Dear Bung Syafril,
Saya menggunakan MDaemon v7.1.2 dan MDAV v2.2.4
Pada Sabtu (10-Jul) kemarin, ada yang aneh... Ada user mengirimkan e-mail ke beberapa orang, tapi mereka tidak terima.. Saya check di SMTP-In masuk, di AV masuk, tapi di SMTP-Out ndak ada
Berikut potongan log:
**** SMTP-In ****
Sat 2004-07-10 17:11:14: Session 9344; child 1; thread 1208
Sat 2004-07-10 17:11:13: Accepting SMTP connection from [192.168.90.42 : 1177]
Sat 2004-07-10 17:11:13: --> 220 pringapus.usg.co.id ESMTP MDaemon 7.1.2; Sat, 10 Jul 2004 17:11:13 +0700
Sat 2004-07-10 17:11:13: <-- HELO w99store02
Sat 2004-07-10 17:11:13: --> 250 pringapus.usg.co.id Hello w99store02, pleased to meet you
Sat 2004-07-10 17:11:13: <-- MAIL FROM: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Sender ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- DATA
Sat 2004-07-10 17:11:13: Creating temp file (SMTP): c:\mdaemon\temp\08\md50000000073.tmp
Sat 2004-07-10 17:11:13: --> 354 Enter mail, end with <CRLF>.<CRLF>
Sat 2004-07-10 17:11:13: Message creation successful: c:\mdaemon\inbound\55\md50000000073.msg
Sat 2004-07-10 17:11:13: --> 250 Ok, message saved <Message-ID: <[EMAIL PROTECTED]>>
Sat 2004-07-10 17:11:13: <-- RSET
Sat 2004-07-10 17:11:13: --> 250 RSET? Well, ok.
Sat 2004-07-10 17:11:13: <-- MAIL FROM: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Sender ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:13: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:13: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:14: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:14: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:14: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:14: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:14: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:14: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:14: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:14: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:14: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:14: <-- RCPT TO: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:14: --> 250 <[EMAIL PROTECTED]>, Recipient ok
Sat 2004-07-10 17:11:14: <-- DATA
Sat 2004-07-10 17:11:14: Creating temp file (SMTP): c:\mdaemon\temp\09\md50000000073.tmp
Sat 2004-07-10 17:11:14: --> 354 Enter mail, end with <CRLF>.<CRLF>
Sat 2004-07-10 17:11:14: Message creation successful: c:\mdaemon\inbound\56\md50000000073.msg
Sat 2004-07-10 17:11:14: --> 250 Ok, message saved <Message-ID: <[EMAIL PROTECTED]>>
Sat 2004-07-10 17:11:14: <-- QUIT
Sat 2004-07-10 17:11:14: --> 221 See ya in cyberspace
Sat 2004-07-10 17:11:14: SMTP session successful (Bytes in/out: 68818/1178)
**** AV ****
Sat 2004-07-10 17:11:19: MDaemon AntiVirus processing c:\mdaemon\remoteq\md10000242077.msg...
Sat 2004-07-10 17:11:19: > Message return-path: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:19: > Message from: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:19: > Message to: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:19: > Message subject: Re: Bulk Fab For Hol'04 Fed-387BY Blue Pink Stripe.xls [1/2]
Sat 2004-07-10 17:11:19: > Message ID: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:19: Start MDaemon AntiVirus results
Sat 2004-07-10 17:11:20: * Total attachments scanned : 1 (including multipart/alternatives and message body)
Sat 2004-07-10 17:11:20: * Total attachments infected : 0
Sat 2004-07-10 17:11:20: * Total attachments disinfected: 0
Sat 2004-07-10 17:11:20: * Total errors while scanning : 0
Sat 2004-07-10 17:11:20: * Total attachments removed : 0
Sat 2004-07-10 17:11:20: End of MDaemon AntiVirus results
Sat 2004-07-10 17:11:20: ----------
Sat 2004-07-10 17:11:20: MDaemon AntiVirus processing c:\mdaemon\remoteq\md10000242078.msg...
Sat 2004-07-10 17:11:20: > Message return-path: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:20: > Message from: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:20: > Message to: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:20: > Message subject: Re: Bulk Fab For Hol'04 Fed-387BY Blue Pink Stripe.xls [2/2]
Sat 2004-07-10 17:11:20: > Message ID: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:20: Start MDaemon AntiVirus results
Sat 2004-07-10 17:11:20: * Total attachments scanned : 1 (including multipart/alternatives and message body)
Sat 2004-07-10 17:11:20: * Total attachments infected : 0
Sat 2004-07-10 17:11:20: * Total attachments disinfected: 0
Sat 2004-07-10 17:11:20: * Total errors while scanning : 0
Sat 2004-07-10 17:11:20: * Total attachments removed : 0
Sat 2004-07-10 17:11:20: End of MDaemon AntiVirus results
Sat 2004-07-10 17:11:20: ----------
Tapi di SMTP-Out saya cari di log koq ndak ada.. Akhirnya saya lakukan FIND "[EMAIL PROTECTED]" *.LOG dan terlihat muncul di CF dan Routing..
Lalu saya check di CF, ternyata:
Sat 2004-07-10 17:11:20: Content Filter processing c:\mdaemon\remoteq\md10000242078.msg...
Sat 2004-07-10 17:11:20: > Message return-path: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:20: > Message from: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:20: > Message to: [EMAIL PROTECTED]
Sat 2004-07-10 17:11:20: > Message subject: Re: Bulk Fab For Hol'04 Fed-387BY Blue Pink Stripe.xls [2/2]
Sat 2004-07-10 17:11:20: > Message ID: <[EMAIL PROTECTED]>
Sat 2004-07-10 17:11:20: Start Content Filter results
Sat 2004-07-10 17:11:20: * Message matched rule: Message/Partial vulnerability [Move to bad message queue]
Sat 2004-07-10 17:11:20: * Matched 1 of 2 active rules
Sat 2004-07-10 17:11:20: End of Content Filter results
Saya check di CF Config, ternyata memang ada CF untuk Message/Partial dan sayangnya dipindah ke BadQueue dan user tidak dikirimin notification.. Padahal saya lihat configuration MD yang lama (sebelum upgrade ke v7.1.2 dari v3.x) ndak ada CF seperti itu.. Herannya, MD kami yang lain (barusan upgrade ke v7.1.2 juga, tapi dari v6.8.x) CF semacam itu ndak ada..
Pertanyaan saya:
* Apakah instalasi MD (walaupun memang melompat jauh) sah untuk melakukan perubahan CF seperti ini ??
* Apakah maksudnya Message/Partial vulnerability ??
* Kenapa CF yang dibuat MD tidak inform ke user bahwa message dipindah ke BadQueue, sehingga user komplain karena e-mail tidak diterima, padahal tidak ada warning message apapun dari server
* Saat ini terpaksa CF saya non-aktifkan (ada 2 dari instalasi MD v7.1.2 yaitu Message/Partial dan IFRAME), apa risiko-nya ??
Thanks, Hian
-- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dalam format HTML!
Arsip : <http://mdaemon-l.dutaint.com>
Moderator : <mailto:[EMAIL PROTECTED]>
Henti Langgan : <mailto:[EMAIL PROTECTED]>
Berlangganan : <mailto:[EMAIL PROTECTED]>
Versi Terakhir : MD 7.1.2, LD 2.1.0, WA 2.0.8, MDAV 2.2.4, MDGW 1.0.6
