Pak ada 1 user saya yg sptnya kena Hijack / psw nya diketahui org lain
sehingga tiba2 ada sending mail sebanyak 8000an, saya lsg ganti
passwordnya baru berhenti.
Pertanyaan saya :
Kenapa Hijack detection tidak bekerja, padahal sudah aktif diset
500message tiap 30menit, apakah ada salah setting ?
Ini salah satu contoh Log dan message source
Thu 2017-03-09 11:06:31.473: 05: Session 806096; child 0005
Thu 2017-03-09 11:06:31.473: 01: Parsing message
<e:\mdaemon\queues\remote\pd35000417503.msg>
Thu 2017-03-09 11:06:31.475: 01: * From: [email protected]
Thu 2017-03-09 11:06:31.475: 01: * To: [email protected]
Thu 2017-03-09 11:06:31.475: 01: * Subject: Requested Order
Thu 2017-03-09 11:06:31.475: 01: * Size (bytes): 54966
Thu 2017-03-09 11:06:31.475: 01: * Message-ID:
<[email protected]>
Thu 2017-03-09 11:06:31.475: 01: * Route slip host: gmail.com
Thu 2017-03-09 11:06:31.476: 01: * Route slip port: 25
Thu 2017-03-09 11:06:31.517: 05: Resolving MX record for gmail.com (DNS
Server: 203.142.82.222)...
Thu 2017-03-09 11:06:31.531: 05: * P=005 S=000 D=gmail.com TTL=(45)
MX=[gmail-smtp-in.l.google.com]
Thu 2017-03-09 11:06:31.532: 05: * P=010 S=003 D=gmail.com TTL=(45)
MX=[alt1.gmail-smtp-in.l.google.com]
Thu 2017-03-09 11:06:31.532: 05: * P=020 S=004 D=gmail.com TTL=(45)
MX=[alt2.gmail-smtp-in.l.google.com]
Thu 2017-03-09 11:06:31.532: 05: * P=030 S=001 D=gmail.com TTL=(45)
MX=[alt3.gmail-smtp-in.l.google.com]
Thu 2017-03-09 11:06:31.532: 05: * P=040 S=002 D=gmail.com TTL=(45)
MX=[alt4.gmail-smtp-in.l.google.com]
Thu 2017-03-09 11:06:31.532: 05: Attempting SMTP connection to
gmail-smtp-in.l.google.com
Thu 2017-03-09 11:06:31.532: 05: Resolving AAAA record for
gmail-smtp-in.l.google.com (DNS Server: 203.142.82.222)...
Thu 2017-03-09 11:06:31.536: 05: * D=gmail-smtp-in.l.google.com TTL=(4)
AAAA=[2404:6800:4003:c00::1a]
Thu 2017-03-09 11:06:31.537: 05: Attempting SMTP connection to
[2404:6800:4003:c00::1a]:25
Thu 2017-03-09 11:06:31.537: 05: Waiting for socket connection...
Thu 2017-03-09 11:06:31.538: 04: * Socket error 10051 - The network is
unreachable.
Thu 2017-03-09 11:06:31.538: 05: Resolving A record for
gmail-smtp-in.l.google.com (DNS Server: 203.142.82.222)...
Thu 2017-03-09 11:06:31.542: 05: * D=gmail-smtp-in.l.google.com TTL=(1)
A=[74.125.200.27]
Thu 2017-03-09 11:06:31.542: 05: Attempting SMTP connection to
74.125.200.27:25
Thu 2017-03-09 11:06:31.542: 05: Waiting for socket connection...
Thu 2017-03-09 11:06:31.559: 05: * Connection established
192.168.10.2:56247 --> 74.125.200.27:25
Thu 2017-03-09 11:06:31.559: 05: Waiting for protocol to start...
