Selamat Pagi Pak Syafril, Pagi ini ada user kami yang melaporkan tidak menerima email dari domain citi.com. Berikut log di smtp-in nya :
Mon 2012-12-10 20:41:36: [471362:2] Session 471362; child 2 Mon 2012-12-10 20:41:36: [471362:2] Accepting SMTP connection from [67.231.153.94:48547] to [10.126.64.77:25] Mon 2012-12-10 20:41:36: [471362:2] --> 220 mail.citarasa-indonesia.com ESMTP MDaemon 12.5.4; Mon, 10 Dec 2012 20:41:36 +0700 Mon 2012-12-10 20:41:37: [471362:2] <-- EHLO mx0b-00123c01.pphosted.com Mon 2012-12-10 20:41:37: [471362:2] --> 250-mail.citarasa-indonesia.com Hello mx0b-00123c01.pphosted.com, pleased to meet you Mon 2012-12-10 20:41:37: [471362:2] --> 250-ETRN Mon 2012-12-10 20:41:37: [471362:2] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Mon 2012-12-10 20:41:37: [471362:2] --> 250-8BITMIME Mon 2012-12-10 20:41:37: [471362:2] --> 250 SIZE Mon 2012-12-10 20:41:37: [471362:2] <-- MAIL From:<[email protected]> SIZE=374235 Mon 2012-12-10 20:41:37: [471362:2] Performing PTR lookup (94.153.231.67.IN-ADDR.ARPA) Mon 2012-12-10 20:41:37: [471362:2] * D=94.153.231.67.in-addr.arpa TTL=(9) PTR=[mx0b-00123c01.pphosted.com] Mon 2012-12-10 20:41:37: [471362:2] * Gathering A records... Mon 2012-12-10 20:41:37: [471362:2] * D=mx0b-00123c01.pphosted.com TTL=(30) A=[67.231.153.94] Mon 2012-12-10 20:41:37: [471362:2] ---- End PTR results Mon 2012-12-10 20:41:37: [471362:2] Performing IP lookup (mx0b-00123c01.pphosted.com) Mon 2012-12-10 20:41:37: [471362:2] * D=mx0b-00123c01.pphosted.com TTL=(30) A=[67.231.153.94] Mon 2012-12-10 20:41:37: [471362:2] ---- End IP lookup results Mon 2012-12-10 20:41:37: [471362:2] Performing IP lookup (citi.com) Mon 2012-12-10 20:41:37: [471362:2] * D=citi.com TTL=(59) A=[192.193.103.222] Mon 2012-12-10 20:41:37: [471362:2] * D=citi.com TTL=(59) A=[192.193.219.58] Mon 2012-12-10 20:41:38: [471362:2] * P=010 S=000 D=citi.com TTL=(29) MX=[mxa-00123c01.gslb.pphosted.com] {67.231.145.106} Mon 2012-12-10 20:41:38: [471362:2] * P=010 S=001 D=citi.com TTL=(29) MX=[mxb-00123c01.gslb.pphosted.com] {67.231.153.94} Mon 2012-12-10 20:41:38: [471362:2] ---- End IP lookup results Mon 2012-12-10 20:41:38: [471362:2] Performing SPF lookup (citi.com / 67.231.153.94) Mon 2012-12-10 20:41:38: [471362:2] * Policy: v=spf1 a:1._spf.citigroup.com a:2._spf.citigroup.com include:spf-00123c01.pphosted.com include:hagaki.dejibin.com include:_spf.lwo.locaweb.com.br redirect=ext1._spf.citigroup.com Mon 2012-12-10 20:41:39: [471362:2] * Evaluating a:1._spf.citigroup.com: no match Mon 2012-12-10 20:41:39: [471362:2] * Evaluating a:2._spf.citigroup.com: no match Mon 2012-12-10 20:41:39: [471362:2] * Evaluating include:spf-00123c01.pphosted.com: performing lookup Mon 2012-12-10 20:41:39: [471362:2] * Policy: v=spf1 ip4:67.231.153.0/24 ip4:67.231.145.0/24 Mon 2012-12-10 20:41:39: [471362:2] * Evaluating ip4:67.231.153.0/24: match Mon 2012-12-10 20:41:39: [471362:2] * Evaluating include:spf-00123c01.pphosted.com: match Mon 2012-12-10 20:41:39: [471362:2] * Result: pass Mon 2012-12-10 20:41:39: [471362:2] ---- End SPF results Mon 2012-12-10 20:41:39: [471362:2] --> 250 <[email protected]>, Sender ok Mon 2012-12-10 20:41:39: [471362:2] <-- RCPT To:<[email protected]> Mon 2012-12-10 20:41:39: [471362:2] --> 250 <[email protected]>, Recipient ok Mon 2012-12-10 20:41:40: [471362:2] <-- DATA Mon 2012-12-10 20:41:40: [471362:2] Creating temp file (SMTP): f:\mdaemon\queues\temp\md50000215517.tmp Mon 2012-12-10 20:41:40: [471362:2] --> 354 Enter mail, end with <CRLF>.