[mdaemon-l] host can't be resolved
On 27/11/20 08.45, Rievo Niemrod E wrote: > Dear Pak Syafril mohon di bantu update log error di bawah ini > Wed 2020-11-25 22:43:18.986: [13382252] --> 250-bb.ptbmi.com Hello > NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.100], pleased to > meet you sudah diupdate ke ftp://ftp.dutaint.com/altn-mdaemon/miscl/HeloLookupWL.dat -- syafril Syafril Hermansyah MDaemon-L Moderator, run MDaemon 20.5.0 64bit Beta B Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon. We are products of our past, but we don't have to be prisoners of it. --- Rick Warren -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.1
[mdaemon-l] host can't be resolved
Selamat Pagi Dear Pak Syafril mohon di bantu update log error di bawah ini Terima Kasih Rievo Wed 2020-11-25 22:44:12.995: -- Wed 2020-11-25 22:43:18.700: [13382252] Session 13382252; child 0002 Wed 2020-11-25 22:43:18.700: [13382252] Accepting SMTP connection from 40.107.102.100:48224 to 172.16.0.6:25 Wed 2020-11-25 22:43:18.700: [13382252] Location Screen says connection is from United States, North America Wed 2020-11-25 22:43:18.701: [13382252] --> 220 bb.ptbmi.com ESMTP MDaemon 20.0.3; Wed, 25 Nov 2020 22:43:18 +0700 Wed 2020-11-25 22:43:18.985: [13382252] <-- EHLO NAM04-DM6-obe.outbound.protection.outlook.com Wed 2020-11-25 22:43:18.986: [13382252] --> 250-bb.ptbmi.com Hello NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.100], pleased to meet you Wed 2020-11-25 22:43:18.986: [13382252] --> 250-ETRN Wed 2020-11-25 22:43:18.986: [13382252] Location Screening hiding AUTH from country United States, North America Wed 2020-11-25 22:43:18.986: [13382252] --> 250-8BITMIME Wed 2020-11-25 22:43:18.986: [13382252] --> 250-ENHANCEDSTATUSCODES Wed 2020-11-25 22:43:18.986: [13382252] --> 250-STARTTLS Wed 2020-11-25 22:43:18.986: [13382252] --> 250 SIZE 36700160 Wed 2020-11-25 22:43:19.272: [13382252] <-- STARTTLS Wed 2020-11-25 22:43:19.272: [13382252] --> 220 2.7.0 Ready to start TLS Wed 2020-11-25 22:43:19.854: [13382252] SSL negotiation successful (TLS 1.2, 384 bit key exchange, 256 bit AES encryption) Wed 2020-11-25 22:43:20.137: [13382252] <-- EHLO NAM04-DM6-obe.outbound.protection.outlook.com Wed 2020-11-25 22:43:20.137: [13382252] --> 250-bb.ptbmi.com Hello NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.100], pleased to meet you Wed 2020-11-25 22:43:20.137: [13382252] --> 250-ETRN Wed 2020-11-25 22:43:20.138: [13382252] Location Screening hiding AUTH from country United States, North America Wed 2020-11-25 22:43:20.138: [13382252] --> 250-8BITMIME Wed 2020-11-25 22:43:20.138: [13382252] --> 250-ENHANCEDSTATUSCODES Wed 2020-11-25 22:43:20.138: [13382252] --> 250-REQUIRETLS Wed 2020-11-25 22:43:20.138: [13382252] --> 250 SIZE 36700160 Wed 2020-11-25 22:43:20.423: [13382252] <-- MAIL FROM: SIZE=185243 Wed 2020-11-25 22:43:20.428: [13382252] Performing PTR lookup (100.102.107.40.IN-ADDR.ARPA) Wed 2020-11-25 22:43:20.503: [13382252] * D=100.102.107.40.IN-ADDR.ARPA