On 20/02/19 16.15, Syafril Hermansyah (syaf...@dutaint.co.id) wrote: Aktifkan dynamic screening --------------------------
New Dynamic Screening dan Location Screening ini merupakan mail firewall di MDaemon, transaksi blockingnya tidak tercatat di smtp-in log melainkan di screening log dan DynScrn log. Jadi pastikan screening log aktif http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?dynamic-screening_options.htm [x] Enable the Dynamic Screening service [x] Enable Authentication Failure Tracking [x] Enable Dynamic Screening Blacklist [x] Enable Dynamic Screening Whitelist Log level = Info menu yang lain bisa ikuti standar instalasi (di gambar). http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?dynamic-screening_auth-failure-tracking.htm [x] Ignore authentication attempts using identical passwords Block addresses after 10 authentication failures within 1 Days [x] Enable IPv4 aggregation as low as x.x.x.x/ 24 identical bits (CIDR) [ ] Enable IPv6 aggregation as low as x::::x:x/ [xx] identical bits (CIDR) Multiple Offense Penalties Default expiration timeout = 4 hours Second offense penalty = 2 days Third offense penalty = 3 days Fourth offense penalty = 4 days Account Freezing Options [ ] Freeze accounts that fail authentication [xx] times within [xx] [Minutes | Hours | Days] http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?dynamic-screening_notifications.htm Authentication Failure Reports [x] Notify when an account's Auth failure count reaches [xx] occurrences [ ] Send report to global postmaster [x] Send report to global admins Frozen Accounts Report [x] Notify when an account is frozen [ ] Send report to global postmaster [x] Send report to global admins IP Address Blocking Reports [x] Notify when an IP address is blocked (including those blocked via the API) [ ] Send report to global postmaster [x] Send report to global admins Expiration Reports [x] Send reports on blocked addresses as their records expire [x] Send reports on exempt/whitelisted addresses as their records expire [x] Send reports on frozen accounts that are automatically thawed [ ] Send report to global postmaster [x] Send report to global admins Global Administrator bisa di set dari account manager http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?ae_administrative_roles.htm [x] Account is a global administrator Jika ada hacker dari negara sendiri masukkan block IPnya ke dynamic blacklist. http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?dynamic-screening_dynamic-blacklist.htm periksa secara berkala MDaemom Notification message perihal mail masuk ke holding queue, account di freeze yang ditujukan ke postmaster account alias atau ke akun yang ditunjuk (mempunyai Role) sebagai Global Administrator. Aktifkan account hijack Detection --------------------------------- Kalau suatu akun terkena hijack maka akan banyak sekali spam mail terkirim ke internet sehingga membuat server kita diblock oleh banyak receiver domain atau masuk kedalam DNS-BL, jadi perlu dihindari demi kebaikkan bersama untuk seluruh user. Untuk meminimalisasi hal itu maka aktifkan account Hijack Detection http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?security--hijack_detection.htm [x] Limit messages sent from reserved IPs to [xx] msgs in [xx] minutes [x] Limit messages sent from local IPs to [xx] msgs in [xx] minutes [x] Include LAN IPs when limiting local IPs [x] Send 5XX when limit is reached [x] Freeze accounts when limit is reached Pengaktifan Strong Password ---------------------------- Pengaktifan Strong Password dimulai dari Account Template http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?template-manager_template.htm [x] Account must change mailbox password before it can connect dan hak akses untuk ganti password diberikan ke user http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?template-manager_web-services.htm [x] Enable Webmail access [x] Enable Remote Administration access Remote Administration Allows User to... [x] ...edit password Saat akun baru dibuat bisa diberikan strong password yang standard, mudah diinformasikan lewat telepon/voice, sms misalkan standar yang digunakan = NamaPerusahaan### atau $JargonPerusahaan$ Setelah itu minta user baru akses ke webmail untuk ganti passwordnya dengan strong password https://www.lastpass.com/password-generator Pastikan browser yang digunakan user disable POPup blocing atau allow link webmail http://mail.domain.tld untuk popup di PC client. http://www.practicalecommerce.com/Managing-Pop-Ups-in-Internet-Explorer-Firefox-and-Chrome Prasyarat agar mereka ganti password dengan strong password maka pastikan menu berikut aktif http://mdaemon.dutaint.co.id/mdaemon/17.5/index.html?passwords.htm [x] Require strong passwords Minimum password length: 6 klik "Edit the bad password file" daftar password yang mudah ditebak dimasukkan kedalam daftar "bad password" http://newsfeed.time.com/2014/01/20/the-25-worst-passwords-of-2013/ http://www.forbes.com/sites/ygrauer/2016/01/20/2015-passwords-really-bad-make-sure-yours-not-on-list/#d33b9144d355 Tindakan Penanggulangan kalau akun sudah terkena Hijack ------------------------------------------------------- --- dilanjutkan ke bagian 3 --> -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 18.5.2-64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. It is not that I'm so smart. But I stay with the questions much longer. --- Albert Einstein -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 18.5.2, SG 6.0