Pak Syafril, Saya butuh bantuan ke bapak karena sudah mentok untuk trace masalah di mail server saya. Server saya sejak minggu kemarin mengirim spam banyak sekali ke alamat email tak di kenal. akibat nya mail server saya sempat permanently deferred oleh Yahoo.
saya sudah mencoba trace message pd35000609041.msg /[email protected] pada log mdaemon-all.log dan smtp-in log, routing.log baik pada tanggal 28 maupun 27 maret hasil nya nihil. apakah mungkin file tersebut di inject langsung ke remote retry queue ? Apakah memang ada trojan / exploit yang khusus di buat untuk mdaemon ? Mohon pencerahannya. Sun 2010-03-28 20:00:06: ---------- Sun 2010-03-28 20:00:06: [5562:160] Session 5562; child 160 Sun 2010-03-28 20:00:06: [5562:160] Parsing message <d:\mdaemon\queues\remote\pd35000609041.msg> Sun 2010-03-28 20:00:06: [5562:160] * From: [email protected] Sun 2010-03-28 20:00:06: [5562:160] * To: [email protected] Sun 2010-03-28 20:00:06: [5562:160] * Subject: Hey-bro,-U-must-be-kidding.-Is-this-really-your-photo? Sun 2010-03-28 20:00:06: [5562:160] * Message-ID: <000e01ca3632$502a13c0$0724f...@sillysoft> Sun 2010-03-28 20:00:06: [5562:160] Attempting SMTP connection to [yahoo.co.id] Sun 2010-03-28 20:00:06: [5562:160] Resolving MX records for [yahoo.co.id] (DNS Server: 203.160.59.59)... Sun 2010-03-28 20:00:06: [5562:160] * P=010 S=000 D=yahoo.co.id TTL=(18) MX=[mx1.mail.sg1.yahoo.com] Sun 2010-03-28 20:00:06: [5562:160] Attempting SMTP connection to [mx1.mail.sg1.yahoo.com:25] Sun 2010-03-28 20:00:06: [5562:160] * Cache hit on mx1.mail.sg1.yahoo.com; IP = 124.108.116.72 Sun 2010-03-28 20:00:06: [5562:160] Waiting for socket connection... Sun 2010-03-28 20:00:06: [5562:160] * Connection established (203.160.59.60:1966 -> 124.108.116.72:25) Sun 2010-03-28 20:00:06: [5562:160] Waiting for protocol to start... Sun 2010-03-28 20:00:06: [5562:160] <-- 421 4.7.0 [TS01] Messages from 203.160.59.60 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html Sun 2010-03-28 20:00:06: [5562:160] --> QUIT Sun 2010-03-28 20:00:06: [5562:160] Socket connection closed by the other side (how rude!) Sun 2010-03-28 20:00:06: [5562:160] This message is 15 minutes old; it has 45 minutes left in this queue Sun 2010-03-28 20:00:06: [5562:160] SMTP session terminated (Bytes in/out: 149/6) Sun 2010-03-28 20:00:06: ---------- Sun 2010-03-28 20:00:06: [5485:83] Session 5485; child 83 Sun 2010-03-28 20:00:05: [5485:83] Parsing message <d:\mdaemon\queues\remote\pd35000608936.msg> Sun 2010-03-28 20:00:05: [5485:83] * From: [email protected] Sun 2010-03-28 20:00:05: [5485:83] * To: [email protected] Sun 2010-03-28 20:00:05: [5485:83] * Subject: I^see^your^photos^everyday^and^feel^I^am^in^love^with^you.^Let’s^meet^please Sun 2010-03-28 20:00:05: [5485:83] * Message-ID: <001001caceae$d23a54f0$0669f...@illusion6800fd> Sun 2010-03-28 20:00:05: [5485:83] Attempting SMTP connection to [yahoo.com] Sun 2010-03-28 20:00:05: [5485:83] Resolving MX records for [yahoo.com] (DNS Server: 203.160.59.59)... Sun 2010-03-28 20:00:05: [5485:83] * P=001 S=000 D=yahoo.com TTL=(19) MX=[d.mx.mail.yahoo.com] {209.191.88.254} Sun 2010-03-28 20:00:05: [5485:83] * P=001 S=001 D=yahoo.com TTL=(19) MX=[e.mx.mail.yahoo.com] {67.195.168.230} Sun 2010-03-28 20:00:05: [5485:83] * P=001 S=002 D=yahoo.com TTL=(19) MX=[f.mx.mail.yahoo.com] {98.137.54.237} Sun 2010-03-28 20:00:05: [5485:83] * P=001 S=003 D=yahoo.com TTL=(19) MX=[g.mx.mail.yahoo.com] {98.137.54.238} Sun 