Dear Pak Syafril,
Mohon pencerahan bahwa per hari ada serangan spam di salah satu email
account kami dengan nama ki...@dima.co.id dengan mengirimkan ribuan email ke
Remote dan local, berikut ini saya lampir kan contoh header nya.
Langkah pertama kita mengganti password email user tersebut. ( tetapi
sebelum nya juga ada serangan ke email account lain tetapi hanya tidak
banyak spam email nya ).
Mohon bantuan nya langkah yang perlu kami lakukan agar tidak terjadi
serangan kembali. Terima Kasih.
Contoh :
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
coc...@bluewin.ch
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3Dcochea%2540bluewin.ch','Compose',80
0,600,'yes');>
host mx-v01.bluewin.ch [195.186.120.50]
SMTP error from remote mail server after initial connection:
554 mxbw.lb.bluewin.ch vimdzmsp-mxin05.bluewin.ch Swisscom AG IP:
185.201.18.5, You are not allowed to send us mail. Please see
http://www.dnsbl.manitu.net/lookup.php?value=185.201.18.5 if you feel this
is in error.
_____
Reporting-MTA: dns; mx68.antispamcloud.com
Action: failed
Final-Recipient: rfc822;coc...@bluewin.ch
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3Dcochea%2540bluewin.ch','Compose',80
0,600,'yes');>
Status: 5.0.0
Remote-MTA: dns; mx-v01.bluewin.ch
Diagnostic-Code: smtp; 554 mxbw.lb.bluewin.ch vimdzmsp-mxin05.bluewin.ch
Swisscom AG IP: 185.201.18.5, You are not allowed to send us mail. Please
see http://www.dnsbl.manitu.net/lookup.php?value=185.201.18.5 if you feel
this is in error.
===============================================================
= Greetings from the MDaemon mail system at mail.dima.co.id =
===============================================================
The following message:
Session-ID: 594744 (specific to this delivery attempt)
Queue-ID: pd35002534778.msg
Message-ID: 47471478398.201835162...@onslow.k12.nc.us
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3D47471478398.201835162744%2540onslow
.k12.nc.us','Compose',800,600,'yes');>
could not be delivered to the following recipient(s):
minnie.f...@onslow.k12.nc.us
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3DMinnie.Fain%2540onslow.k12.nc.us','
Compose',800,600,'yes');> (unrecoverable error)
despite one or more unsuccessful attempts to do so.
No further delivery attempts will be made and the message has been removed
from the queue.
The original message headers follow at the end of this report. For
information on DSN messages see http://www.altn.com/dsn/.
Please quote the Queue-ID, Session-ID, and Message-ID found above in any
inquiries regarding this message.
========================
= Session Transcript =
========================
[594744] Session 594744; child 0027
[594744] Parsing message <xxxxxxxxxxxxxxxxxxxxxxxx\pd35002534778.msg>
[594744] * From: ki...@dima.co.id
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3Dkinah%2540dima.co.id','Compose',800
,600,'yes');>
[594744] * To: minnie.f...@onslow.k12.nc.us
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3DMinnie.Fain%2540onslow.k12.nc.us','
Compose',800,600,'yes');>
[594744] * Subject: UPS Ship Notification, Tracking Number
9GYN08275999296382
[594744] * Size (bytes): 1915
[594744] * Message-ID: <47471478398.201835162...@onslow.k12.nc.us
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3D47471478398.201835162744%2540onslow
.k12.nc.us','Compose',800,600,'yes');> >
[594744] Resolving MX record for onslow.k12.nc.us (DNS Server:
116.254.101.2)...
[594744] * P=000 S=000 D=onslow.k12.nc.us TTL=(56)
MX=[onslow-k12-nc-us.mail.protection.outlook.com]
[594744] Attempting SMTP connection to
onslow-k12-nc-us.mail.protection.outlook.com
[594744] Resolving A record for
onslow-k12-nc-us.mail.protection.outlook.com (DNS Server: 116.254.101.2)...
