Selamat siang Pak Syafril,
Hari ini saya menemukan ada satu account email yang telah dibajak dan disalah-gunakan untuk mengirim email tak dikenal oleh Spammer dan saya ingin melakukan perubahan konfigurasi Outlook pada PC Client. Saya mengupayakan untuk tidak melakukan perubahan konfigurasi pada Mdaemon, karena dampaknya akan besar dan salah satu cara yang saya ketahui adalah dengan mengaktifkan "smtp authentication". Namun saya belum ingin melakukan hal ini terlebih dahulu Adapun yang akan saya lakukan terhadap Microsoft Outlook pada PC Client adalah sebagai berikut : 1. Melakukan perubahan password email pada Mdaemon dan Outlook pada PC Client 2. Melakukan perubahan port smtp dari 25 menjadi 587 pada Outlook 3. Memastikan bahwa terdapat cek list pada [] My Outgoing Server ( SMTP ) requires authentication -> use same settings as my incoming mail server Yang ingin saya tanyakan adalah : 1. Setelah melakukan hal diatas, apakah perlu melakukan scan dengan antivirus untuk menemukan spam tersebut ? 2. Apakah spam memiliki file secara fisik seperti virus / Trojan yang menginfeksi computer Client ? Berikut adalah salah satu log Fri 2014-01-31 07:07:39: [236121] Session 236121; child 0011 Fri 2014-01-31 07:07:39: [236121] Parsing message <d:\mdaemon\queues\remote\pd35000004092.msg> Fri 2014-01-31 07:07:39: [236121] * From: [email protected] Fri 2014-01-31 07:07:39: [236121] * To: [email protected] Fri 2014-01-31 07:07:39: [236121] * Subject: APPLY FOR YOUR LOAN Fri 2014-01-31 07:07:39: [236121] * Size (bytes): 1765 Fri 2014-01-31 07:07:39: [236121] * Message-ID: Fri 2014-01-31 07:07:39: [236121] * Route slip host: mweb.co.za Fri 2014-01-31 07:07:39: [236121] * Route slip port: 25 Fri 2014-01-31 07:07:39: [236121] Attempting SMTP connection to [mweb.co.za] Fri 2014-01-31 07:07:39: [236121] Resolving MX records for [mweb.co.za] (DNS Server: 8.8.8.8)... Fri 2014-01-31 07:07:39: [236121] * P=010 S=001 D=mweb.co.za TTL=(35) MX=[mx-mweb.smp.mweb.co.za] Fri 2014-01-31 07:07:39: [236121] * P=020 S=000 D=mweb.co.za TTL=(35) MX=[cpt-mx.mweb.co.za] Fri 2014-01-31 07:07:39: [236121] Attempting SMTP connection to [mx-mweb.smp.mweb.co.za:25] Fri 2014-01-31 07:07:39: [236121] Resolving A record for [mx-mweb.smp.mweb.co.za] (DNS Server: 8.8.8.8)... Fri 2014-01-31 07:07:39: [236121] * D=mx-mweb.smp.mweb.co.za TTL=(43) A=[196.28.76.20] Fri 2014-01-31 07:07:39: [236121] Attempting SMTP connection to [196.28.76.20:25] Fri 2014-01-31 07:07:39: [236121] Waiting for socket connection... Fri 2014-01-31 07:07:39: [236121] * Connection established (202.159.14.34:62835 -> 196.28.76.20:25) Fri 2014-01-31 07:07:39: [236121] Waiting for protocol to start... Fri 2014-01-31 07:07:41: [236121] <-- 220 postwall15.smp.mweb.co.za ESMTP Exim 4.80 Fri, 31 Jan 2014 02:07:43 +0200 Fri 2014-01-31 07:07:41: [236121] --> EHLO mail.victoriabank.co.id Fri 