Dear Pak Syafril,
Jika di MXtoolbox sudah ke capture DKIM nya, tetapi di tes di
http://www.appmaildev.com/en/dkim/ masih none kenapa ya pak ?
Terima kasih.
On 02/05/2019 08.43, Syafril Hermansyah wrote:
Hallo,
Tips ini mengupdate tips
https://www.mail-archive.com/[email protected]/msg39107.html
DKIM (Domain Keys Identified Mail) adalah protokol antispoofing untuk
domain, mencegah pemalsuan identitas dari domain yang digunakan
institusi, agar rekan korespondensi terhindar dari phising spam mail dan
juga mencegah pemalsuan mail dari diri sendiri.
http://dkim.org/
https://security.stackexchange.com/questions/151241/security-of-spf-vs-spf-and-dkim-in-email
Dengan semakin tingginya penggunaan mail, membuat banyak free public
mail provider menerapkan "receiving rate limit" (maksimum incoming mail
per menit/per jam / per hari), dengan maksud mengurangi jumlah spam mail
yang masuk ke usernya. Akan tetapi jika sender domain menerapkan DKIM
maka "receiving rate limit" nya akan berbeda atau bahkan tidak
diterapkan, akan mendapatkan prioritas untuk diterima.
Dengan diimplementasikannya PGP (Pretty Good Privacy) private anti
spoofing di MDaemon maka komponen ADSP (Author Domain Signing Practices)
plugin menjadi usang (deprecated), karena jika mail di tanda tangani
dengan Inline PGP membuat DKIM signing failure.
Singkatnya, kalau mengaktifkan MDaemon PGP maka ADSP jangan diaktifkan.
Sebagai pengganti dari ADSP, diaktifkan kembali Domainkey (DK) Policy
o=~ NEUTRAL or RELAXED (signature optional)
o=- STRONG (signature required, but not necessarily from my domain)
o=! EXCLUSIVE (signature required, and it must be from my domain) *
o=. NEVER (this site doesn't send mail)
o=^ USER (reserved for future use)
Implementasi DKIM di MDaemon dilakukan sbb :
1. Generate DKIM keys
http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?security--dkim_sign.htm
Default selector: MDaemon
- klik "Create new public and private keys"
- melalui windows explorer lihat ke folder \\mdaemon\pem\mdaemon, view
file DNS_readme.txt dengan notepad.
2. Aktifkan DKIM signing
http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?security--dkim_options.htm
[x] Signatures expire after [XX] days ("x=" tag, 7 days recommended)
[x] Signatures include creation time stamp (include t= tag)
[x] Sign outgoing messages using DomainKeys Identified Mail (DKIM)
[x] Signatures include query method(s) (include q= tag)
di options menu ikuti standar bawaan instalasi, atau
http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?security--dkim_sign.htm
Canonicalize headers using : Relaxed
Canonicalize body using: Relaxed
3. Buat DNS TXT record sesuai contoh yg diberikan di file DNS_readme.txt.
DKIM selector record for DNS:
MDaemon._domainkey.dutaint.co.id descriptive text "v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1ODaekvCiBrYYSFcVvXeLVUGHeu+QHn2+x+N1WsBALqj4neHpF3DoS1js2LAkvrPVIAB2Wx+TciOlgOOtP1lI2bxo9hPIiwwC/o7PYRk1HFfvTncBi8xU8MFn9btA7PlnAp9pU5GwJbYPy5Aqo8OmFNCMjudzGWSQlQWEnayfywIDAQAB"
buat DomainKeys policy
_domainkey.dutaint.co.id descriptive text "o=~"
DNS TXT record dibuat di Name Server domain (Authoritative DNS server)
bisa dicheck dengan command
$ nslookup -q=soa dutaint.co.id
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
dutaint.co.id
origin = ns1.dutaint.com
mail addr = hostmaster.dutaservisindo.co.id
serial = 2019050203
refresh = 86400
retry = 3600
expire = 1209600
minimum = 259200
artinya DNS TXT record untuk domain dutaint.co.id dibuat di DNS server
ns1.dutaint.com
Periksa DNS DKIM/TXT record yang sudah dibuat dari sini
http://mxtoolbox.com/dkim.aspx
atau dari
https://www.mail-tester.com/spf-dkim-check
atau pakai utility nslookup yang ada di semua Operating System
c:\ nslookup -q=txt MDaemon._domainkey.dutaint.co.id
c:\ nslookup -q=txt _domainkey.dutaint.co.id
4. Lakukan test dengan kirim mail ke situs DKIM testing
http://www.appmaildev.com/en/dkim/
klik "next step", nanti akan tampil email address yang bisa dikirimi
DKIM message.
atau dari
https://dkimvalidator.com/
kirim mail ke [email protected] (yang diberikan disitu).
lihat hasilnya dari dengan klik menu "view result."
============================================================================
This is SPF/DKIM/DMARC/RBL report generated by a test tool provided
by AdminSystem Software Limited.
