Dear Pak Syafril, Saran sudah kami setting semua nya :
>Masukkan Identitas sender host (3.84.76.188.dynamic.jazztel.es) kedalam hostscreening. >http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--host_screeni ng.htm >masukkan di ALL Ips >Karena sudah pakai MDaemon diatas 15.x maka ada pilihan lain, unduh file berikut >ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat >salin/timpa ke \\mdaemon\app, lalu restart MDaemon service dari windows service control panel. >Yang ini mestinya ditolak kalau semua menu PTR check di reverse lookup check aktif >http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--reverse_look up.htm >[x] Perform PTR lookup on inbound SMTP connections [x] ...send 501 and close connection if no PTR record exists [x] ...send 501 and close connection if no PTR record match [x] Exempt authenticated sessions >(lookup will defer until after MAIL) Cuma masih ada yg masuk ya pak syafril contoh spam : ------------------------------------------------------------------- MDaemon has detected restricted attachments within an email message ------------------------------------------------------------------- >From : [email protected] To : [email protected] Subject : [***SPAM*** Score/Req:07.90/6.0] Re: Message-ID: <[email protected]> --------------------- Attachment(s) removed --------------------- herman.sulina_713B100D.zip (history_837 - 1.js) Log SMTP in nya : Wed 2016-05-18 09:26:21.983: ---------- Wed 2016-05-18 09:26:35.741: [390135] Session 390135; child 0001 Wed 2016-05-18 09:26:35.741: [390135] Accepting SMTP connection from 115.79.46.28:53580 to 116.254.100.37:25 Wed 2016-05-18 09:26:35.742: [390135] --> 220-edm.ed-dima.com ESMTP MDaemon 15.0.1; Wed, 18 May 2016 09:26:35 +0700 Wed 2016-05-18 09:26:35.742: [390135] --> 220-"PT. Esham Dima Mandiri Mail Server" Wed 2016-05-18 09:26:35.742: [390135] --> 220-"All transactions and IP addresses are logged" Wed 2016-05-18 09:26:35.742: [390135] --> 220-"By IT-DIMA Dept." Wed 2016-05-18 09:26:35.742: [390135] --> 220 "2012-2013" Wed 2016-05-18 09:26:35.815: [390135] <-- EHLO [115.79.46.28] Wed 2016-05-18 09:26:35.816: [390135] --> 250-edm.ed-dima.com Hello [115.79.46.28], pleased to meet you Wed 2016-05-18 09:26:35.816: [390135] --> 250-ETRN Wed 2016-05-18 09:26:35.816: [390135] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Wed 2016-05-18 09:26:35.816: [390135] --> 250-8BITMIME Wed 2016-05-18 09:26:35.816: [390135] --> 250-ENHANCEDSTATUSCODES Wed 2016-05-18 09:26:35.816: [390135] --> 250 SIZE 15360000 Wed 2016-05-18 09:26:35.886: [390135] <-- MAIL FROM:<[email protected]> Wed 2016-05-18 09:26:35.889: [390135] Performing PTR lookup (28.46.79.115.IN-ADDR.ARPA) Wed 2016-05-18 09:26:36.025: [390135] * DNS server reports domain name unknown Wed 2016-05-18 09:26:36.025: [390135] * No PTR records found Wed 2016-05-18 09:26:36.025: [390135] ---- End PTR results Wed 2016-05-18 09:26:36.034: [390135] Performing IP lookup (dcwildlife.com) Wed 2016-05-18 09:26:36.312: [390135] * D=dcwildlife.com TTL=(29) A=[209.237.150.20] Wed 2016-05-18 09:26:36.555: [390135] * P=010 S=000 D=dcwildlife.com TTL=(29) MX=[inbound.registeredsite.com] Wed 2016-05-18 09:26:36.832: [390135] * D=inbound.registeredsite.com TTL=(1) A=[64.69.222.10] Wed 2016-05-18 09:26:36.832: [390135] ---- End IP lookup results Wed 2016-05-18 09:26:36.834: [390135] Performing SPF lookup (dcwildlife.com / 115.79.46.28) Wed 2016-05-18 09:26:37.152: [390135] * Policy: v=spf1 a mx Wed 2016-05-18 09:26:37.154: [390135] * Evaluating a: no match Wed 2016-05-18 09:26:37.158: [390135] * Evaluating mx: no match Wed 2016-05-18 09:26:37.158: [390135] * Result: neutral Wed 2016-05-18 09:26:37.158: [390135] ---- End SPF results Wed 2016-05-18 09:26:37.158: [390135] --> 250 2.1.0 Sender OK Wed 2016-05-18 09:26:37.231: [390135] <-- RCPT TO:<[email protected]> Wed 2016-05-18 09:26:37.232: [390135] [email protected] is an alias for [email protected] Wed 2016-05-18 09:26:37.240: [390135] Performing DNS-BL lookup (115.79.46.28 - connecting IP) Wed 2016-05-18 09:26:37.592: [390135] * zen.spamhaus.org - failed - 127.0.0.11 Wed 2016-05-18 09:26:37.965: [390135] * bl.csma.biz - failed - 127.0.0.11 Wed 2016-05-18 09:26:37.965: [390135] ---- End DNS-BL results Wed 2016-05-18 09:26:37.967: [390135] --> 250 2.1.5 Recipient OK Wed 2016-05-18 09:26:38.038: [390135] <-- DATA Wed 2016-05-18 09:26:38.039: [390135] Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000002211.tmp Wed 2016-05-18 09:26:38.039: [390135] --> 354 Enter mail, end with <CRLF>.<CRLF> Wed 2016-05-18 09:26:38.539: [390135] Message size: 11840 bytes Wed 2016-05-18 09:26:38.541: [390135] Performing DKIM lookup Wed 2016-05-18 09:26:38.541: [390135] * File: d:\mdaemon\queues\temp\md50000002211.tmp Wed 2016-05-18 09:26:38.541: [390135] * Message-ID: <[email protected]> Wed 2016-05-18 09:26:38.886: [390135] * Result: neutral Wed 2016-05-18 09:26:38.886: [390135] ---- End DKIM results Wed 2016-05-18 09:26:38.891: [390135] Performing DMARC processing Wed 2016-05-18 09:26:38.891: [390135] * File: d:\mdaemon\queues\temp\md50000002211.tmp Wed 2016-05-18 09:26:38.891: [390135] * Message-ID: <[email protected]> Wed 2016-05-18 09:26:38.891: [390135] * Author domain: dcwildlife.com Wed 2016-05-18 09:26:38.891: [390135] * Organizational domain: dcwildlife.com Wed 2016-05-18 09:26:38.891: [390135] * Query domain: _dmarc.dcwildlife.com Wed 2016-05-18 09:26:39.418: [390135] * No DMARC policy record found Wed 2016-05-18 09:26:39.418: [390135] * Action taken: none Wed 2016-05-18 09:26:39.418: [390135] * Result: none Wed 2016-05-18 09:26:39.418: [390135] ---- End DMARC results Wed 2016-05-18 09:26:39.421: [390135] Passing message through AntiVirus (Size: 11840)... Wed 2016-05-18 09:26:39.422: [390135] * Recipient or sender in exclusion list Wed 2016-05-18 09:26:39.422: [390135] ---- End AntiVirus results Wed 2016-05-18 09:26:39.623: [390135] Passing message through Outbreak Protection... Wed 2016-05-18 09:26:39.624: [390135] * Message-ID: <[email protected]> Wed 2016-05-18 09:26:39.624: [390135] * Reference-ID: str=0001.0A150202.573BD363.0071,ss=4,re=0.000,recu=0.000,reip=0.000,vtr=str, vl=0,pt=R_549421,cl=4,cld=1,fgs=12 Wed 2016-05-18 09:26:39.624: [390135] * Virus result: 0 - Clean Wed 2016-05-18 09:26:39.624: [390135] * Spam result: 4 - Spam (confirmed) Wed 2016-05-18 09:26:39.625: [390135] * IWF result: 0 - Clean Wed 2016-05-18 09:26:39.626: [390135] ---- End Outbreak Protection results Wed 2016-05-18 09:26:39.628: [390135] Passing message through Spam Filter (Size: 11840)... Wed 2016-05-18 09:26:40.651: [390135] * 3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL Wed 2016-05-18 09:26:40.651: [390135] * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish Wed 2016-05-18 09:26:40.651: [390135] * 1.6 BAYES_50 BODY: Bayes spam probability is 40 to 60% Wed 2016-05-18 09:26:40.651: [390135] * [score: 0.5107] Wed 2016-05-18 09:26:40.651: [390135] * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS Wed 2016-05-18 09:26:40.651: [390135] * 0.0 HELO_MISC_IP Looking for more Dynamic IP Relays Wed 2016-05-18 09:26:40.651: [390135] ---- End SpamAssassin results Wed 2016-05-18 09:26:40.651: [390135] Spam Filter score/req: 7.90/12.0 Wed 2016-05-18 09:26:40.809: [390135] Message creation successful: d:\mdaemon\queues\inbound\md50007295647.msg Wed 2016-05-18 09:26:40.809: [390135] --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> Wed 2016-05-18 09:26:40.817: [390135] <-- QUIT