TTL=(60) PTR=[mail-dm6nam08on2100.outbound.protection.outlook.com] Wed 2020-11-25 22:43:20.823: [13382252] * D=mail-dm6nam08on2100.outbound.protection.outlook.com TTL=(60) A=[40.107.102.100] Wed 2020-11-25 22:43:20.823: [13382252] End PTR results Wed 2020-11-25 22:43:20.824: [13382252] Performing IP lookup (NAM04-DM6-obe.outbound.protection.outlook.com) Wed 2020-11-25 22:44:21.060: [13382252] * DNS: 60 second wait for DNS response exceeded (DNS Server: 68.6.16.25) Wed 2020-11-25 22:44:21.060: [13382252] * DNS server reports domain name unknown Wed 2020-11-25 22:44:21.060: [13382252] End IP lookup results Wed 2020-11-25 22:44:21.060: [13382252] --> 501 5.7.0 NAM04-DM6-obe.outbound.protection.outlook.com host can't be resolved Wed 2020-11-25 22:44:21.060: [13382252] SMTP session terminated (Bytes in/out: 686/3936) Wed 2020-11-25 22:44:21.060: -- Wed 2020-11-25 22:53:13.488: -- Wed 2020-11-25 22:53:30.631: [13382430] Session 13382430; child 0001 Wed 2020-11-25 22:53:30.631: [13382430] Accepting SMTP connection from 40.107.102.85:3041 to 172.16.0.6:25 Wed 2020-11-25 22:53:30.631: [13382430] Location Screen says connection is from United States, North America Wed 2020-11-25 22:53:30.631: [13382430] --> 220 bb.ptbmi.com ESMTP MDaemon 20.0.3; Wed, 25 Nov 2020 22:53:30 +0700 Wed 2020-11-25 22:53:30.915: [13382430] <-- EHLO NAM04-DM6-obe.outbound.protection.outlook.com Wed 2020-11-25 22:53:30.915: [13382430] --> 250-bb.ptbmi.com Hello NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.85], pleased to meet you Wed 2020-11-25 22:53:30.915: [13382430] --> 250-ETRN Wed 2020-11-25 22:53:30.915: [13382430] Location Screening hiding AUTH from country United States, North America Wed 2020-11-25 22:53:30.915: [13382430] --> 250-8BITMIME Wed 2020-11-25 22:53:30.915: [13382430] --> 250-ENHANCEDSTATUSCODES Wed 2020-11-25 22:53:30.915: [13382430] --> 250-STARTTLS Wed 2020-11-25 22:53:30.915: [13382430] --> 250 SIZE 36700160 Wed 2020-11-25 22:53:31.222: [13382430] <-- STARTTLS Wed 2020-11-25 22:53:31.222: [13382430] --> 220 2.7.0 Ready to start TLS Wed 2020-11-25 22:53:31.808: [13382430] SSL negotiation successful (TLS 1.2, 384 bit key exchange, 256 bit AES encryption) Wed 2020-11-25 22:53:32.091: [13382430] <-- EHLO NAM04-DM6-obe.outbound.protection.outlook.com Wed 2020-11-25 22:53:32.091: [13382430] --> 250-bb.ptbmi.com Hello NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.85], pleased to meet you Wed 2020-11-25 22:53:32.091: [13382430] --> 250-ETRN Wed 2020-11-25 22:53:32.091: [13382430] Location Screening hiding AUTH from
[mdaemon-l] Email gagal kirim
On 26/11/20 22.15, Syafril Hermansyah via mdaemon-l wrote: >> DNS record for mdaemon._domainkey.mandau.id: >> >> "v=DKIM1;\010p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgZrFo2uefQkOBB+5c9Q0Uyg9YJf2hwvCwripm5lW1GkB+JSU266zb6/bWnfYnmtETMdhZvfhFBehvhz1OFpaTxFuFL0cTliht8/FUBKJWKa/kxkuRSNs5jqDq5oIk86cBstv/F836Sr1Fb7yjROuLEEDZGVf3UwUM6Jw6UyGuawIDAQAB" > > Sudah hampir benar. > Ada character \010 yang mengganggu. Eh tetapi menurut DKIM checker sudah benar recordnya. Character \010 bisa diabaikan. Bisa test kirim mail ke https://dkimvalidator.com/ untuk memastikan. -- syafril --- Syafril Hermansyah -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.1