Thu 2017-03-09 11:06:31.734: 02: <-- 220 mx.google.com ESMTP
m8si5207805pln.122 - gsmtp
Thu 2017-03-09 11:06:31.736: 03: --> EHLO webmail.pttdp.com
Thu 2017-03-09 11:06:31.913: 02: <-- 250-mx.google.com at your service,
[117.102.88.187]
Thu 2017-03-09 11:06:31.913: 02: <-- 250-SIZE 157286400
Thu 2017-03-09 11:06:31.913: 02: <-- 250-8BITMIME
Thu 2017-03-09 11:06:31.913: 02: <-- 250-STARTTLS
Thu 2017-03-09 11:06:31.913: 02: <-- 250-ENHANCEDSTATUSCODES
Thu 2017-03-09 11:06:31.913: 02: <-- 250-PIPELINING
Thu 2017-03-09 11:06:31.913: 02: <-- 250-CHUNKING
Thu 2017-03-09 11:06:31.913: 02: <-- 250 SMTPUTF8
Thu 2017-03-09 11:06:31.913: 03: --> STARTTLS
Thu 2017-03-09 11:06:32.089: 02: <-- 220 2.0.0 Ready to start TLS
Thu 2017-03-09 11:06:32.140: 01: SSL negotiation successful (TLS 1.2,
256 bit key exchange, 128 bit AES encryption)
Thu 2017-03-09 11:06:32.141: 01: SSL certificate is valid (matches
gmail-smtp-in.l.google.com and is signed by recognized CA)
Thu 2017-03-09 11:06:32.141: 03: --> EHLO webmail.pttdp.com
Thu 2017-03-09 11:06:32.316: 02: <-- 250-mx.google.com at your service,
[117.102.88.187]
Thu 2017-03-09 11:06:32.316: 02: <-- 250-SIZE 157286400
Thu 2017-03-09 11:06:32.316: 02: <-- 250-8BITMIME
Thu 2017-03-09 11:06:32.317: 02: <-- 250-ENHANCEDSTATUSCODES
Thu 2017-03-09 11:06:32.317: 02: <-- 250-PIPELINING
Thu 2017-03-09 11:06:32.317: 02: <-- 250-CHUNKING
Thu 2017-03-09 11:06:32.317: 02: <-- 250 SMTPUTF8
Thu 2017-03-09 11:06:32.317: 03: --> MAIL From:<[email protected]> SIZE=54966
Thu 2017-03-09 11:06:32.491: 02: <-- 250 2.1.0 OK m8si5207805pln.122 - gsmtp
Thu 2017-03-09 11:06:32.491: 03: --> RCPT To:<[email protected]>
Thu 2017-03-09 11:06:32.948: 02: <-- 250 2.1.5 OK m8si5207805pln.122 - gsmtp
Thu 2017-03-09 11:06:32.948: 03: --> RCPT To:<[email protected]>
Thu 2017-03-09 11:06:33.233: 02: <-- 250 2.1.5 OK m8si5207805pln.122 - gsmtp
Thu 2017-03-09 11:06:33.233: 03: --> RCPT To:<[email protected]>
Thu 2017-03-09 11:06:33.619: 02: <-- 250 2.1.5 OK m8si5207805pln.122 - gsmtp
Thu 2017-03-09 11:06:33.619: 03: --> DATA
Thu 2017-03-09 11:06:45.937: 02: <-- 354 Go ahead m8si5207805pln.122 -
gsmtp
Thu 2017-03-09 11:06:45.937: 01: Sending
<e:\mdaemon\queues\remote\pd35000417503.msg> to [74.125.200.27]
Thu 2017-03-09 11:06:45.974: 01: Transfer Complete
Thu 2017-03-09 11:06:46.467: 02: <-- 250 2.0.0 OK 1489032405
m8si5207805pln.122 - gsmtp
Thu 2017-03-09 11:06:46.470: 03: --> QUIT
Thu 2017-03-09 11:06:46.994: 02: <-- 221 2.0.0 closing connection
m8si5207805pln.122 - gsmtp
Thu 2017-03-09 11:06:46.994: 01: SMTP session successful (Bytes in/out:
723/56251)
X-MDAV-Result: clean
X-MDAV-Processed: webmail.pttdp.com, Thu, 09 Mar 2017 12:10:10 +0700
Received: from [5.34.240.10] by pttdp.com (Cipher TLSv1:AES-SHA:256)
(MDaemon PRO v16.5.2)
with ESMTPSA id md50001448830.msg for <[email protected]>;
Thu, 09 Mar 2017 12:10:08 +0700
VBR-Info: md=pttdp.com; mc=all; mv=vbr.emailcertification.org;
X-Spam-Processed: webmail.pttdp.com, Thu, 09 Mar 2017 12:10:08 +0700
(not processed: message from trusted or authenticated source)
X-MDHelo: [5.34.240.10]
X-MDArrival-Date: Thu, 09 Mar 2017 12:10:08 +0700
X-Authenticated-Sender: [email protected]
X-Return-Path: [email protected]
X-Envelope-From: [email protected]
X-MDaemon-Deliver-To: [email protected]
Content-Type: multipart/mixed; boundary="===============0558025172=="
MIME-Version: 1.0
Subject: Requested Order
To: Recipients <[email protected]>
From: "Jahangir Alam" <[email protected]>
Date: Thu, 09 Mar 2017 06:35:47 -0800
Message-ID: <[email protected]>
You will not see this in a MIME-aware mail reader.
--===============0558025172==
Content-Type: multipart/alternative; boundary="===============0216357449=="
MIME-Version: 1.0
--===============0216357449==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
--
--MDaemon-L----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1