Any problem, please contact [email protected]
============================================================================
Report-Id: 0cc3e67a
Sender: <[email protected]>
Header-From: <[email protected]>
HELO-Domain: mail.persada.id
Source-IP: 124.81.84.135
Validator-Version: 1.08
============================================================================
Original email header:
x-sender: [email protected]
x-receiver: [email protected]
Received: from mail.persada.id ([124.81.84.135]) by appmaildev.com with
Microsoft SMTPSVC(8.5.9600.16384);
Mon, 6 May 2019 02:34:41 +0000
X-MDAV-Processed: mail.persada.id, Mon, 06 May 2019 09:34:39 +0700
Received: from benkbenk [(124.81.84.130)] by mail.persada.id (124.81.84.135)
(MDaemon PRO v19.0.0)
with ESMTPA id md50003875612.msg; Mon, 06 May 2019 09:34:39 +0700
X-Spam-Processed: mail.persada.id, Mon, 06 May 2019 09:34:39 +0700
(not processed: message from trusted or authenticated source)
X-MDRemoteIP: 124.81.84.130
X-MDHelo: benkbenk
X-MDArrival-Date: Mon, 06 May 2019 09:34:39 +0700
X-Authenticated-Sender: [email protected]
X-Return-Path: [email protected]
X-Envelope-From: [email protected]
X-MDaemon-Deliver-To: [email protected]
From: "Bambang Setiawan" <[email protected]>
To: <[email protected]>
Subject: tes
Date: Mon, 6 May 2019 09:34:38 +0700
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0042_01D503EE.EC920530"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdUDtD/VE+s8/D7MSb6RL7a5VwFFxg==
Content-Language: id
Return-Path: [email protected]
X-OriginalArrivalTime: 06 May 2019 02:34:41.0720 (UTC)
FILETIME=[42371380:01D503B4]
============================================================================
SPF: Pass
============================================================================
SPF-Record: v=spf1 +a +mx +ip4:124.81.84.135 ~all
Sender-IP: 124.81.84.135
Sender-Domain-Helo-Domain: persada.id
Query TEXT record from DNS server for: persada.id
[TXT]: v=spf1 +a +mx +ip4:124.81.84.135 ~all
[TXT]: v=spf1 ip4:124.81.84.135 a mx include:indosat.net.id -all
Parsing SPF record: v=spf1 +a +mx +ip4:124.81.84.135 ~all
Mechanisms: v=spf1
Mechanisms: +a
Testing mechanism a
Query A record from DNS server for: persada.id
[A]: 202.155.27.140
Testing CIDR: source=124.81.84.135; 202.155.27.140/128
Mechanisms: +mx
Testing mechanism mx
Query MX record from DNS server for: persada.id
[MX]: mail.persada.id
Testing mechanism A:mail.persada.id/128
Query A record from DNS server for: mail.persada.id
[A]: 124.81.84.135
Testing CIDR: source=124.81.84.135; 124.81.84.135/128
mx hit, Qualifier: +
============================================================================
DKIM: none
============================================================================
DKIM-Result: none (no signature)
============================================================================
DMARC: none
============================================================================
_dmarc.persada.id: Non-Record
Received-SPF: pass (appmaildev.com: domain of
[email protected] designates 124.81.84.135 as
permitted sender) client-ip=124.81.84.135
Authentication-Results: appmaildev.com;
dkim=none;
spf=pass (appmaildev.com: domain of
[email protected] designates 124.81.84.135 as
permitted sender) client-ip=124.81.84.135;
dmarc=none header.from=persada.id;
============================================================================
DomainKey: none
============================================================================
DomainKey-Result: none (no signature)
If DKIM result is passed, you can ignore DomainKey result: none
============================================================================
PTR: ExistsRecord
============================================================================
Sender-IP: 124.81.84.135
Query 135.84.81.124.in-addr.arpa
Host: mail.persada.id
============================================================================
RBL: NotListed
============================================================================
bl.spamcop.net:Not Listed (OK) - http://bl.spamcop.net
cbl.abuseat.org:Not Listed (OK) - http://cbl.abuseat.org
b.barracudacentral.org:Not Listed (OK) -
http://www.barracudacentral.org/rbl/removal-request
dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
http.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
dul.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
misc.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
smtp.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
socks.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
spam.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
web.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
zombie.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
pbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/pbl/
sbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/sbl/
xbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/xbl/
zen.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/zen/