2010-03-28 20:00:05: [5485:83] * P=001 S=004 D=yahoo.com TTL=(19) MX=[h.mx.mail.yahoo.com] {66.94.236.34} Sun 2010-03-28 20:00:05: [5485:83] * P=001 S=005 D=yahoo.com TTL=(19) MX=[a.mx.mail.yahoo.com] {67.195.168.31} Sun 2010-03-28 20:00:05: [5485:83] * P=001 S=006 D=yahoo.com TTL=(19) MX=[b.mx.mail.yahoo.com] {74.6.136.65} Sun 2010-03-28 20:00:05: [5485:83] * P=001 S=007 D=yahoo.com TTL=(19) MX=[c.mx.mail.yahoo.com] {206.190.54.127} Sun 2010-03-28 20:00:05: [5485:83] Attempting SMTP connection to [209.191.88.254:25] Sun 2010-03-28 20:00:05: [5485:83] * 209.191.88.254 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:00:05: [5485:83] Attempting SMTP connection to [67.195.168.230:25] Sun 2010-03-28 20:00:05: [5485:83] * 67.195.168.230 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:00:05: [5485:83] Attempting SMTP connection to [98.137.54.237:25] Sun 2010-03-28 20:00:05: [5485:83] * 98.137.54.237 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:00:05: [5485:83] Attempting SMTP connection to [98.137.54.238:25] Sun 2010-03-28 20:00:05: [5485:83] * 98.137.54.238 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:00:05: [5485:83] Attempting SMTP connection to [66.94.236.34:25] Sun 2010-03-28 20:00:05: [5485:83] * 66.94.236.34 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:00:05: [5485:83] Attempting SMTP connection to [67.195.168.31:25] Sun 2010-03-28 20:00:05: [5485:83] Waiting for socket connection... Sun 2010-03-28 20:00:05: [5485:83] * Connection established (203.160.59.60:1927 -> 67.195.168.31:25) Sun 2010-03-28 20:00:05: [5485:83] Waiting for protocol to start... Sun 2010-03-28 20:00:06: [5485:83] <-- 421 4.7.0 [TS01] Messages from 203.160.59.60 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html Sun 2010-03-28 20:00:06: [5485:83] --> QUIT Sun 2010-03-28 20:00:06: [5485:83] Attempting SMTP connection to [74.6.136.65:25] Sun 2010-03-28 20:00:06: [5485:83] * 74.6.136.65 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:00:06: [5485:83] Attempting SMTP connection to [206.190.54.127:25] Sun 2010-03-28 20:00:06: [5485:83] * 206.190.54.127 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:00:06: [5485:83] This message is 17 minutes old; it has 43 minutes left in this queue Sun 2010-03-28 20:00:06: [5485:83] SMTP session terminated (Bytes in/out: 149/6) Sun 2010-03-28 20:04:19: [6560:164] Session 6560; child 164 Sun 2010-03-28 20:04:17: [6560:164] Parsing message <d:\mdaemon\queues\remote\pd35000609523.msg> Sun 2010-03-28 20:04:17: [6560:164] * From: [email protected] Sun 2010-03-28 20:04:17: [6560:164] * To: [email protected] Sun 2010-03-28 20:04:17: [6560:164] * Subject: I>saw>50>photos>before>I>saw>yours>and>decided>to>make>a>contact>with>you.>Wanna>meet? Sun 2010-03-28 20:04:17: [6560:164] * Message-ID: <001401cace8e$83b31530$079bf...@denisaf58096b5> Sun 2010-03-28 20:04:17: [6560:164] Attempting SMTP connection to [yahoo.com] Sun 2010-03-28 20:04:17: [6560:164] Resolving MX records for [yahoo.com] (DNS Server: 203.160.59.59)... Sun 2010-03-28 20:04:17: [6560:164] * P=001 S=000 D=yahoo.com TTL=(15) MX=[d.mx.mail.yahoo.com] {209.191.88.254} Sun 2010-03-28 20:04:17: [6560:164] * P=001 S=001 D=yahoo.com TTL=(15) MX=[e.mx.mail.yahoo.com] {67.195.168.230} Sun 2010-03-28 20:04:17: [6560:164] * P=001 S=002 D=yahoo.com TTL=(15) MX=[f.mx.mail.yahoo.com] {98.137.54.237} Sun 2010-03-28 20:04:17: [6560:164] * P=001 S=003 D=yahoo.com TTL=(15) MX=[g.mx.mail.yahoo.com] {98.137.54.238} Sun 