest TestType="receiver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.CheckTLS.com/BatchTests/BatchTest.xsd">
	<Target>test@checktls.com</Target>
	<!-- all Target attributes are optional and almost never used -->
	<Target
		Count="2"
		Host="www6.checktls.com"
		Port="587"
		AuthType="PLAIN"
		AuthUser="support@checktls.com"
		AuthPass="secret"
		SMTPTimeOut="30"
		TestTimeOut="300"
		ReplyTimeOut="30"
		DirectTLS="0"
		CompelTLS="0"
		SSLVersion="SSLv23"
		CipherList="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
		SendMail="0"
		RelaxWC="0"
		HeloName="www6.checktls.com"
		Quick="0"
		CACerts="
# Symantec Class 1 Public Primary Certification Authority - G4
-----BEGIN CERTIFICATE-----
MIICqDCCAi2gAwIBAgIQIW4zpcvTiKRvKQe0JzzE2DAKBggqhkjOPQQDAzCBlDEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD
bGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC
VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h
bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq
hkjOPQIBBgUrgQQAIgNiAATXZrUb266zYO5G6ohjdTsqlG3zXxL24w+etgoUU0hS
yNw6s8tIICYSTvqJhNTfkeQpfSgB2dsYQ2mhH7XThhbcx39nI9/fMTGDAzVwsUu3
yBe7UcvclBfb6gk7dhLeqrWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRlwI0l9Qy6l3eQP54u4Fr1ztXh5DAKBggqhkjOPQQD
AwNpADBmAjEApa7jRlP4mDbjIvouKEkN7jB+M/PsP3FezFWJeJmssv3cHFwzjim5
axfIEWi13IMHAjEAnMhE2mnCNsNUGRCFAtqdR+9B52wmnQk9922Q0QVEL7C8g5No
8gxFSTm/mQQc0xCg
-----END CERTIFICATE-----
# Symantec Class 1 Public Primary Certification Authority - G6
-----BEGIN CERTIFICATE-----
MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB
lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w
HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl
YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE
BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT
eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD
6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o
ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH
w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn
r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP
N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB
AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX
tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP
4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q
dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz
5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA
DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0
0jPg/73RVDkpDw==
-----END CERTIFICATE-----
# Symantec Class 2 Public Primary Certification Authority - G4
-----BEGIN CERTIFICATE-----
MIICqDCCAi2gAwIBAgIQNBdlEkA7t1aALYDLeVWmHjAKBggqhkjOPQQDAzCBlDEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD
bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC
VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h
bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAyIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq
hkjOPQIBBgUrgQQAIgNiAATR2UqOTA2ESlG6fO/TzPo6mrWnYxM9AeBJPvrBR8mS