[mdaemon-l] Email gagal kirim
On 26/11/20 17.55, Irwan R Jazir via mdaemon-l wrote: > seperti ini pak? > > > SPF check > > 1 SPF record found for the domain mandau.id : > > "v=spf1 +a +mx +ip4:112.78.191.82 +ip4:117.102.89.155 > +ip4:198.46.134.245 +ip4:184.170.148.5 +ip4:202.74.236.99 > +ip4:202.74.238.130 +ip4:139.99.6.57 +ip4:158.69.40.68 > include:smtp.biz.net.id ~all" > > > DKIM check > > DNS record for mdaemon._domainkey.mandau.id: > > "v=DKIM1;\010p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgZrFo2uefQkOBB+5c9Q0Uyg9YJf2hwvCwripm5lW1GkB+JSU266zb6/bWnfYnmtETMdhZvfhFBehvhz1OFpaTxFuFL0cTliht8/FUBKJWKa/kxkuRSNs5jqDq5oIk86cBstv/F836Sr1Fb7yjROuLEEDZGVf3UwUM6Jw6UyGuawIDAQAB" Sudah hampir benar. Ada character \010 yang mengganggu. mestinya > "v=DKIM1; > p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgZrFo2uefQkOBB+5c9Q0Uyg9YJf2hwvCwripm5lW1GkB+JSU266zb6/bWnfYnmtETMdhZvfhFBehvhz1OFpaTxFuFL0cTliht8/FUBKJWKa/kxkuRSNs5jqDq5oIk86cBstv/F836Sr1Fb7yjROuLEEDZGVf3UwUM6Jw6UyGuawIDAQAB" -- syafril --- Syafril Hermansyah -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.1
[mdaemon-l] Email gagal kirim
> Sekarang ini masih salah seperti ini pak? SPF check 1 SPF record found for the domain mandau.id : "v=spf1 +a +mx +ip4:112.78.191.82 +ip4:117.102.89.155 +ip4:198.46.134.245 +ip4:184.170.148.5 +ip4:202.74.236.99 +ip4:202.74.238.130 +ip4:139.99.6.57 +ip4:158.69.40.68 include:smtp.biz.net.id ~all" DKIM check DNS record for mdaemon._domainkey.mandau.id: "v=DKIM1;\010p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgZrFo2uefQkOBB+5c9Q0Uyg9YJf2hwvCwripm5lW1GkB+JSU266zb6/bWnfYnmtETMdhZvfhFBehvhz1OFpaTxFuFL0cTliht8/FUBKJWKa/kxkuRSNs5jqDq5oIk86cBstv/F836Sr1Fb7yjROuLEEDZGVf3UwUM6Jw6UyGuawIDAQAB" Key length : 1024 terima kasih Irwan -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.1
[mdaemon-l] Tips Mengaktifkan MTA-STS di MDaemon (update 2020-11)
Hallo, Tips ini mengupdate tips sebelumnya https://www.mail-archive.com/mdaemon-l@dutaint.com/msg46409.html MDaemon 20.0.x mendukung MTA-STS protocol. MTA-STS (MTA Strict Transport Security) adalah standar network security baru untuk mengharuskan sender menggunakan koneksi SMTP/TLS (STARTTLS) saat kirim mail ke domain kita, tidak lagi opsional. Hal ini dimaksudkan untuk menghindari man-in-the-middle attacks (MITM). Penjelasan lebih rinci bisa dibaca disini https://www.hardenize.com/blog/mta-sts https://www.uriports.com/blog/mta-sts-explained/ Penerapan MTA-STS di MDaemon sbb: Pengiriman mail --- Prasyarat a. aktifkan STARTTLS http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ssl_mdaemon.htm [x] Enable SSL, STARTTLS, and STLS [x] SMTP server sends mail using STARTTLS when possible b. aktifkan DNSSEC (DNS