Pak minggu lalu user saya ada yg kena hijack walaupun sudah secure
password, mungkin dia sembarang register di web ga jelas. sehingga
account tsb dipakai mengirim ribuan email dalam 1 malam
pertanyaan saya kenapa hijack prevention setting tidak berfungsi saat
kirim email sampai ribuan ini :
IP *202.171.41.162 *contoh IP hacker nya tidak terblock oleh hijack
detestion sy cek di log DynScrn IP tersebut tidak terblock dan account
tidak freeze. Kenapa bisa lolos ya ? IP ini tercatat di SMTP-in log
banyak sekali berhasil login.
solusi saat ini lsg saya reset password lsg stop.
posisi setting hijack sbb :
contoh log smtp-in :
Sun 2018-04-15 00:03:10.214: 05: Session 631749; child 0001
Sun 2018-04-15 00:03:10.214: 05: Accepting SMTP connection from
202.171.41.162:55467 to 192.168.10.2:587
Sun 2018-04-15 00:03:10.215: 03: --> 220 webmail.pttdp.com ESMTP MSA
MDaemon 17.5.1; Sun, 15 Apr 2018 00:03:10 +0700
Sun 2018-04-15 00:03:10.240: 02: <-- EHLO mymobile.gov.my
Sun 2018-04-15 00:03:10.240: 03: --> 250-webmail.pttdp.com Hello
mymobile.gov.my [*202.171.41.162*], pleased to meet you
Sun 2018-04-15 00:03:10.240: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Sun 2018-04-15 00:03:10.240: 03: --> 250-8BITMIME
Sun 2018-04-15 00:03:10.241: 03: --> 250-ENHANCEDSTATUSCODES
Sun 2018-04-15 00:03:10.241: 03: --> 250-STARTTLS
Sun 2018-04-15 00:03:10.241: 03: --> 250 SIZE 30000000
Sun 2018-04-15 00:03:10.266: 02: <-- STARTTLS
Sun 2018-04-15 00:03:10.266: 03: --> 220 2.7.0 Ready to start TLS
Sun 2018-04-15 00:03:10.323: 01: SSL negotiation successful (TLS 1.0,
2048 bit key exchange, 256 bit AES encryption)
Sun 2018-04-15 00:03:10.348: 02: <-- EHLO mymobile.gov.my
Sun 2018-04-15 00:03:10.348: 03: --> 250-webmail.pttdp.com Hello
mymobile.gov.my [202.171.41.162], pleased to meet you
Sun 2018-04-15 00:03:10.348: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Sun 2018-04-15 00:03:10.348: 03: --> 250-8BITMIME
Sun 2018-04-15 00:03:10.348: 03: --> 250-ENHANCEDSTATUSCODES
Sun 2018-04-15 00:03:10.348: 03: --> 250 SIZE 30000000
Sun 2018-04-15 00:03:10.374: 02: <-- AUTH CRAM-MD5
Sun 2018-04-15 00:03:10.375: 03: --> 334
PE1EQUVNT04tRjIwMTgwNDE1MDAwMy5BQTAzMTAzNzVNRDM3MTZAd2VibWFpbC5wdHRkcC5jb20+
Sun 2018-04-15 00:03:10.399: 02: <--
ZXN0ZXJAcHR0ZHAuY29tIDEyNDVlN2YwNjc4N2ZkNzFiYjFiYTZiNTFjOTk1OWRi
Sun 2018-04-15 00:03:10.399: 01: Authenticating [email protected]...
Sun 2018-04-15 00:03:10.401: 01: Authenticated as [email protected]
Sun 2018-04-15 00:03:10.401: 03: --> 235 2.7.0 Authentication successful
Sun 2018-04-15 00:03:10.427: 02: <-- MAIL FROM:<[email protected]>
Sun 2018-04-15 00:03:10.428: 03: --> 250 2.1.0 Sender OK
Sun 2018-04-15 00:03:10.453: 02: <-- RCPT TO:<[email protected]>
Sun 2018-04-15 00:03:10.456: 03: --> 250 2.1.5 Recipient OK
Sun 2018-04-15 00:03:10.483: 02: <-- DATA
Sun 2018-04-15 00:03:10.484: 01: Creating temp file (SMTP):
e:\mdaemon\queues\temp\md50000091525.tmp
Sun 2018-04-15 00:03:10.484: 03: --> 354 Enter mail, end with <CRLF>.<CRLF>
Sun 2018-04-15 00:03:10.537: 01: Message size: 1203 bytes
Sun 2018-04-15 00:03:10.538: 06: Passing message through AntiVirus
(Size: 1203)...
Sun 2018-04-15 00:03:10.549: 06: * Message is clean (no viruses found)
Sun 2018-04-15 00:03:10.549: 06: ---- End AntiVirus results
Sun 2018-04-15 00:03:10.578: 01: Message creation successful:
e:\mdaemon\queues\inbound\md50001834914.msg
Sun 2018-04-15 00:03:10.578: 03: --> 250 2.6.0 Ok, message saved
<Message-ID: <[email protected]>>
Sun 2018-04-15 00:03:10.578: 02: <-- QUIT
Sun 2018-04-15 00:03:10.578: 03: --> 221 2.0.0 See ya in cyberspace
Sun 2018-04-15 00:03:10.579: 01: SMTP session successful (Bytes in/out:
3345/2154)
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1
