[mdaemon-l] aserracapital.com (ini spam atau bukan)

Mon, 30 Jul 2018 19:46:29 -0700 

pak syafril,

banyak user kompastv mendapatkan email dari domain @aserracapital.com
perihal informasi unknown, kemungkinan ini spam.
dan jika saya lihat di smtp-in pada waktu yang sama, terdapat log sebagai
berikut.

Mon 2018-07-30 19:07:22.912: ----------
Mon 2018-07-30 19:06:23.762: [626407] Session 626407; child 0007
Mon 2018-07-30 19:06:23.762: [626407] Accepting SMTP connection from
202.158.21.221:58584 to 10.8.40.3:25
Mon 2018-07-30 19:06:23.764: [626407] --> 220 mail.kompas.tv ESMTP MDaemon
17.0.2; Mon, 30 Jul 2018 19:06:23 +0700
Mon 2018-07-30 19:06:24.002: [626407] <-- EHLO mail01.aserracapital.com
Mon 2018-07-30 19:06:24.003: [626407] --> 250-mail.kompas.tv Hello
mail01.aserracapital.com [202.158.21.221], pleased to meet you
Mon 2018-07-30 19:06:24.003: [626407] --> 250-ETRN
Mon 2018-07-30 19:06:24.003: [626407] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Mon 2018-07-30 19:06:24.003: [626407] --> 250-8BITMIME
Mon 2018-07-30 19:06:24.003: [626407] --> 250-ENHANCEDSTATUSCODES
Mon 2018-07-30 19:06:24.003: [626407] --> 250 SIZE 20480000
Mon 2018-07-30 19:06:24.237: [626407] <-- MAIL FROM:<
[email protected]> SIZE=5289 BODY=7BIT
Mon 2018-07-30 19:06:24.241: [626407] Performing PTR lookup
(221.21.158.202.IN-ADDR.ARPA)
Mon 2018-07-30 19:06:24.401: [626407] *  D=221.21.158.202.IN-ADDR.ARPA
TTL=(243) PTR=[mail01.aserracapital.com]
Mon 2018-07-30 19:06:24.568: [626407] *  D=webmail.aserracapital.com
TTL=(4) A=[202.158.21.221]
Mon 2018-07-30 19:06:24.568: [626407] ---- End PTR results
Mon 2018-07-30 19:06:24.571: [626407] Performing IP lookup (
mail01.aserracapital.com)
Mon 2018-07-30 19:06:24.733: [626407] *  D=webmail.aserracapital.com
TTL=(3) A=[202.158.21.221]
Mon 2018-07-30 19:06:24.733: [626407] ---- End IP lookup results
Mon 2018-07-30 19:06:24.736: [626407] Performing IP lookup (
aserracapital.com)
Mon 2018-07-30 19:06:24.905: [626407] *  D=aserracapital.com TTL=(4)
A=[103.11.74.136]
Mon 2018-07-30 19:06:25.065: [626407] *  P=010 S=000 D=aserracapital.com
TTL=(4) MX=[mail01.aserracapital.com]
Mon 2018-07-30 19:06:25.230: [626407] *  D=webmail.aserracapital.com
TTL=(3) A=[202.158.21.221]
Mon 2018-07-30 19:06:25.230: [626407] ---- End IP lookup results
Mon 2018-07-30 19:06:25.230: [626407] --> 250 2.1.0 Sender OK
Mon 2018-07-30 19:06:25.396: [626407] <-- RCPT TO:<[email protected]>
Mon 2018-07-30 19:06:25.410: [626407] --> 250 2.1.5 Recipient OK
Mon 2018-07-30 19:06:25.628: [626407] <-- DATA
Mon 2018-07-30 19:06:25.629: [626407] Creating temp file (SMTP):
c:\mdaemon\queues\temp\md50000683963.tmp
Mon 2018-07-30 19:06:25.629: [626407] --> 354 Enter mail, end with
<CRLF>.<CRLF>
Mon 2018-07-30 19:06:26.057: [626407] Message size: 5276 bytes
Mon 2018-07-30 19:06:26.057: [626407] Performing DKIM lookup
Mon 2018-07-30 19:06:26.057: [626407] *  File:
c:\mdaemon\queues\temp\md50000683963.tmp
Mon 2018-07-30 19:06:26.057: [626407] *  Message-ID:
<0402a4c8-43311-17b87960910648@desktop-rpujc63>
Mon 2018-07-30 19:06:26.237: [626407] * DKIM-Signature 1: v=1;
a=rsa-sha256; c=relaxed/relaxed; d=aserracapital.com;
s=D2A19B82-12ED-11E4-AB8F-E4229DAA0EE6; t=1532952386; b
h=Message-ID:Reply-To:From:To:Subject:Date:MIME-Version:
Content-Type:Content-Transfer-Encoding; <some tags are
