>Perlihatkan log transaksinya di smtp-in log yang memperlihatkan bahwa > >akun itu digunakan untuk kirim banyak spam mail ke internet dan pakai > >koneksi internux bolt atau telkomsel jakarta. >
Tue 2015-08-04 10:11:34.691: [285936] Session 285936; child 0007 Tue 2015-08-04 10:11:34.691: [285936] Accepting SMTP connection from 185.30.177.92:38288 to 202.146.0.67:587 Tue 2015-08-04 10:11:34.693: [285936] --> 220 mail.kompas.tv ESMTP MSA MDaemon 15.0.1; Tue, 04 Aug 2015 10:11:34 +0700 Tue 2015-08-04 10:11:36.020: [285936] <-- EHLO f30.my.com Tue 2015-08-04 10:11:36.020: [285936] --> 250-mail.kompas.tv Hello f30.my.com, pleased to meet you Tue 2015-08-04 10:11:36.020: [285936] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Tue 2015-08-04 10:11:36.020: [285936] --> 250-8BITMIME Tue 2015-08-04 10:11:36.020: [285936] --> 250-ENHANCEDSTATUSCODES Tue 2015-08-04 10:11:36.020: [285936] --> 250 SIZE 71680000 Tue 2015-08-04 10:11:36.438: [285936] <-- AUTH PLAIN ****** Tue 2015-08-04 10:11:36.439: [285936] --> 235 2.7.0 Authentication successful Tue 2015-08-04 10:11:36.439: [285936] Authenticated as [email protected] Tue 2015-08-04 10:11:36.768: [285936] <-- MAIL FROM:<[email protected]> SIZE=4853 Tue 2015-08-04 10:11:36.768: [285936] --> 250 2.1.0 Sender OK Tue 2015-08-04 10:11:37.097: [285936] <-- RCPT TO:<[email protected]> Tue 2015-08-04 10:11:37.098: [285936] --> 250 2.1.5 Recipient OK Tue 2015-08-04 10:11:37.427: [285936] <-- RCPT TO:<[email protected] > Tue 2015-08-04 10:11:37.428: [285936] --> 250 2.1.5 Recipient OK Tue 2015-08-04 10:11:37.756: [285936] <-- DATA Tue 2015-08-04 10:11:37.757: [285936] Creating temp file (SMTP): c:\mdaemon\queues\temp\md50002336190.tmp Tue 2015-08-04 10:11:37.757: [285936] --> 354 Enter mail, end with <CRLF>.<CRLF> Tue 2015-08-04 10:11:38.087: [285936] Message size: 3573 bytes Tue 2015-08-04 10:11:38.089: [285936] Passing message through AntiVirus (Size: 3573)... Tue 2015-08-04 10:11:38.116: [285936] * Message is clean (no viruses found) Tue 2015-08-04 10:11:38.116: [285936] ---- End AntiVirus results Tue 2015-08-04 10:11:38.493: [285936] Message creation successful: c:\mdaemon\queues\inbound\md50000215744.msg Tue 2015-08-04 10:11:38.493: [285936] --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> Tue 2015-08-04 10:11:38.726: [285936] <-- QUIT Tue 2015-08-04 10:11:38.726: [285936] --> 221 2.0.0 See ya in cyberspace Tue 2015-08-04 10:11:38.726: [285936] SMTP session successful (Bytes in/out: 3778/480) Kami dapat log smtp-in diatas yang memperlihatkan bahwa IP 185.30.177.92 pada port 38288 yang melakukan hijack. -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 15.0.3, SP 4.5.1, BES 2.0.2, OC 3.5, SG 3.0.2
