Dear Pak Syafril, Pagi ini saya cek banayak serangan SPAM dengan nama host : HELO [0.0.0.0], sbb :
Thu 2018-03-22 09:08:38.085: ---------- Thu 2018-03-22 09:08:35.921: Session 292625; child 0014 Thu 2018-03-22 09:08:35.921: Accepting SMTP connection from 42.106.16.235:35060 to 192.168.1.19:25 Thu 2018-03-22 09:08:35.922: --> 220 mail.aio.co.id ESMTP MDaemon 15.5.3; Thu, 22 Mar 2018 09:08:35 +0700 Thu 2018-03-22 09:08:36.104: <-- HELO [0.0.0.0] Thu 2018-03-22 09:08:36.106: --> 250 mail.aio.co.id Hello [0.0.0.0], pleased to meet you Thu 2018-03-22 09:08:36.257: <-- AUTH LOGIN Thu 2018-03-22 09:08:36.257: --> 334 VXNlcm5hbWU6 Thu 2018-03-22 09:08:36.408: <-- c2FsZXNiYW5na2FAYWlvLmNvLmlk Thu 2018-03-22 09:08:36.408: --> 334 UGFzc3dvcmQ6 Thu 2018-03-22 09:08:36.560: <-- ****** Thu 2018-03-22 09:08:36.561: Failed SMTP authentication attempt from 42.106.16.235 for "[email protected]" Thu 2018-03-22 09:08:36.561: --> 535 5.7.8 Authentication failed Thu 2018-03-22 09:08:36.756: <-- MAIL FROM: <[email protected]> Thu 2018-03-22 09:08:36.759: Performing PTR lookup (235.16.106.42.IN-ADDR.ARPA) Thu 2018-03-22 09:08:36.993: * D=235.16.106.42.IN-ADDR.ARPA TTL=(1440) PTR=[42-106-16-235.live.vodafone.in] Thu 2018-03-22 09:08:38.271: * No A/AAAA records found Thu 2018-03-22 09:08:38.271: * MDaemon configured to drop connection on PTR record mismatch Thu 2018-03-22 09:08:38.271: ---- End PTR results Thu 2018-03-22 09:08:38.271: --> 501 5.7.0 Domain must resolve Thu 2018-03-22 09:08:38.271: SMTP session terminated (Bytes in/out: 106/231) Thu 2018-03-22 09:08:38.271: ---------- Thu 2018-03-22 09:08:38.285: Dynamic screening added 115.79.218.38 for 240 minutes; failed 3 authentication attempts Thu 2018-03-22 09:08:37.880: Session 292630; child 0013 Thu 2018-03-22 09:08:37.880: Accepting SMTP connection from 115.79.218.38:53082 to 192.168.1.19:25 Thu 2018-03-22 09:08:37.881: --> 220 mail.aio.co.id ESMTP MDaemon 15.5.3; Thu, 22 Mar 2018 09:08:37 +0700 Thu 2018-03-22 09:08:37.980: <-- HELO [0.0.0.0] Thu 2018-03-22 09:08:37.980: --> 250 mail.aio.co.id Hello [0.0.0.0], pleased to meet you Thu 2018-03-22 09:08:38.078: <-- AUTH LOGIN Thu 2018-03-22 09:08:38.079: --> 334 VXNlcm5hbWU6 Thu 2018-03-22 09:08:38.179: <-- c2FsZXNiYW5na2FAYWlvLmNvLmlk Thu 2018-03-22 09:08:38.179: --> 334 UGFzc3dvcmQ6 Thu 2018-03-22 09:08:38.280: <-- ****** Thu 2018-03-22 09:08:38.280: Failed SMTP authentication attempt from 115.79.218.38 for "[email protected]" Thu 2018-03-22 09:08:38.280: --> 535 5.7.8 Authentication failed Thu 2018-03-22 09:08:38.285: SMTP session terminated (Bytes in/out: 76/200) Thu 2018-03-22 09:08:38.285: ---------- Sejauh ini sudah masuk ke Dynamic Screening karena salah authenticate tersebut. Apakah dapat di block dengan nama host : HELO [0.0.0.0] tersebut ? Mohon pencerahannya. Best Regards, Slamet Raharjo IT Dept. -- --MDaemon-L---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke [email protected] Versi terakhir MD 17.5.3, SP 5.5, OC 5.0.1, SG 5.0.1
