Dear Pak Syafril,
Kami menerima email ber virus bagaimana cara memblock email tersebut kalau
dilihat di SMTP in log nya pengirim dari ISP kami
Wed 2015-12-02 15:10:16.479: [776930] Session 776930; child 0001
Wed 2015-12-02 15:10:16.479: [776930] Accepting SMTP connection from
202.171.1.139:57077 to 165.108.159.10:25
Wed 2015-12-02 15:10:16.507: [776930] --> 220-mail.jkt.itochu.co.id ESMTP
MDaemon 15.0.3; Wed, 02 Dec 2015 15:10:16 +0700
Wed 2015-12-02 15:10:16.507: [776930] --> 220 No public service mail PT. Itochu
Indonesia
Wed 2015-12-02 15:10:16.511: [776930] <-- EHLO mx3.ntt.net.id
Wed 2015-12-02 15:10:16.513: [776930] Performing IP lookup (mx3.ntt.net.id)
Wed 2015-12-02 15:10:16.514: [776930] * D=mx3.ntt.net.id TTL=(5)
A=[202.171.1.139]
Wed 2015-12-02 15:10:16.514: [776930] ---- End IP lookup results
Wed 2015-12-02 15:10:16.514: [776930] --> 250-mail.jkt.itochu.co.id Hello
mx3.ntt.net.id, pleased to meet you
Wed 2015-12-02 15:10:16.514: [776930] --> 250-ETRN
Wed 2015-12-02 15:10:16.514: [776930] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Wed 2015-12-02 15:10:16.514: [776930] --> 250-8BITMIME
Wed 2015-12-02 15:10:16.514: [776930] --> 250-ENHANCEDSTATUSCODES
Wed 2015-12-02 15:10:16.514: [776930] --> 250-STARTTLS
Wed 2015-12-02 15:10:16.514: [776930] --> 250 SIZE 20480000
Wed 2015-12-02 15:10:16.518: [776930] <-- MAIL FROM:<kerry_b...@gmail.com>
SIZE=835384 BODY=8BITMIME
Wed 2015-12-02 15:10:16.518: [776930] Performing IP lookup (gmail.com)
Wed 2015-12-02 15:10:16.518: [776930] * D=gmail.com TTL=(3) A=[74.125.68.17]
Wed 2015-12-02 15:10:16.518: [776930] * D=gmail.com TTL=(3) A=[74.125.68.19]
Wed 2015-12-02 15:10:16.518: [776930] * D=gmail.com TTL=(3) A=[74.125.68.83]
Wed 2015-12-02 15:10:16.518: [776930] * D=gmail.com TTL=(3) A=[74.125.68.18]
Wed 2015-12-02 15:10:16.518: [776930] * P=005 S=003 D=gmail.com TTL=(28)
MX=[gmail-smtp-in.l.google.com] {74.125.68.27}
Wed 2015-12-02 15:10:16.518: [776930] * P=010 S=002 D=gmail.com TTL=(28)
MX=[alt1.gmail-smtp-in.l.google.com] {173.194.72.26}
Wed 2015-12-02 15:10:16.518: [776930] * P=020 S=001 D=gmail.com TTL=(28)
MX=[alt2.gmail-smtp-in.l.google.com] {74.125.25.27}
Wed 2015-12-02 15:10:16.518: [776930] * P=030 S=004 D=gmail.com TTL=(28)
MX=[alt3.gmail-smtp-in.l.google.com] {64.233.169.26}
Wed 2015-12-02 15:10:16.518: [776930] * P=040 S=000 D=gmail.com TTL=(28)
MX=[alt4.gmail-smtp-in.l.google.com] {173.194.69.26}
Wed 2015-12-02 15:10:16.518: [776930] ---- End IP lookup results
Wed 2015-12-02 15:10:16.518: [776930] --> 250 2.1.0 Sender OK
Wed 2015-12-02 15:10:16.530: [776930] <-- RCPT TO:<tett...@jkt.itochu.co.id>
Wed 2015-12-02 15:10:16.535: [776930] Performing DNS-BL lookup (202.171.1.139 -
connecting IP)
Wed 2015-12-02 15:10:16.543: [776930] * zen.spamhaus.org - passed
Wed 2015-12-02 15:10:16.543: [776930] ---- End DNS-BL results
Wed 2015-12-02 15:10:16.550: [776930] --> 250 2.1.5 Recipient OK
Wed 2015-12-02 15:10:16.550: [776930] <-- DATA