Security Extensions) http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ssl_dnssec.htm [x] Enabled DNSSEC Setelah prasyarat dipenuhi maka aktifkan MTA-STS http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ssl_starttls-required-list_2.htm [x] Enable REQUIRETLS (RFC 8689) [x] Enable MTA-STS [x] Cache MTA-STS DNS records Penerimaan Mail -- 1. Aktifkan webmail https http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ssl_worldclient.htm [x] HTTP and HTTPS atau [x] HTTPS only atau [x] HTTP redirected to HTTPS HTTPS port: 443 2. buat MTA-STS policy berupa file MTA-STS.txt di folder \\mdaemon\worldclient\.well-known\ yang isinya version: STSv1 mode: testing mx: mail.domain.tld mx: mx.domain.tld max_age: 86400 catatan: mode bisa berupa : enforce (harus, wajib), testing atau none https://www.mailhardener.com/kb/mta-sts https://www.uriports.com/blog/mta-sts-explained/ 3. buat DNS A atau CNAME record mta-sts.domain.tld. mta-sts.domain.tld CNAME mail.domain.tld contoh: $ host -t a mta-sts.dutaint.co.id mta-sts.dutaint.co.id is an alias for mail.dutaint.co.id. mail.dutaint.co.id has address 139.255.33.189 $ host -t a mta-sts.mdaemon.com mta-sts.mdaemon.com has address 65.99.242.68 Perhatikan bahwa mta-sts.domain.tld ini merujuk ke webmail https://mail.domain.tld (lihat point nomer 2 diatas), tetapi sebenarnya boleh saja merujuk ke portal web https://domain.tld. Dengan demikian jika masih pakai koneksi Dynamic IP (wired/wireless broadband) bisa saja MTA-STS policy diaktifkan di https portal web. https://domain.tld/.well-known/mta-sts.txt 4. buat DNS TXT record _mta-sts.domain.tld di Name Server (Authoritative DNS server) domain kita. _mta-sts.domain.tld TXT v=STSv1; id=20200206T010101; dimana id harus diganti (ditambah) versinya setiap ganti policy, misalkan menjadi id=20200827T010101; atau id=20200827T010102 contoh: $ host -t txt _mta-sts.dutaint.co.id _mta-sts.dutaint.co.id descriptive text "v=STSv1; id=20200506T010101;" $ host -t txt _mta-sts.gmail.com _mta-sts.gmail.com descriptive text "v=STSv1; id=20190429T010101;" $ host -t txt _mta-sts.yahoo.com _mta-sts.yahoo.com descriptive text "v=STSv1; id=20161109010200Z;" MTA-STS Reporting - http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ssl_starttls-required-list_2.htm untuk pengiriman mail [x] Enable TLS Reporting (RFC 8460) penerimaan mail buat DNS record _smtp._tls.domain.tld di Name Server (Authoritative DNS server) domain kita. _smtp._tls.domain.tld txt v=TLSRPTv1; rua=mailto:mail...@domain.tld contoh $ host -t txt _smtp._tls.dutaint.co.id _smtp._tls.dutaint.co.id descriptive text "v=TLSRPTv1; rua=mailto:mtasts-repo...@dutaint.co.id; $ host -t txt _smtp._tls.gmail.com _smtp._tls.gmail.com descriptive text "v=TLSRPTv1;rua=mailto:sts-repo...@google.com; $ host -t txt _smtp._tls.dutaint.com _smtp._tls.dutaint.com descriptive text "v=TLSRPTv1; rua=mailto:mtasts-repo...@dutaint.co.id; -- syafril - Syafril Hermansyah -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.1