Wed 2016-05-18 09:26:40.817: [390135] --> 221 2.0.0 See ya in cyberspace Wed 2016-05-18 09:26:40.817: [390135] SMTP session successful (Bytes in/out: 11959/585) Wed 2016-05-18 09:26:40.817: ---------- Pak Syafril apakah pengaruh karena di mail server kami memiliki 2 domain yg aktif 1 domain dengan edm-dima.co.id ( SMTP :edm-ed-dima.com ) dan domain 1 lagi dengan dima.co.id ( SMTP mail.dima.co.id) Saat ini yang aktif kami pakai domain dima.co.id ( SMTP dima.co.id ) apakah spam ini masuk lewat SMTP yg tidak aktif kami ? Wed 2016-05-18 09:26:35.815: [390135] <-- EHLO [115.79.46.28] Wed 2016-05-18 09:26:35.816: [390135] --> 250-edm.ed-dima.com Hello [115.79.46.28], pleased to meet you Thank's Heryanto -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Syafril Hermansyah Sent: 18 May 2016 8:34 To: Milis Komunitas MDaemon Indonesia <[email protected]> Subject: [MDaemon-L] Email spam banyak yang lolos cukup mengganggu user On 18/05/16 08:06, Heryanto wrote: > Pak Syafril berikut log nya ? mau bertanya pak kalau dilihat dari log > smtp in di bawah ini ada celah di mana ya pak ? > > Wed 2016-05-18 06:02:41.066: [376213] Accepting SMTP connection from > 188.76.84.3:52319 to 116.254.100.37:25 > Wed 2016-05-18 06:02:41.545: [376213] <-- EHLO > 3.84.76.188.dynamic.jazztel.es > Wed 2016-05-18 06:02:42.047: [376213] Performing PTR lookup > (3.84.76.188.IN-ADDR.ARPA) > Wed 2016-05-18 06:02:42.069: [376213] * D=3.84.76.188.IN-ADDR.ARPA > TTL=(283) PTR=[3.84.76.188.dynamic.jazztel.es] > Wed 2016-05-18 06:02:42.073: [376213] * > D=3.84.76.188.dynamic.jazztel.es > TTL=(368) A=[188.76.84.3] Masukkan Identitas sender host (3.84.76.188.dynamic.jazztel.es) kedalam hostscreening. http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--host_screenin g.htm masukkan di ALL Ips Karena sudah pakai MDaemon diatas 15.x maka ada pilihan lain, unduh file berikut ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat salin/timpa ke \\mdaemon\app, lalu restart MDaemon service dari windows service control panel. > Wed 2016-05-18 06:37:38.479: [376488] Accepting SMTP connection from > 116.111.51.94:2486 to 116.254.100.37:25 > Wed 2016-05-18 06:37:38.681: [376488] Performing PTR lookup > (94.51.111.116.IN-ADDR.ARPA) > Wed 2016-05-18 06:37:38.797: [376488] * DNS server reports domain > name unknown > Wed 2016-05-18 06:37:38.797: [376488] * No PTR records found > Wed 2016-05-18 06:37:38.797: [376488] ---- End PTR results Yang ini mestinya ditolak kalau semua menu PTR check di reverse lookup check aktif http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--reverse_looku p.htm [x] Perform PTR lookup on inbound SMTP connections [x] ...send 501 and close connection if no PTR record exists [x] ...send 501 and close connection if no PTR record match [x] Exempt authenticated sessions (lookup will defer until after MAIL) > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Syafril Hermansyah > Sent: 17 May 2016 21:58 > To: Milis Komunitas MDaemon Indonesia <[email protected]> > Subject: [MDaemon-L] Email spam banyak yang lolos cukup mengganggu > user > On 05/17/2016 08:06 PM, Heryanto wrote: >> Mohon pencerahan nya bahwa mail server kami belakangan ini banyak >> menerima email seperti di bawah ini apakah ada celah di settingan >> mail server kami sehingga spam mail bisa masuk. Yang diatas ini dihapus saja saat reply, karena semua member milis sudah punya salinannya. -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Education is the power to think clearly, the power to act well in the world's work, and the power to appreciate life. --- Brigham Young -- --MDaemon-L---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3 -- --MDaemon-L---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3