szrX/m+c95o6D/UOCgrDP8jnEhSO1dVtmCyzcTIK6yq99tdqIAtnRZzSsr9TImYJ
XdsR8/EFM1ij4rjPfM2Cm72jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBQ9MvM6qQyQhPmijGkGYVQvh3L+BTAKBggqhkjOPQQD
AwNpADBmAjEAyKapr0F/tckRQhZoaUxcuCcYtpjxwH+QbYfTjEYX8D5P/OqwCMR6
S7wIL8fip29lAjEA1lnehs5fDspU1cbQFQ78i5Ry1I4AWFPPfrFLDeVQhuuea9//
KabYR9mglhjb8kWz
-----END CERTIFICATE-----
# Symantec Class 2 Public Primary Certification Authority - G6
-----BEGIN CERTIFICATE-----
MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB
lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w
HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl
YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE
BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT
eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn
V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs
ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx
+FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y
KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN
KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB
AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW
tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L
0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2
bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9
Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm
KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+
b/xa5IJVWa8xqQ==
-----END CERTIFICATE-----
"
		ClientCert="
-----BEGIN CERTIFICATE-----
MIID5TCCAs2gAwIBAgIJAPluV7ZFSl0EMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
VQQGEwJVUzENMAsGA1UECAwET2hpbzETMBEGA1UEBwwKQ2luY2lubmF0aTEXMBUG
A1UECgwOU2VjdXJFbWFpbCBMTEMxFzAVBgNVBAMMDiouY2hlY2t0bHMuY29tMSMw
IQYJKoZIhvcNAQkBFhRzdXBwb3J0QGNoZWNrdGxzLmNvbTAeFw0xNzExMTkxOTQ2
NTZaFw0yNzExMjAxOTQ2NTZaMIGIMQswCQYDVQQGEwJVUzENMAsGA1UECAwET2hp
bzETMBEGA1UEBwwKQ2luY2lubmF0aTEXMBUGA1UECgwOU2VjdXJFbWFpbCBMTEMx
FzAVBgNVBAMMDiouY2hlY2t0bHMuY29tMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0
QGNoZWNrdGxzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRp
ZKoyQeeR5i9/ZU5AH9PiWFvLsOTLjRzMDQkCDhwQU2mm4EwSWFRrQZNUa8fEBtyJ
++vAaF3ahIt2AoABAWmCjnjCjcTQGWZICI9ahb9IVidtSnMlae7/0i6CQ2TBYnSX
mzoF2Dr4b32EmLvOItKiHbNIjlboSO0J8CLizi2xZZvTT5CUenutlaOUPoKuB5Xr
ZGfG1ZWp8kW0KQzHiq+O52Pm8XK3X2P8dHz3QfZynaxWAIbiwE7qA43fJP04iXl7
VjPXkUGmeHhfwe2xBMHjGnoJ6gDwRRqVDP4jGPDSsoricPbqQIp/lkNM0nJcLbXu
/hD8ViAirR/1Gb78KLcCAwEAAaNQME4wHQYDVR0OBBYEFOe3MI0QpN9G/tEt0zMy
xOCzAuPvMB8GA1UdIwQYMBaAFOe3MI0QpN9G/tEt0zMyxOCzAuPvMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBADo6FvU4dT44wvmOokVegatPVPmUnmoS
jxCPDiwBFDteGH+vnB8cqJ8MXR1uX91udoDD0mrqX5n/Hp4ERjSG4eoo738VSyPL
eU+DdzA3GdT54tyWTBqeYerfzmHezMexG8SqA1W/UXcxm1jMd8EY5yXg9GTYiI9I
lLykCoe/7Kyf89odg27liwjJ5Wx/OQ2nBZGO9D63pCvC/LY9FsaJZ9nR3aURY8B3
LpRrwc4XFC2hmUSXChAWccOp5bcUAkdhnHcV97su09/FaZw2dCqPPRwKCJlb8PhQ
HSliGdGqbB6e3XFGC8QrEUBuoHRjyfkK8ZsMZ3GE6ZpuAShMgl9XU1s=
-----END CERTIFICATE-----
"
		ClientKey="
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtGlkqjJB55HmL39lTkAf0+JYW8uw5MuNHMwNCQIOHBBTaabg