<CRLF> Mon 2012-12-10 20:41:45: [471362:2] Message size: 379188 bytes Mon 2012-12-10 20:41:45: [471362:2] Performing DKIM lookup Mon 2012-12-10 20:41:45: [471362:2] * File: f:\mdaemon\queues\temp\md50000215517.tmp Mon 2012-12-10 20:41:45: [471362:2] * Message-ID: [email protected] Mon 2012-12-10 20:41:45: [471362:2] * Result: neutral Mon 2012-12-10 20:41:45: [471362:2] ---- End DKIM results Mon 2012-12-10 20:41:45: [471362:2] Performing DomainKeys lookup (Sender: [email protected]) Mon 2012-12-10 20:41:45: [471362:2] * File: f:\mdaemon\queues\temp\md50000215517.tmp Mon 2012-12-10 20:41:45: [471362:2] * Message-ID: [email protected] Mon 2012-12-10 20:41:45: [471362:2] * Querying for policy: citi.com Mon 2012-12-10 20:41:45: [471362:2] * Querying: _domainkey.citi.com ... Mon 2012-12-10 20:41:45: [471362:2] * DNS: * Name server has no valid records of the requested type for that domain Mon 2012-12-10 20:41:45: [471362:2] * Result: neutral Mon 2012-12-10 20:41:45: [471362:2] ---- End DomainKeys results Mon 2012-12-10 20:41:45: [471362:2] Passing message through AntiVirus (Size: 379188)... Mon 2012-12-10 20:41:45: [471362:2] * Message could not be scanned Mon 2012-12-10 20:41:45: [471362:2] ---- End AntiVirus results Mon 2012-12-10 20:41:46: [471362:2] Passing message through Outbreak Protection... Mon 2012-12-10 20:41:46: [471362:2] * Message-ID: [email protected] Mon 2012-12-10 20:41:46: [471362:2] * Reference-ID: str=0001.0A150202.50C5E35F.023F:SCGSTAT906483,ss=1,vtr=str,vl=0,fgs=0 Mon 2012-12-10 20:41:46: [471362:2] * Virus result: 0 - Clean Mon 2012-12-10 20:41:46: [471362:2] * Spam result: 1 - Clean Mon 2012-12-10 20:41:46: [471362:2] * IWF result: 0 - Clean Mon 2012-12-10 20:41:46: [471362:2] ---- End Outbreak Protection results Mon 2012-12-10 20:41:46: [471362:2] Spam filter scan skipped; message size (379188) exceeds spam filter configured max size of (102400) Mon 2012-12-10 20:41:46: [471362:2] Message creation successful: f:\mdaemon\queues\inbound\md50000266079.msg Mon 2012-12-10 20:41:46: [471362:2] --> 250 Ok, message saved <Message-ID: [email protected]> Mon 2012-12-10 20:41:46: [471362:2] <-- QUIT Mon 2012-12-10 20:41:46: [471362:2] --> 221 See ya in cyberspace Mon 2012-12-10 20:41:46: [471362:2] SMTP session successful (Bytes in/out: 379331/504) Namun di sisi user kami hanya menerima email notifikasi dari postmaster sebagai berikut : -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, December 10, 2012 10:28 PM To: [email protected] Subject: MDaemon Warning - Virus Found ------------------------------------------------------------------------ SecurityPlus for MDaemon has detected virus infected message attachments ------------------------------------------------------------------------ >From : [email protected] To : [email protected] Subject : Citibank Electronic Statement - Citibank Cash Back Card (Visa) Date : Mon, 10 Dec 2012 09:14:07 -0600 (CST) Message-ID: <[email protected]> ---------------------------------------------------------------------------- -- Attachment Virus name Action taken ---------------------------------------------------------------------------- -- eStatement_12092012.pdf NOT_SCANNED Message Quarantined Saya sudah coba cek di folder Quarantine queue via mdaemon consoloe tapi tidak ada email yang dimaksud tersebut. Mohon pencerahannya. Reg, Danel K -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: <http://www.netmeister.org/news/learn2quote> Arsip: <http://mdaemon-l.dutaint.com> Dokumentasi : <http://mdaemon.dutaint.co.id> Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 13.0.3, SP 4.1.5, BES 2.0.1, OC 2.3.0, SG 2.0.8, PP 2.0.0
