[MDaemon-L] Email tembus host screening

2017-02-09 Terurut Topik Agus Tarpindo 
YTH Pak Syafril
Ok baik Pak, saya coba jalankan dulu sambil saya monitoring. Semoga tidak
ada kendala. Terima kasih banyak ya Pak.

Best regards, 
Agus 
IT 
 
-Original Message-
From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of
Syafril Hermansyah
Sent: Thursday, February 09, 2017 8:11 PM
To: Milis Komunitas MDaemon Indonesia
Subject: [MDaemon-L] Email tembus host screening

On 2017-02-09 18:40, Agus Tarpindo wrote:
> Pak beberapa saat lalu saya sudah seting host screening seperti pada 
> gambar attachment untuk user ID ini 
> (deer-blue-521a4e94a094a855.znlc.jp), namun masih tembus Pak dan emailnya
masuk ke end user kami Pak.


Coba diperiksa apakah "PTR record miss match" dan HELO check diaktifkan?

http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--reverse_looku
p.htm


[x] ...send 501 and close connection if no PTR record match

[x] Perform lookup on HELO/EHLO domain
[x] ...send 501 error code (normally sends 451 error code)
[x] ...and then close the connection


> Apakah ada cara lain untuk memblok sender address email ini Pak?


Bisa pakai sender blacklist.

http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--sender-blackl
ist.htm

atau spam filter blacklist

http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?sf_black_list.htm


--
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 17.0-64 Beta B, SP 5.1.0-64 Harap tidak cc:
atau kirim ke private mail untuk masalah MDaemon.

Kesederhanaan adalah bentuk terpenting kecanggihan
-- Leonardo da Vinci

--
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke
mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC
4.0.1, SG 4.0.1





-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1

[MDaemon-L] Email tembus host screening

2017-02-09 Terurut Topik Syafril Hermansyah 
On 2017-02-09 18:40, Agus Tarpindo wrote:
> Pak beberapa saat lalu saya sudah seting host screening seperti pada gambar
> attachment untuk user ID ini (deer-blue-521a4e94a094a855.znlc.jp), namun masih
> tembus Pak dan emailnya masuk ke end user kami Pak.


Coba diperiksa apakah "PTR record miss match" dan HELO check diaktifkan?

http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--reverse_lookup.htm


[x] ...send 501 and close connection if no PTR record match

[x] Perform lookup on HELO/EHLO domain
[x] ...send 501 error code (normally sends 451 error code)
[x] ...and then close the connection


> Apakah ada cara lain untuk memblok sender address email ini Pak?


Bisa pakai sender blacklist.

http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--sender-blacklist.htm

atau spam filter blacklist

http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?sf_black_list.htm


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 17.0-64 Beta B, SP 5.1.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Kesederhanaan adalah bentuk terpenting kecanggihan
-- Leonardo da Vinci

-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1

[MDaemon-L] Email tembus host screening

2017-02-09 Terurut Topik Agus Tarpindo 
YTH Pak Syafril

Pak beberapa saat lalu saya sudah seting host screening seperti pada gambar
attachment untuk user ID ini (deer-blue-521a4e94a094a855.znlc.jp), namun
masih tembus Pak dan emailnya masuk ke end user kami Pak.

Apakah ada cara lain untuk memblok sender address email ini Pak? Berikut
saya ampirkan lognya Pak, mohon bantuannya..

 

Thu 2017-02-09 07:15:07.659: 01: --

Thu 2017-02-09 07:16:16.188: 05: [665148] Session 665148; child 0001

Thu 2017-02-09 07:16:16.188: 05: [665148] Accepting SMTP connection from
[210.229.226.120:36728] to [202.78.202.4:25]

Thu 2017-02-09 07:16:16.189: 03: [665148] --> 220 mail.os-selnajaya.com
ESMTP Thu, 09 Feb 2017 07:16:16 +0700

Thu 2017-02-09 07:16:16.283: 02: [665148] <-- EHLO
deer-blue-521a4e94a094a855.znlc.jp

Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-mail.os-selnajaya.com
Hello deer-blue-521a4e94a094a855.znlc.jp, pleased to meet you

Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-ETRN

Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-AUTH LOGIN CRAM-MD5 PLAIN

Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-8BITMIME

Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-ENHANCEDSTATUSCODES

Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-STARTTLS

Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250 SIZE 2560

Thu 2017-02-09 07:16:16.373: 02: [665148] <-- STARTTLS

Thu 2017-02-09 07:16:16.374: 03: [665148] --> 220 2.7.0 Ready to start TLS

Thu 2017-02-09 07:16:16.565: 01: [665148] SSL negotiation successful (TLS
1.2, 3072 bit key exchange, 128 bit AES encryption)

Thu 2017-02-09 07:16:16.658: 02: [665148] <-- EHLO
deer-blue-521a4e94a094a855.znlc.jp

Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-mail.os-selnajaya.com
Hello deer-blue-521a4e94a094a855.znlc.jp, pleased to meet you

Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-ETRN

Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-AUTH LOGIN CRAM-MD5 PLAIN

Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-8BITMIME

Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-ENHANCEDSTATUSCODES

Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250 SIZE 2560

Thu 2017-02-09 07:16:16.749: 02: [665148] <-- MAIL
FROM: SIZE=369460

Thu 2017-02-09 07:16:16.751: 05: [665148] Performing PTR lookup
(120.226.229.210.IN-ADDR.ARPA)

Thu 2017-02-09 07:16:16.767: 05: [665148] *  D=120.226.229.210.IN-ADDR.ARPA
TTL=(9) PTR=[deer-blue-521a4e94a094a855.znlc.jp]

Thu 2017-02-09 07:16:16.767: 05: [665148] *  Gathering A records...

Thu 2017-02-09 07:16:16.784: 05: [665148] *
D=deer-blue-521a4e94a094a855.znlc.jp TTL=(43) A=[210.229.226.120]

Thu 2017-02-09 07:16:16.784: 05: [665148]  End PTR results

Thu 2017-02-09 07:16:16.785: 09: [665148] Performing SPF lookup (zebra.lt /
210.229.226.120)

Thu 2017-02-09 07:16:16.804: 09: [665148] *  Policy: v=spf1
include:_mail1.zebra.lt include:_mail2.zebra.lt ~all

Thu 2017-02-09 07:16:16.804: 09: [665148] *  Evaluating
include:_mail1.zebra.lt: performing lookup

Thu 2017-02-09 07:16:17.140: 09: [665148] *Policy: v=spf1
ip4:212.59.0.7/32 ip4:212.59.31.119/32 ip4:212.59.31.87/32
ip4:212.59.31.115/32 ip4:195.12.167.68/32 ip4:195.12.167.69/32
ip4:195.12.167.70/32 ip4:212.59.31.76/32 ip4:212.59.31.84/32
ip4:212.59.31.85/32 ip4:212.59.31.91/32 ip4:

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.0.7/32:
no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:212.59.31.119/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:212.59.31.87/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:212.59.31.115/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:195.12.167.68/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:195.12.167.69/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:195.12.167.70/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:212.59.31.76/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:212.59.31.84/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:212.59.31.85/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:212.59.31.91/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating
ip4:212.59.31.94/32: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ~all: match

Thu 2017-02-09 07:16:17.140: 09: [665148] *  Evaluating
include:_mail1.zebra.lt: no match

Thu 2017-02-09 07:16:17.140: 09: [665148] *  Evaluating
include:_mail2.zebra.lt: performing lookup

Thu 2017-02-09 07:16:17.158: 09: [665148] *Policy: v=spf1
ip4:212.59.0.7/32 ip4:82.135.235.4/32 ip4:82.135.235.5/32
ip4:82.135.235.6/32 ip4:82.135.235.7/32 ?all

Thu 2017-02-09 07:16:17.158: 09: [665148] *Evaluating ip4:212.59.0.7/32:
no match

Thu 2017-02-09 07:16:17.158: 09: [665148] *Evaluating
ip4:82.135.235.4/32: no match

Thu 2017-02-09 07:16:17.158: 09: [665148] *