TBJYVGtBk1Rrx8QG3In768BoXdqEi3YCgAEBaYKOeMKNxNAZZkgIj1qFv0hWJ21K
cyVp7v/SLoJDZMFidJebOgXYOvhvfYSYu84i0qIds0iOVuhI7QnwIuLOLbFlm9NP
kJR6e62Vo5Q+gq4HletkZ8bVlanyRbQpDMeKr47nY+bxcrdfY/x0fPdB9nKdrFYA
huLATuoDjd8k/TiJeXtWM9eRQaZ4eF/B7bEEweMaegnqAPBFGpUM/iMY8NKyiuJw
9upAin+WQ0zSclwtte7+EPxWICKtH/UZvvwotwIDAQABAoIBAQCqM5PojSln0lkb
DlEAlbZxKuS5FV15PB+Qv2C80teE2lIXJnwMyHHUkqt21vonqGPgw7yLGSZdBL5u
45JQOKKga68FdmZQ+xI7UFHjDD+JyjCdWZoXL4DVHTuo7POvplHANRcYklMAr0hf
XizJYRuxI4hpj1XZ36KNHgcSom5o44+SNe67wlAOSaBbIX4SkVfVsTG9X7dbXIZa
gRmzr98cUdkPC6bu9jTrTrGKuc8OsMX4AxgQBxSIYGcSOPA0BRth8ckx94Gir9wG
2LELrSBFNNEZDuQ1kVuwiPV3kCxL1sC2z3x1n4prGuiqnRGdISnrAEFfySSu26xy
BeghbEcBAoGBAO5Pw7UeDRXXujtghfdrtf8QXlHWvVEwwhxMXLL3NH6JTiFLy+hS
pySTB+Rr6AWBRIxiGqV+nHTq5sYU+uWKw6jLHVgwJi22B2SIk81bokSVb87mtFmf
nnqB3cOJUQ2D8RmqgHzRQgxPlEl0tT8lqwV96eHX0ZFcsXUuJIyfwa6hAoGBAMHN
dEe+9WH0c65gqT56KVycgHichnVcD9v5Nh726VdB9RiR0T5P0t4lKJSqPq3bL7zR
9CNrpo0LhIJoxtLUO86mIYcVS6ZQic0KMZSodQWPH2pS0zLaKp3ruO9Sx1RdWZZN
it1z1H2nyvBNL3caERrrNm44001mi0pFk22j59BXAoGAKMNIDJDpWBUga8uk3p9z
7/8SwxjiJSMb8M83A/244vQFgzh91m1c3aqwrOewNlDYMtMND8XKaU1M0BECoYTM
1vB3QoBp52O9e/rInVXROb398/wOWU4uQ3I3Rp0UWiV5dhRuCeuZSpXKHY5y+iwt
RrE08kaCOEUMraiI4+znqkECgYAGcxTsklFOOjljUzoupxgbSeYInYToAPFSK7/+
Vc88JSjH8YpaHYPx+qCYGfZOCN5U1VPfneSECx8Uy/HZ8FAxN1wkR7Qly8ZaOX2e
6eBDGBk+i5UVuybx7HdSF5okl5q0os39Qq6Oo/ff+WGcABUTpUJBdsipacE27ovS
eULsrwKBgB/4VP3Qvn3uAztL4vEJrK+JB+Y086WvgRkndD/hYqV9IYn6t1+IRdZF
lUKd9ixgMKiCn3hs9idVWOa+if8IdmX35vNzfGt79JB2JCizJQ2HicL/bOiJ6yB2
vHVkParOap1gMJwqhX/FTz64yh9y7w9z/Y6tLJNhtw4YHyB6Hvn1
-----END RSA PRIVATE KEY-----
"
	>
		test@forcetls.com
	</Target>
	<!-- HidePasswords is optional, default is false -->
	<!-- NoSource is optional, default is false; it suppresses sending Source.XML in the response email -->
	<Delivery HidePasswords="false" NoSource="false">
		<To>support@checktls.com</To>
		<!-- text, csv, xml, xml-score, xml-matrix, xml-matrixssl, xml-detail, xml-ddetail -->
		<Format>xml-certdetail</Format>
		<!-- ONLY ONE OF OnlyNodes or OnlyFields IS ALLOWED IN A BATCH, NOT BOTH IN THE SAME BATCH -->
		<!-- if Format is XML-* and OnlyNode(s) exist, then only those nodes are included in the results -->
		<OnlyNode>Cipher</OnlyNode>
		<OnlyNode>PublicKeyAlgorithm</OnlyNode>
		<OnlyNode>PublicKeyBits</OnlyNode>
		<OnlyNode>//MX/@exchange</OnlyNode>
		<OnlyNode>//MX[1]/SSLVersion</OnlyNode>
		<!-- if Format is XML-* and OnlyField(s) exist, then only those nodes are included in the results -->
		<OnlyField>Cipher</OnlyField>
		<OnlyField>PublicKeyAlgorithm</OnlyField>
		<OnlyField>PublicKeyBits</OnlyField>
		<OnlyField>//MX/@exchange</OnlyField>
		<OnlyField>//MX[1]/SSLVersion</OnlyField>
		<!-- Suppress is optional, default is to send results -->
		<!-- e.g. donot send results if everything worked (Total_Function "minimum" is 100) -->
		<Suppress Function="minimum" Test="ge" Value="100" />
	</Delivery>
	<!-- average, minimum -->
	<Total Function="average" />
</BatchTest>