2010-03-28 20:04:17: [6560:164] * P=001 S=004 D=yahoo.com TTL=(15) MX=[h.mx.mail.yahoo.com] {66.94.236.34} Sun 2010-03-28 20:04:17: [6560:164] * P=001 S=005 D=yahoo.com TTL=(15) MX=[a.mx.mail.yahoo.com] Sun 2010-03-28 20:04:17: [6560:164] * P=001 S=006 D=yahoo.com TTL=(15) MX=[b.mx.mail.yahoo.com] {74.6.136.65} Sun 2010-03-28 20:04:17: [6560:164] * P=001 S=007 D=yahoo.com TTL=(15) MX=[c.mx.mail.yahoo.com] {206.190.54.127} Sun 2010-03-28 20:04:17: [6560:164] Attempting SMTP connection to [209.191.88.254:25] Sun 2010-03-28 20:04:17: [6560:164] Waiting for socket connection... Sun 2010-03-28 20:04:18: [6560:164] * Connection established (203.160.59.60:3758 -> 209.191.88.254:25) Sun 2010-03-28 20:04:18: [6560:164] Waiting for protocol to start... Sun 2010-03-28 20:04:18: [6560:164] <-- 421 4.7.0 [TS01] Messages from 203.160.59.60 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html Sun 2010-03-28 20:04:18: [6560:164] --> QUIT Sun 2010-03-28 20:04:18: [6560:164] Attempting SMTP connection to [67.195.168.230:25] Sun 2010-03-28 20:04:18: [6560:164] * 67.195.168.230 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:04:18: [6560:164] Attempting SMTP connection to [98.137.54.237:25] Sun 2010-03-28 20:04:18: [6560:164] * 98.137.54.237 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:04:18: [6560:164] Attempting SMTP connection to [98.137.54.238:25] Sun 2010-03-28 20:04:18: [6560:164] * 98.137.54.238 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:04:18: [6560:164] Attempting SMTP connection to [66.94.236.34:25] Sun 2010-03-28 20:04:18: [6560:164] Waiting for socket connection... Sun 2010-03-28 20:04:18: [6560:164] * Connection established (203.160.59.60:3859 -> 66.94.236.34:25) Sun 2010-03-28 20:04:18: [6560:164] Waiting for protocol to start... Sun 2010-03-28 20:04:19: [6560:164] <-- 421 4.7.0 [TS01] Messages from 203.160.59.60 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html Sun 2010-03-28 20:04:19: [6560:164] --> QUIT Sun 2010-03-28 20:04:19: [6560:164] Attempting SMTP connection to [a.mx.mail.yahoo.com:25] Sun 2010-03-28 20:04:19: [6560:164] * Cache hit on a.mx.mail.yahoo.com; IP = 67.195.168.31 Sun 2010-03-28 20:04:19: [6560:164] Waiting for socket connection... Sun 2010-03-28 20:04:19: [6560:164] * Connection established (203.160.59.60:3942 -> 67.195.168.31:25) Sun 2010-03-28 20:04:19: [6560:164] Waiting for protocol to start... Sun 2010-03-28 20:04:19: [6560:164] <-- 421 4.7.0 [TS01] Messages from 203.160.59.60 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html Sun 2010-03-28 20:04:19: [6560:164] --> QUIT Sun 2010-03-28 20:04:19: [6560:164] Attempting SMTP connection to [74.6.136.65:25] Sun 2010-03-28 20:04:19: [6560:164] * 74.6.136.65 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:04:19: [6560:164] Attempting SMTP connection to [206.190.54.127:25] Sun 2010-03-28 20:04:19: [6560:164] * 206.190.54.127 in connection failure cache for up to 5 minutes due to previous connection failure(s) Sun 2010-03-28 20:04:19: [6560:164] This message is 13 minutes old; it has 47 minutes left in this queue Sun 2010-03-28 20:04:19: [6560:164] SMTP session terminated (Bytes in/out: 447/18) -- Best regards, Paulus mailto:[email protected] --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: <http://www.netmeister.org/news/learn2quote> Arsip: <http://mdaemon-l.dutaint.com> Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 11.0.0, SP 4.1.1, OC 2.2.4, SG 2.0.2, PP 1.1