2014-01-31 07:07:42: [236121] <-- 250-postwall15.smp.mweb.co.za Hello mail.victoriabank.co.id [202.159.14.34] Fri 2014-01-31 07:07:42: [236121] <-- 250-SIZE 35651584 Fri 2014-01-31 07:07:42: [236121] <-- 250-8BITMIME Fri 2014-01-31 07:07:42: [236121] <-- 250-PIPELINING Fri 2014-01-31 07:07:42: [236121] <-- 250 HELP Fri 2014-01-31 07:07:42: [236121] --> MAIL From:<[email protected]> SIZE=1765 Fri 2014-01-31 07:07:43: [236121] <-- 250 OK Fri 2014-01-31 07:07:43: [236121] --> RCPT To:<[email protected]> Fri 2014-01-31 07:07:44: [236121] <-- 550 Unknown user Fri 2014-01-31 07:07:44: [236121] --> RCPT To:<[email protected]> Fri 2014-01-31 07:07:46: [236121] <-- 550 Unknown user Fri 2014-01-31 07:07:46: [236121] --> QUIT Fri 2014-01-31 07:07:46: [236121] Attempting SMTP connection to [cpt-mx.mweb.co.za:25] Fri 2014-01-31 07:07:46: [236121] Resolving A record for [cpt-mx.mweb.co.za] (DNS Server: 8.8.8.8)... Fri 2014-01-31 07:07:46: [236121] * D=cpt-mx.mweb.co.za TTL=(36) A=[196.28.149.150] Fri 2014-01-31 07:07:46: [236121] Attempting SMTP connection to [196.28.149.150:25] Fri 2014-01-31 07:07:46: [236121] Waiting for socket connection... Fri 2014-01-31 07:07:47: [236121] * Connection established (202.159.14.34:62857 -> 196.28.149.150:25) Fri 2014-01-31 07:07:47: [236121] Waiting for protocol to start... Fri 2014-01-31 07:07:48: [236121] <-- 220 cpt-mx-11.mweb.co.za ESMTP Exim 4.80.1 Fri, 31 Jan 2014 02:07:50 +0200 Fri 2014-01-31 07:07:48: [236121] --> EHLO mail.victoriabank.co.id Fri 2014-01-31 07:07:48: [236121] <-- 250-cpt-mx-11.mweb.co.za Hello mail.victoriabank.co.id [202.159.14.34] Fri 2014-01-31 07:07:48: [236121] <-- 250-SIZE 35651584 Fri 2014-01-31 07:07:48: [236121] <-- 250-8BITMIME Fri 2014-01-31 07:07:48: [236121] <-- 250-PIPELINING Fri 2014-01-31 07:07:48: [236121] <-- 250 HELP Fri 2014-01-31 07:07:48: [236121] --> MAIL From:<[email protected]> SIZE=1765 Fri 2014-01-31 07:07:49: [236121] <-- 250 OK Fri 2014-01-31 07:07:49: [236121] --> RCPT To:<[email protected]> Fri 2014-01-31 07:07:51: [236121] <-- 550 Unknown user Fri 2014-01-31 07:07:51: [236121] --> RCPT To:<[email protected]> Fri 2014-01-31 07:07:54: [236121] <-- 550 Unknown user Fri 2014-01-31 07:07:54: [236121] --> QUIT Fri 2014-01-31 07:07:54: [236121] Attempting to send message to smart host Fri 2014-01-31 07:07:54: [236121] Attempting SMTP connection to [smtp.indo.net.id:25] Fri 2014-01-31 07:07:54: [236121] Resolving A record for [smtp.indo.net.id] (DNS Server: 8.8.8.8)... Fri 2014-01-31 07:07:54: [236121] * D=smtp.indo.net.id TTL=(66) A=[202.159.32.81] Fri 2014-01-31 07:07:54: [236121] * D=smtp.indo.net.id TTL=(66) A=[117.54.9.245] Fri 2014-01-31 07:07:54: [236121] Randomly picked 117.54.9.245 from list of A records Fri 2014-01-31 07:07:54: [236121] Attempting SMTP connection to [117.54.9.245:25] Fri 2014-01-31 07:07:54: [236121] Waiting