See this XML File in a browser window.

Target

The <Target> element has attributes that can set all the options from Custom/Private Systems. These include a specific MX host, an email port other than the standard port 25, different methods of authenticating to the mail system, and a specific user-id and pass-code for access. There is also an attribute to quickly test a single target address many times in succession. The <Target> attributes as shown above are:

Count
The number of times to test this <Target> in rapid succession; useful to stress test an email system/server or test how various MX servers are being selected.
Host
A single host to test, typically an MX server through which email is routed. This is different from targeting a specific mail host: targeting "user@host.domain.com" sends the email to "user" on "host.domain.com", whereas this Host attribute tests "user@domain.com" as delivered to mx1.domain.com.
Port
A non-standard (i.e. not 25) port on which the email server for the <Target> is listening. Non-standard ports are used in "hidden" email systems that are not open to the public, but that are reachable from the Internet.
AuthType
The type of Authorization that this test should use when authenticating to the email server. Valid options are: PLAIN, LOGIN, CramMD5, NTLM.
AuthUser
The user-id to authenticate with.
AuthPass
The pass-code to authenticate with.
SMTPTimeOut
Tells the test how long to wait (in seconds) for any one SMTP server to respond to a command. See TimeOut in TestReceiverFull.
TestTimeOut
Tells the batch how long to wait (in seconds) for that Target test to finish. Use this if a batch test Target returns zero (or no) result but a manual //email/Test To: test takes a long time (more than five minutes total) but does return a result. We suggest 1200 seconds in this case.
ReplyTimeOut
Only used with BatchTest Thru; tells the test how long to wait (in minutes) for the email to come back. See BatchTest Thru.
DirectTLS
Start TLS immediately after connecting to server and before sending or receiving any commands or data (typically used with port 465).
CompelTLS
Try starting TLS even if server does not offer it, i.e. send a STARTTLS command even if server did not offer 250 STARTTLS.
TimeOut
How long (in seconds, default 30) to wait for the SMTP server to respond to a command. Use this if you are getting time-out errors on a slow connection or while testing a slow/busy server. While this allows you to test a slow system, needing more than 30 seconds indicates a problem and regular email will frequently fail.
Quick
A quick test of only the first address of the first MX. This invalidates the Confidence Factor so should only be used in special cases.
RelaxWC
Allow wild-card certs to match multiple levels of server name (see rfc-2818 section 3.1 paragraph 4).
SSLVersion
Sets the version of the SSL protocol used to transmit data. From the OpenSSL documentation:

'SSLv23' uses a handshake compatible with SSL2.0, SSL3.0 and TLS1.x, while 'SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_1' or 'TLSv1_2' restrict handshake and protocol to the specified version. All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires recent versions of Net::SSLeay and openssl.

Independent from the handshake format you can limit to set of accepted SSL versions by adding !version separated by ':'.

The CheckTLS default SSL Version is 'SSLv23' which allows any handshake version for testing purposes. CheckTLS issues a warning if the handshake negotiated is SSL2.0 and SSL3.0 which have serious security issues and should not be used anymore.

Most production systems use the default SSL Version 'SSLv23:!SSLv3:!SSLv2' which means that the handshake format is compatible to SSL2.0 and higher, but that the successful handshake is limited to TLS1.0 and higher, that is no SSL2.0 or SSL3.0 because both of these versions have serious security issues and should not be used anymore. You can also use !TLSv1_1 and !TLSv1_2 to disable TLS versions 1.1 and 1.2 while still allowing TLS version 1.0.

Setting the version instead to 'TLSv1' might break interaction with older clients, which need and SSL2.0 compatible handshake. On the other side some clients just close the connection when they receive a TLS version 1.1 request. In this case setting the version to 'SSLv23:!SSLv2:!SSLv3:!TLSv1_1:!TLSv1_2' might help.

CipherList
A list of Ciphers used to transmit data. From the OpenSSL documentation:

If this option is set the cipher list for the connection will be set to the given value, e.g. something like 'ALL:!LOW:!EXP:!aNULL'. Look into the OpenSSL documentation for more details.

Unless you fail to contact your peer because of no shared ciphers it is recommended to leave this option at the default setting. The default setting prefers ciphers with forward secrecy, disables anonymous authentication and disables known insecure ciphers like MD5, DES etc. This gives a grade A result at the tests of SSL Labs. To use the less secure OpenSSL builtin default (whatever this is) set SSL_cipher_list to ''.