Mon 2018-07-30 19:06:26.237: [626407] *    Verification result: good
signature
Mon 2018-07-30 19:06:26.238: [626407] *  Result: pass
Mon 2018-07-30 19:06:26.238: [626407] ---- End DKIM results
Mon 2018-07-30 19:06:26.242: [626407] Performing DMARC processing
Mon 2018-07-30 19:06:26.242: [626407] *  File:
c:\mdaemon\queues\temp\md50000683963.tmp
Mon 2018-07-30 19:06:26.242: [626407] *  Message-ID:
<0402a4c8-43311-17b87960910648@desktop-rpujc63>
Mon 2018-07-30 19:06:26.242: [626407] *  Author domain: aserracapital.com
Mon 2018-07-30 19:06:26.242: [626407] *  Organizational domain:
aserracapital.com
Mon 2018-07-30 19:06:26.242: [626407] *  Query domain: _
dmarc.aserracapital.com
Mon 2018-07-30 19:07:26.801: [626407] *  DNS: 60 second wait for DNS
response exceeded (DNS Server: 202.146.0.8)
Mon 2018-07-30 19:07:26.801: [626407] *    No DMARC policy record found
Mon 2018-07-30 19:07:26.801: [626407] *  Action taken: none
Mon 2018-07-30 19:07:26.801: [626407] *  Result: none
Mon 2018-07-30 19:07:26.801: [626407] ---- End DMARC results
Mon 2018-07-30 19:07:26.802: [626407] Passing message through AntiVirus
(Size: 5276)...
Mon 2018-07-30 19:07:26.809: [626407] *  Message is clean (no viruses found)
Mon 2018-07-30 19:07:26.809: [626407] ---- End AntiVirus results
Mon 2018-07-30 19:07:27.431: [626407] Passing message through Outbreak
Protection...
Mon 2018-07-30 19:07:27.431: [626407] *  Message-ID:
<0402a4c8-43311-17b87960910648@desktop-rpujc63>
Mon 2018-07-30 19:07:27.431: [626407] *  Reference-ID:
str=0001.0A150204.5B5EFF82.0026,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Mon 2018-07-30 19:07:27.431: [626407] *  Virus result: 0 - Clean
Mon 2018-07-30 19:07:27.431: [626407] *  Spam result: 1 - Clean
Mon 2018-07-30 19:07:27.432: [626407] *  IWF result: 0 - Clean
Mon 2018-07-30 19:07:27.432: [626407] ---- End Outbreak Protection results
Mon 2018-07-30 19:07:27.433: [626407] Passing message through Spam Filter
(Size: 5276)...
Mon 2018-07-30 19:07:27.551: [626407] *  1.1 MIME_HTML_ONLY BODY: Message
only has text/html MIME parts
Mon 2018-07-30 19:07:27.551: [626407] *  0.0 HTML_IMAGE_ONLY_32 BODY: HTML:
images with 2800-3200 bytes of words
Mon 2018-07-30 19:07:27.551: [626407] *  0.0 HTML_MESSAGE BODY: HTML
included in message
Mon 2018-07-30 19:07:27.551: [626407] *  0.0 T_DKIM_INVALID DKIM-Signature
header exists but is not valid
Mon 2018-07-30 19:07:27.551: [626407] *  0.0 T_REMOTE_IMAGE Message
contains an external image
Mon 2018-07-30 19:07:27.551: [626407] ---- End SpamAssassin results
Mon 2018-07-30 19:07:27.551: [626407] Spam Filter score/req: 1.10/12.0
Mon 2018-07-30 19:07:27.553: [626407] Message creation successful:
c:\mdaemon\queues\inbound\md50001850309.msg
Mon 2018-07-30 19:07:27.553: [626407] --> 250 2.6.0 Ok, message saved
<Message-ID: <0402a4c8-43311-17b87960910648@desktop-rpujc63>>
Mon 2018-07-30 19:07:29.605: [626407] Connection closed
Mon 2018-07-30 19:07:29.605: [626407] SMTP session successful (Bytes
in/out: 5405/438)
Mon 2018-07-30 19:07:29.605: ----------

mohon arahannya pak,sementara sudah kami blacklist tetapi di queue, tumbuh
besar pada RAW queue.
mohon bantaunnya pak. terima kasih

salam,
ardiansyah

-- 
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir MD 18.0.2, SG 5.5.0

Kirim email ke