for socket connection... Fri 2014-01-31 07:07:54: [236121] * Connection established (202.159.14.34:62872 -> 117.54.9.245:25) Fri 2014-01-31 07:07:54: [236121] Waiting for protocol to start... Fri 2014-01-31 07:07:54: [236121] <-- 220 smtp.indo.net.id ESMTP, No Mass-Mailing Advertising Allowed. Pengiriman Iklan Massal email tidak diperbolehkan !!! Fri 2014-01-31 07:07:54: [236121] --> EHLO mail.victoriabank.co.id Fri 2014-01-31 07:07:54: [236121] <-- 250-smtp-global.indo.net.id Fri 2014-01-31 07:07:54: [236121] <-- 250-PIPELINING Fri 2014-01-31 07:07:54: [236121] <-- 250-SIZE 90000000 Fri 2014-01-31 07:07:54: [236121] <-- 250-VRFY Fri 2014-01-31 07:07:54: [236121] <-- 250-ETRN Fri 2014-01-31 07:07:54: [236121] <-- 250-STARTTLS Fri 2014-01-31 07:07:54: [236121] <-- 250-AUTH PLAIN LOGIN Fri 2014-01-31 07:07:54: [236121] <-- 250-ENHANCEDSTATUSCODES Fri 2014-01-31 07:07:54: [236121] <-- 250-8BITMIME Fri 2014-01-31 07:07:54: [236121] <-- 250 DSN Fri 2014-01-31 07:07:54: [236121] --> STARTTLS Fri 2014-01-31 07:07:54: [236121] <-- 220 2.0.0 Ready to start TLS Fri 2014-01-31 07:07:54: [236121] SSL negotiation successful (TLS 1.0, 2048 bit key exchange, 128 bit AES encryption) Fri 2014-01-31 07:07:54: [236121] --> EHLO mail.victoriabank.co.id Fri 2014-01-31 07:07:54: [236121] <-- 250-smtp-global.indo.net.id Fri 2014-01-31 07:07:54: [236121] <-- 250-PIPELINING Fri 2014-01-31 07:07:54: [236121] <-- 250-SIZE 90000000 Fri 2014-01-31 07:07:54: [236121] <-- 250-VRFY Fri 2014-01-31 07:07:54: [236121] <-- 250-ETRN Fri 2014-01-31 07:07:54: [236121] <-- 250-AUTH PLAIN LOGIN Fri 2014-01-31 07:07:54: [236121] <-- 250-ENHANCEDSTATUSCODES Fri 2014-01-31 07:07:54: [236121] <-- 250-8BITMIME Fri 2014-01-31 07:07:54: [236121] <-- 250 DSN Fri 2014-01-31 07:07:54: [236121] --> MAIL From:<[email protected]> SIZE=1765 Fri 2014-01-31 07:07:54: [236121] <-- 250 2.1.0 Ok Fri 2014-01-31 07:07:54: [236121] --> RCPT To:<[email protected]> Fri 2014-01-31 07:07:54: [236121] <-- 250 2.1.5 Ok Fri 2014-01-31 07:07:54: [236121] --> RCPT To:<[email protected]> Fri 2014-01-31 07:07:54: [236121] <-- 250 2.1.5 Ok Fri 2014-01-31 07:07:54: [236121] --> DATA Fri 2014-01-31 07:07:54: [236121] <-- 354 End data with <CR><LF>.<CR><LF> Fri 2014-01-31 07:07:54: [236121] Sending <d:\mdaemon\queues\remote\pd35000004092.msg> to [117.54.9.245] Fri 2014-01-31 07:07:54: [236121] Transfer Complete Fri 2014-01-31 07:07:54: [236121] <-- 250 2.0.0 Ok: queued as 2C44B2000D5 Fri 2014-01-31 07:07:54: [236121] --> QUIT Fri 2014-01-31 07:07:54: [236121] <-- 221 2.0.0 Bye Fri 2014-01-31 07:07:54: [236121] SMTP session successful (Bytes in/out: 1113/2549) VICEDP <mailto:[email protected]> is now sending mail <mailto:[email protected]> from laptop -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 13.6.2, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 2.1.2, PP 2.0.1
