On 03/13/2013 07:11 PM, sugeng alfiansyah wrote: --- Mohon tidak membajak thread/topik orang lain.
http://linux.sgms-centre.com/misc/netiquette.php#threading When starting a new thread don't just reply to a message sent by someone else and clear the subject line. Not all e-mail and news clients behave like yours and will thread messages correctly based on the "Message-ID:", "In-Reply-To:" and "References:" headers embedded in the messages. Only programs which don't comply with Internet standards sort messages by subject and call that "threading". When you simply change the subject of a message, all of the threading information remains intact and your new "thread" simply continues at the end of the old one. This is called thread hijacking. Selalu gunakan compose new message saat posting topik baru. http://www.umflint.edu/helpdesk/perm/microsoft-office/microsoft-outlook-2007-101-composing-emails-2/ --- > Saya ada problem spam yang makin hari makin banyak, setelah google-google, > cek smtp-in. saya amati di smtpin ada muncul > * zen.spamhaus.org - failed - 127.0.0.11, > Itu maksudnya gimana, ya, Pak? Itu artinya sender host masuk dalam blacklistnya spamhaus.org DNS-BL, mestinya direject jangan di accept. > Wed 2013-03-13 00:16:17: Performing DNS-BL lookup (46.35.254.165 - > connecting IP) > Wed 2013-03-13 00:16:17: * zen.spamhaus.org - failed - 127.0.0.11 > Wed 2013-03-13 00:16:17: ---- End DNS-BL results Kalau menu berikut diaktifkan maka setelah baris transaksi diatas mail mail di reject. http://mdaemon.dutaint.co.id/13.0.1/index.html?dns_bl_options.htm aktifkan menu-2x berikut Options [x] Skip 'Received' headers within messages from white listed sites Skip DNS-BL processing for: [x] authenticated sessions [x] Stop further DNS-BL queries on first DNS-BL match [x] SMTP server should refuse mail from black-listed IPs [x] ...and respond with 'Message' rather than 'user unknown' menu lain di halaman menu tersebut disable. > Kemudian dari smtp-in itu, yg saya bagian > manakah yg monitor khususnya untuk mengidentifikasi spam ini? > Wed 2013-03-13 00:16:15: <-- HELO 46.35.254.165 ^^^^^^^^^^^^^^^^^ Ini salah satu indikasi spammer, non-spammer akan menggunakan identitas yang terdaftar di Internet DNS. http://www.linuxmagic.com/best_practices/resolve_helo_domain.html --- copy sebagian isinya -- Although email servers can by RFC accept connections that have a poorly formatted HELO or server identification string sent during email transmission dialogue (eg MTA to MTA communications) most Best Practises documents insist that all identifiers are correctly used, and in the case of HELO (or EHLO) this applies as well. The principal is that the HELO should identify the sending server in such a way that it can be used to identify servers with problems, such as leaking Spam or incorrectly formatted emails. It requires that the HELO (or EHLO) string that is sent is in the format of a fully qualified domain name (FQDN). Note! This only applies to MTA to MTA traffic. End users who send email to mail servers are usually exempt from this rule as most email clients only use the hostname, which may or not be defined on a PC. --- end of copy --- Kalau yang kirim mail adalah local user, maka dia akan melakukan authentication dulu sebelum sending mail. http://en.wikipedia.org/wiki/SMTP_Authentication --- copy sebagian isinya --- SMTP Authentication, often abbreviated SMTP AUTH, is an extension of the Simple Mail Transfer Protocol whereby an SMTP client may log in, using an authentication mechanism chosen among those supported by the SMTP server. The authentication extension is mandatory for submission servers. --- end of copy --- > Wed 2013-03-13 00:16:16: Performing PTR lookup (165.254.35.46.IN-ADDR.ARPA) > Wed 2013-03-13 00:16:16: * D=165.254.35.46.IN-ADDR.ARPA TTL=(12) > PTR=[165-254-35-46.host.sevstar.net] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Ini indikasi yang lain. Mail server legitimate (tidak digunakan untuk spam ke internet) akan punya PTR (pointer) record yang match dengan FQDN (identity) server. PTR record itu mintanya ke ISP, jadi artinya ybs perlu mendaftar ke ISP bahwa IP itu digunakan untuk kirim mail ke internet, secara implisit menginformasikan bahwa ISP (sebagai pemilik/penanggung jawab IP Class tersebut) turut bertanggung jawab mengenai keberadaan dari mail server tersebut. Dalam dunia nyata, analoginya punya PTR = punya KTP (kartu tanda penduduk, kartu identitas) yang dibuat oleh RT/RW/Kelurahan/Kecamatan setempat kalau tidak punya KTP/PTR bisa disebut dia adalah "penduduk gelap". Kalau punya KTP yang sahih (valid) maka Pak RT/RW/Lurah/Camat akan ikut bertanggung jawab akan keselamatan warganya. Jika nama/identitas di KTP namanya 165-254-35-46.host.sevstar.net maka saat memperkenalkan diri ke server lain harus pakai identitas yang sama, bukan "HELO 46.35.254.165" seperti diatas. Singkatnya, mail dikirim oleh server yang tidak authorized for sending mail sehingga besar kemungkinan mail itu berasal dari spammer --> reject saja. Informasi mengenai authorized for sending mail bisa dibaca lebih rinci disini http://www.mail-archive.com/[email protected]/msg20502.html sementara cara mereject mail dari sender macam itu baca disini http://www.mail-archive.com/[email protected]/msg20477.html Catatan: dalam membaca arsip, baca keseluruhan utas (thread) jangan hanya halaman yang ditunjukkan saja. Tautan (link) ke utas berikutnya/sebelumnya, ada dibagian bawah halaman. -- syafril ------- Syafril Hermansyah Running MDaemon 13.5 Beta A, SP 4.1.5 An idea is an eye given by God for the seeing of God. Some of these eyes we cannot bear to look out of, we blind them as quickly as possible. -- Russell Hoban, "Pilgermann" -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 13.0.4, SP 4.1.5, BES 2.0.1, OC 2.3.1, SG 2.0.8, PP 2.0.0