SendEmail

Actually send a test email message. Requires a Corporate Level Subscription, and we limit use of this feature to prevent abuse.

This is not necessary for testing because our test does everything that sending an email does except put text into the message. Send Email does not affect our Confidence Factor score.

Note that this will send one email per MX, which on a large email system could be many emails to the same address. Use the eMail MX Host option above to target just one MX host.

CACerts
A PEM encoded Certificate or Certificate Chain of trusted Certificate Authorities to use to determine if the server's certificate is properly signed. Use Show Our CA List to see the Chain used by CheckTLS.
SendCC
DEPRECATED: any entry in ClientCert or ClientKey is automatically used.
ClientCert
The Client Certificate to send.
ClientKey
The Client Certificate Key to send.

Total

BatchTest can compute two types of totals for all the <Target>s in a given test. This is obviously most useful when testing more than one email address at a time, although single <Target> totals are useful for suppressing results (next section). Total functions can be "average" or "minimum", or two total elements can be used to get both.

Delivery

No Source

BatchTest normally adds two attachments to the results email: the Batch XML Input File as "Source.xml", and the Batch Output File as "Result.{txt,csv,xml}". You can tell BatchTest to NOT attach Source.xml by adding the attribute "NoSource" to the Delivery element and setting it equal to "true". This can make the results email smaller, and more importantly it prevents some email systems from flagging the results email as dangerous (because of the XML attachment).

Hide Passwords

BatchTest can hide the authentication password for email servers it tests so results reports can be shared without compromising server security. Add the attribute "HidePasswords" to the Delivery element and set it equal to "true" to suppress all the passwords in the results of this test.

To

This is the email address to which the results of the test should be sent.

If your email system has a limit on the size of email attachments and you have a BatchTest with lots of targets, use the word "file" instead of an email address, for example:

<To>file</To>

You can then download the large results file using the on the //email/edit saved tests:last screen.

Suppressing Results

IT departments with their own monitoring system (e.g. Nagios, PRTG, WhatsUp Gold, SolarWinds, ManageEngine, DataDog, Zabbix, HP OpenView, etc.) always want their BatchTest results sent. They monitor the test results and follow the correct notification sequence depending on the results. This is one of the primary reasons BatchTest results are available in machine-parsable XML. See Monitor to do this as a web service rather than from email.

Other users only want to know if something is wrong. For these, BatchTest has the option to not send the results based on user supplied conditions. The <Suppress> element under the <Delivery> node defines when to not send the results email.
The different <Suppress> attributes are:

Function
Either "average" or "minimum" to select which total to compare.
Test
One of:
"ge" Greater than or Equal to
"gt" Greater Than
"eq" Equal to
"ne" Not Equal to
"le" Less than or Equal to
"lt" Less Than
Value
A number to compare the total to.

The attributes in <Suppress> read like a sentence:
If [function] is [test] than [value], then don't send the email. For example:
To only send an email if any of the <Target> in the Batch had a Confidence Factor that was under 90:

<Suppress Function="minimum" Test="ge" Value="90" />

Results File Format

The <Format> element in the Batch XML Input File selects the format of the results file. The different <Format> options are:

text
The results file is a plain text (.txt) file that shows the Confidence Factor and the target address, for example:
100 "onetest@checktls.com"
100 "twotest@checktls.com"
csv
The results file is an Excel spreadsheet (.csv) file that shows the Confidence Factor and the target address, for example:
100,"onetest@checktls.com"
100,"twotest@checktls.com"
pager
The results are sent directly in the body of the email rather than in an attached file and include the Confidence Factor, BatchTest total(s), and the Matrix level results of the interactive TestReceiver test in a very terse format so it fits on a small smart phone screen (i.e. pager), for example:
Addr:CF:Ans:Con:HELO:TLS:Cert:Sec:From:To
address@onecompany.com:100:100:100:100:100:100:100:100:100
address@twocompany.com:90:100:100:100:100:100:0:100:100
average: 95.000
pager-html
Same as pager above, made for a small screen, but the output is put in an HTML table to make it easier to read on a phone, for example:
AddrCFAnsConHELOTLSCertSecFromTo
addr@one.com100100100100100100100100100
addr@two.com901001001001001000100100
xml
Batch Output Format that shows the Confidence Factor and the target address.
xml-score
Batch Output Format that shows the Score level results of the interactive TestReceiver test.
xml-matrix
Batch Output Format that shows the Matrix level results of the interactive TestReceiver test.
xml-matrixssl
Batch Output Format that shows the Matrix level results of the interactive TestReceiver test along with information about the SSL Certificate used.
xml-detail
Batch Output Format that shows the Detail level results of the interactive TestReceiver test.
The XML does not include the actual SMTP log by default. You can get that detail by adding the attribute SMTPDetail="1" to a <Target> element like this:
<Target SMPTDetail="1">test@checktls.com</Target>
xml-certdetail
Batch Output Format that shows the CertDetail level results of the interactive TestReceiver test (similar to xml-detail above but with more info about the certificates used).
xml-ssldetail
Batch Output Format that shows the SSLDetail level results of the interactive TestReceiver test (similar to xml-certdetail above but with details of the SSL "conversation" unencrypted).
alerts
ALERTS changes how Batch testing works. It is more than just a Results File Format. ALERTS will notify you once for each target in the Batch that fails. The normal BatchTest Delivery instructions, that is where and when to send results, are applied to every target, one a a time, rather than just once for the whole batch. Instead of sending a single email reporting on all of the targets in the Batch, ALERTS sends an email for every target that fails. You decide what "failure" is using the Suppress function in the Batch's Delivery instructions. For example, this usually looks like
<Suppress Function="minimum" Test="ge" Value="90" />
Which says "Only send an alert email if the target has a Confidence Factor less than 90. The results are kept in a plain text (.txt) file that shows the Confidence Factor, the target address, and PASS or FAIL, for example:
100 onetest@checktls.com PASS
50 twotest@checktls.com FAIL
Again it is important to note that ALERTS Batches can send many emails, one for every target that fails.

Create Batch XML Input Files With Excel

While Batch XML Input Files are designed to be machine created, i.e. from a database, we also provide two Excel worksheets that let you create a simple or complete XML input file.

The simple workbook creates Simple Batch XML Input File. This Simple Format is used for all but the most specialized test cases.

The complete workbook creates Complete Batch XML Input File. This Complete Format includes every option and parameter available.

Both workbooks work the same way and contain instructions for how to use them. The "complete" workbook just has more rows and more columns to cover all the possible entries.

To use a workbook, load it in Excel and maximize the window so you can see everything at once. If you open the workbook directly from the link on CheckTLS, newer versions of Excel will open the workbook in "Read-Only" or "Compatibility" mode. You can safely turn this off. The workbook does not include any macros or Visual Basic code. All it does is use Excel's built-in XML Map ability to map cells in a spreadsheet to the BatchTest XSD.

The top of the workbook has the fields there are only one of, like the type of test (receiver or thru), who to send the results to, etc. These are shaded grey. The blue fields are the elements that may be repeated, typically a list of target email addresses to test in this batch. To add more of these, insert a row in the spreadsheet between the dark blue header and the light blue value row(s). Be sure any new lines you insert are automatically shaded blue; if they are not, the spreadsheet will not map them into the XML file.

Once you've filled in the spreadsheet, follow these steps to create the XML file:

  • Open the Developer menu (how to display Developer Tab in Excel)
  • Under XML, Choose Export
  • Verify Save as type is XML (*.xml)
  • Browse to where you want to save the XML file
  • Enter a name for the new XML file
  • Click Export

If you get a message about data validation, you have a bad entry in one (or more) fields.

A filled-out "complete" sheet looks like this:

And the XML it generated:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BatchTest TestType="receiver">
        <Target Host="mail1.checktls.com" Port="25" AuthType="PLAIN" AuthUser="S
ecretUser" AuthPass="SecretPassword">test@CheckTLS.com</Target>
        <Target Host="mail2.checktls.com" Port="25" AuthType="LOGIN" AuthUser="S
ecretUser" AuthPass="SecretPassword">test@CheckTLS.com</Target>
        <Delivery HidePasswords="false">
                <To>support@CheckTLS.com</To>
                <Format>csv</Format>
                <Suppress Function="minimum" Test="ge" Value="100"/>
        </Delivery>
        <Total Function="minimum"/>
</BatchTest>