Dear Pak Syafril, Kami mendapat informasi dari user kami bahwa ada domain @tigapilar.com yang mengirim email dengan attachment file .ace sebesar 2mb, user kami merasa tidak kenal dengan sender, Setelah saya cek log pada hari tersebut, ternyata domain tersebut banyak mengirim email ke domain kami dan kebanyakan unknown recipient namun dalam log smtp-in tidak ada indikasi spammer dan attachment nya pun clean. Apakah Bapak pernah mendengar domain ini? Atau ada pengalaman yang serupa dengan kami? Please advice,
Berikut log smpt-in nya Pak. Mon 2016-04-18 07:41:15: ---------- Mon 2016-04-18 07:41:13: [401848] Session 401848; child 0007 Mon 2016-04-18 07:41:13: [401848] Accepting SMTP connection from [103.28.115.210:37012] to [172.30.2.2:25] Mon 2016-04-18 07:41:13: [401848] --> 220 mail.fastratabuana.co.id ESMTP MDaemon 13.6.2; Mon, 18 Apr 2016 07:41:13 +0700 Mon 2016-04-18 07:41:13: [401848] <-- EHLO smtp.tigapilar.com Mon 2016-04-18 07:41:13: [401848] EHLO/HELO response delayed 2 seconds Mon 2016-04-18 07:41:15: [401848] --> 250-mail.fastratabuana.co.id Hello smtp.tigapilar.com, pleased to meet you Mon 2016-04-18 07:41:15: [401848] --> 250-ETRN Mon 2016-04-18 07:41:15: [401848] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Mon 2016-04-18 07:41:15: [401848] --> 250-8BITMIME Mon 2016-04-18 07:41:15: [401848] --> 250 SIZE Mon 2016-04-18 07:41:15: [401848] <-- MAIL FROM:<[email protected]> SIZE=2865762 BODY=7BIT Mon 2016-04-18 07:41:15: [401848] Performing PTR lookup (210.115.28.103.IN-ADDR.ARPA) Mon 2016-04-18 07:41:15: [401848] * D=210.115.28.103.IN-ADDR.ARPA TTL=(1308) PTR=[smtp.tigapilar.com] Mon 2016-04-18 07:41:15: [401848] * Gathering A records... Mon 2016-04-18 07:41:15: [401848] * D=smtp.tigapilar.com TTL=(74) A=[103.28.115.210] Mon 2016-04-18 07:41:15: [401848] ---- End PTR results Mon 2016-04-18 07:41:15: [401848] Performing IP lookup (smtp.tigapilar.com) Mon 2016-04-18 07:41:15: [401848] * D=smtp.tigapilar.com TTL=(74) A=[103.28.115.210] Mon 2016-04-18 07:41:15: [401848] ---- End IP lookup results Mon 2016-04-18 07:41:15: [401848] Performing IP lookup (tigapilar.com) Mon 2016-04-18 07:41:15: [401848] * D=tigapilar.com TTL=(74) A=[103.6.207.201] Mon 2016-04-18 07:41:15: [401848] * P=010 S=000 D=tigapilar.com TTL=(74) MX=[mail.tigapilar.com] {103.28.115.162} Mon 2016-04-18 07:41:15: [401848] ---- End IP lookup results Mon 2016-04-18 07:41:15: [401848] Performing SPF lookup (tigapilar.com / 103.28.115.210) Mon 2016-04-18 07:41:15: [401848] * Result: none; no SPF record in DNS Mon 2016-04-18 07:41:15: [401848] ---- End SPF results Mon 2016-04-18 07:41:15: [401848] --> 250 <[email protected]>, Sender ok Mon 2016-04-18 07:41:15: [401848] <-- RCPT TO:<[email protected]> Mon 2016-04-18 07:41:15: [401848] Performing DNS-BL lookup (103.28.115.210 - connecting IP) Mon 2016-04-18 07:41:15: [401848] * zen.spamhaus.org - passed Mon 2016-04-18 07:41:15: [401848] ---- End DNS-BL results Mon 2016-04-18 07:41:15: [401848] --> 250 <[email protected]>, Recipient ok Mon 2016-04-18 07:41:15: [401848] <-- DATA Mon 2016-04-18 07:41:15: [401848] Creating temp file (SMTP): d:\mdaemon\queues\temp\14\md50000002639.tmp Mon 2016-04-18 07:41:15: [401848] --> 354 Enter mail, end with <CRLF>.<CRLF> Mon 2016-04-18 07:41:16: [401848] Message size: 2865759 bytes Mon 2016-04-18 07:41:16: [401848] Performing DKIM lookup Mon 2016-04-18 07:41:16: [401848] * File: d:\mdaemon\queues\temp\14\md50000002639.tmp Mon 2016-04-18 07:41:16: [401848] * Message-ID: [email protected] Mon 2016-04-18 07:41:16: [401848] * Result: neutral Mon 2016-04-18 07:41:16: [401848] ---- End DKIM results Mon 2016-04-18 07:41:16: [401848] Passing message through AntiVirus (Size: 2865759)... Mon 2016-04-18 07:41:16: [401848] * Message is clean (no viruses found) Mon 2016-04-18 07:41:16: [401848] ---- End AntiVirus results Mon 2016-04-18 07:41:16: [401848] Spam filter scan skipped; message size (2865759) exceeds spam filter configured max size of (102400) Mon 2016-04-18 07:41:16: [401848] Message creation successful: d:\mdaemon\queues\inbound\18\md50000040725.msg Mon 2016-04-18 07:41:16: [401848] --> 250 Ok, message saved <Message-ID: <[email protected]>> Mon 2016-04-18 07:41:16: [401848] <-- QUIT Mon 2016-04-18 07:41:16: [401848] --> 221 See ya in cyberspace Mon 2016-04-18 07:41:16: [401848] SMTP session successful (Bytes in/out: 2865890/477) Mon 2016-04-18 07:41:16: ---------- Terimakasih, Asep. Y -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 16.0.1, SP 4.5.1, BES 2.0.2, OC 3.5.2, SG 3.0.3