Wed 2015-12-02 15:10:16.550: [776930] Creating temp file (SMTP):
s:\mdaemon\queues\temp\md50000110843.tmp
Wed 2015-12-02 15:10:16.550: [776930] --> 354 Enter mail, end with <CRLF>.<CRLF>
Wed 2015-12-02 15:10:19.743: [776930] Message size: 835384 bytes
Wed 2015-12-02 15:10:19.744: [776930] Performing DKIM lookup
Wed 2015-12-02 15:10:19.744: [776930] * File:
s:\mdaemon\queues\temp\md50000110843.tmp
Wed 2015-12-02 15:10:19.744: [776930] * Message-ID:
<20151202081203.12bad405...@mx3.ntt.net.id>
Wed 2015-12-02 15:10:19.744: [776930] * Result: neutral
Wed 2015-12-02 15:10:19.744: [776930] ---- End DKIM results
Wed 2015-12-02 15:10:19.747: [776930] Performing DMARC processing
Wed 2015-12-02 15:10:19.747: [776930] * File:
s:\mdaemon\queues\temp\md50000110843.tmp
Wed 2015-12-02 15:10:19.747: [776930] * Message-ID:
<20151202081203.12bad405...@mx3.ntt.net.id>
Wed 2015-12-02 15:10:19.747: [776930] * Author domain: gmail.com
Wed 2015-12-02 15:10:19.747: [776930] * Organizational domain: gmail.com
Wed 2015-12-02 15:10:19.747: [776930] * Query domain: _dmarc.gmail.com
Wed 2015-12-02 15:10:19.841: [776930] * Policy record: v=DMARC1; p=none;
rua=mailto:mailauth-repo...@google.com
Wed 2015-12-02 15:10:19.845: [776930] * Verifying report recipient:
mailauth-repo...@google.com
Wed 2015-12-02 15:10:19.845: [776930] * Query domain:
gmail.com._report._dmarc.google.com
Wed 2015-12-02 15:10:19.864: [776930] * Policy record: v=DMARC1
Wed 2015-12-02 15:10:19.864: [776930] * Recipient
mailauth-repo...@google.com is verified
Wed 2015-12-02 15:10:19.864: [776930] * Checking authentication mechanisms for
DMARC alignment
Wed 2015-12-02 15:10:19.864: [776930] * SPF: verification disabled by
administrator
Wed 2015-12-02 15:10:19.864: [776930] * DKIM: no DKIM signatures found
Wed 2015-12-02 15:10:19.870: [776930] * Action taken: none
Wed 2015-12-02 15:10:19.870: [776930] * Result: fail
Wed 2015-12-02 15:10:19.870: [776930] ---- End DMARC results
Wed 2015-12-02 15:10:19.870: [776930] Passing message through AntiVirus (Size:
835384)...
Wed 2015-12-02 15:10:19.913: [776930] * Message is clean (no viruses found)
Wed 2015-12-02 15:10:19.914: [776930] ---- End AntiVirus results
Wed 2015-12-02 15:10:19.914: [776930] Spam filter scan skipped; message size
(835384) exceeds spam filter configured max size of (102400)
Wed 2015-12-02 15:10:19.917: [776930] Message creation successful:
e:\mdaemon\queues\inbound\md50007908292.msg
Wed 2015-12-02 15:10:19.917: [776930] --> 250 2.6.0 Ok, message saved
<Message-ID: <20151202081203.12bad405...@mx3.ntt.net.id>>
Wed 2015-12-02 15:10:19.921: [776930] <-- QUIT
Wed 2015-12-02 15:10:19.921: [776930] --> 221 2.0.0 See ya in cyberspace
Wed 2015-12-02 15:10:19.921: [776930] SMTP session successful (Bytes in/out:
835516/516)
Mohon advice nya
Regards
Benny
--
--[MDaemon-L]------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 15.5.2, SP 4.5.1, BES 2.0.2, OC 3.5.1, SG 3.0.3