[594744] * D=onslow-k12-nc-us.mail.protection.outlook.com TTL=(0)
A=[216.32.181.170]
[594744] * D=onslow-k12-nc-us.mail.protection.outlook.com TTL=(0)
A=[207.46.163.106]
[594744] Randomly picked 207.46.163.106 from list of possible hosts
[594744] Attempting SMTP connection to 207.46.163.106:587
[594744] * 207.46.163.106 in connection failure cache for up to 5 minutes
due to previous connection failure(s)
[594744] Attempting to send message to smart host
[594744] Attempting SMTP connection to 3204.smtp.antispamcloud.com
[594744] Resolving A record for 3204.smtp.antispamcloud.com (DNS Server:
116.254.101.2)...
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[212.32.243.83]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[217.20.113.37]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[5.79.72.138]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[5.79.72.139]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[37.48.65.165]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[46.165.217.141]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[46.165.217.142]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[85.25.237.173]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[94.75.244.163]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[95.211.233.206]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[198.7.58.152]
[594744] * D=3204.smtp.antispamcloud.com TTL=(0) A=[212.32.233.198]
[594744] Randomly picked 46.165.217.141 from list of possible hosts
[594744] Attempting SMTP connection to 46.165.217.141:587
[594744] Waiting for socket connection...
[594744] * Connection established 116.254.100.37:59745 -->
46.165.217.141:587
[594744] Waiting for protocol to start...
[594744] <-- 220 mx65.antispamcloud.com ESMTP Exim 130608 Mon, 05 Mar 2018
23:40:36 +0100
[594744] --> EHLO mail.dima.co.id
[594744] <-- 250-mx65.antispamcloud.com Hello edm.ed-dima.com
[116.254.100.37]
[594744] <-- 250-SIZE
[594744] <-- 250-8BITMIME
[594744] <-- 250-DSN
[594744] <-- 250-AUTH PLAIN LOGIN
[594744] <-- 250-STARTTLS
[594744] <-- 250 HELP
[594744] --> STARTTLS
[594744] <-- 220 TLS go ahead
[594744] SSL negotiation successful (TLS 1.2, 2048 bit key exchange, 128
bit AES encryption)
[594744] --> EHLO mail.dima.co.id
[594744] <-- 250-mx65.antispamcloud.com Hello edm.ed-dima.com
[116.254.100.37]
[594744] <-- 250-SIZE
[594744] <-- 250-8BITMIME
[594744] <-- 250-DSN
[594744] <-- 250-AUTH PLAIN LOGIN
[594744] <-- 250 HELP
[594744] --> AUTH LOGIN
[594744] <-- 334 VXNlcm5hbWU6
[594744] --> **********
[594744] <-- 334 UGFzc3dvcmQ6
[594744] --> **********
[594744] <-- 235 Authentication succeeded
[594744] --> MAIL From:<ki...@dima.co.id
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3Dkinah%2540dima.co.id','Compose',800
,600,'yes');> > SIZE=1915
[594744] <-- 250 OK
[594744] --> RCPT To:<minnie.f...@onslow.k12.nc.us
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3DMinnie.Fain%2540onslow.k12.nc.us','
Compose',800,600,'yes');> >
[594744] <-- 250 Accepted
[594744] --> DATA
[594744] <-- 354 Enter message, ending with "." on a line by itself
[594744] Sending <xxxxxxxxxxxxxxxxxxxxxxxx\pd35002534778.msg> to
[46.165.217.141]
[594744] Transfer Complete
[594744] <-- 550 High probability of spam
[594744] --> QUIT
========================
= End Transcript =
========================
_____
Reporting-MTA: dns; mail.dima.co.id
Arrival-Date: Mon, 05 Mar 2018 23:26:23 +0700
X-MDaemon-Version: 16.0.3
Final-Recipient: rfc822; minnie.f...@onslow.k12.nc.us
<javascript:top.$WC.parent.openWin('%2FWorldClient.dll%3FSession%3DXH6VOWTP4
JD18%26View%3DCompose%26New%3DYes%26To%3DMinnie.Fain%2540onslow.k12.nc.us','
Compose',800,600,'yes');>
Last-Attempt-Date: Tue, 06 Mar 2018 05:40:27 +0700
Remote-MTA: dns; 3204.smtp.antispamcloud.com
Diagnostic-Code: smtp; 550 High probability of spam
Status: 5.0.0
Action: failed
Thank's
Heryanto
1et2OF-0005Rb-Sh.eml
Description: Binary data