ubl.unsubscore.com:Not Listed (OK) - http://www.lashback.com/blacklist/
rbl.spamlab.com:Not Listed (OK) - http://tools.appriver.com/index.aspx?tool=rbl
dyna.spamrats.com:Not Listed (OK) - http://www.spamrats.com
noptr.spamrats.com:Not Listed (OK) - http://www.spamrats.com
spam.spamrats.com:Not Listed (OK) - http://www.spamrats.com
cbl.anti-spam.org.cn:Not Listed (OK) -
http://www.anti-spam.org.cn/?Locale=en_US
cdl.anti-spam.org.cn:Not Listed (OK) -
http://www.anti-spam.org.cn/?Locale=en_US
dnsbl.inps.de:Not Listed (OK) - http://dnsbl.inps.de/index.cgi?lang=en
drone.abuse.ch:Not Listed (OK) - http://dnsbl.abuse.ch
httpbl.abuse.ch:Not Listed (OK) - http://dnsbl.abuse.ch
korea.services.net:Not Listed (OK) - http://korea.services.net
spamrbl.imp.ch:Not Listed (OK) - http://antispam.imp.ch
wormrbl.imp.ch:Not Listed (OK) - http://antispam.imp.ch
virbl.bit.nl:Not Listed (OK) - http://virbl.bit.nl
rbl.suresupport.com:Not Listed (OK) - http://suresupport.com/postmaster
dsn.rfc-ignorant.org:Not Listed (OK) -
http://www.rfc-ignorant.org/policy-dsn.php
spamguard.leadmon.net:Not Listed (OK) - http://www.leadmon.net/SpamGuard/
dnsbl.tornevall.org:Not Listed (OK) - http://opm.tornevall.org
netblock.pedantic.org:Not Listed (OK) - http://pedantic.org
multi.surbl.org:Not Listed (OK) - http://www.surbl.org
ix.dnsbl.manitu.net:Not Listed (OK) - http://www.dnsbl.manitu.net
tor.dan.me.uk:Not Listed (OK) - http://www.dan.me.uk/dnsbl
rbl.efnetrbl.org:Not Listed (OK) - http://rbl.efnetrbl.org
dnsbl.dronebl.org:Not Listed (OK) - http://www.dronebl.org
access.redhawk.org:Not Listed (OK) -
http://www.redhawk.org/index.php?option=com_wrapper&Itemid=33
db.wpbl.info:Not Listed (OK) - http://www.wpbl.info
rbl.interserver.net:Not Listed (OK) - http://rbl.interserver.net
query.senderbase.org:Not Listed (OK) - http://www.senderbase.org/about
bogons.cymru.com:Not Listed (OK) - http://www.team-cymru.org/Services/Bogons/
csi.cloudmark.com:Not Listed (OK) -
http://www.cloudmark.com/en/products/cloudmark-sender-intelligence/index
short.rbl.jp:DnsTimeout - http://www.rbl.jp
virus.rbl.jp:DnsTimeout - http://www.rbl.jp
============================================================================
Original message source
============================================================================
x-sender: [email protected]
x-receiver: [email protected]
Received: from mail.persada.id ([124.81.84.135]) by appmaildev.com with
Microsoft SMTPSVC(8.5.9600.16384);
Mon, 6 May 2019 02:34:41 +0000
X-MDAV-Processed: mail.persada.id, Mon, 06 May 2019 09:34:39 +0700
Received: from benkbenk [(124.81.84.130)] by mail.persada.id (124.81.84.135)
(MDaemon PRO v19.0.0)
with ESMTPA id md50003875612.msg; Mon, 06 May 2019 09:34:39 +0700
X-Spam-Processed: mail.persada.id, Mon, 06 May 2019 09:34:39 +0700
(not processed: message from trusted or authenticated source)
X-MDRemoteIP: 124.81.84.130
X-MDHelo: benkbenk
X-MDArrival-Date: Mon, 06 May 2019 09:34:39 +0700
X-Authenticated-Sender: [email protected]
X-Return-Path: [email protected]
X-Envelope-From: [email protected]
X-MDaemon-Deliver-To: [email protected]
From: "Bambang Setiawan" <[email protected]>
To: <[email protected]>
Subject: tes
Date: Mon, 6 May 2019 09:34:38 +0700
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0042_01D503EE.EC920530"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdUDtD/VE+s8/D7MSb6RL7a5VwFFxg==
Content-Language: id
Return-Path: [email protected]
X-OriginalArrivalTime: 06 May 2019 02:34:41.0720 (UTC)
FILETIME=[42371380:01D503B4]
This is a multipart message in MIME format.
------=_NextPart_000_0042_01D503EE.EC920530
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
--
CONFIDENTIALITY NOTICE
"This e-mail message including any attachment(s) is from PT. Personel Alih Daya
(Persada). It may contain confidential and/or privileged information. Unless
you are the intended recipient (or authorized to receive for the intended
recipient) you may not read, print, retain, use, copy, distribute or disclose
to anyone the message or any information contained in the message herein. If
you have received this communication in error, please advise the sender by
reply e-mail and destroy all copies (including any attachments) of the original
message. PT. Personel Alih Daya (Persada) is neither liable for the proper and
complete transmission of the information contained in this communication nor
for any delay in its receipt."
------=_NextPart_000_0042_01D503EE.EC920530
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV=3D"Content-Type" CONTENT=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3D"#0563C1=
" vlink=3D"#954F72"><div class=3DWordSection1><p class=3DMsoNormal><o:p>&nb=
sp;</o:p></p></div><br><div>-- </div>
<div> </div>
<div style=3D"text-align:justify"><b>CONFIDENTIALITY NOTICE</b><br />
"This e-mail message including any attachment(s) is from PT. Personel Alih =
Daya (Persada). It may contain confidential and/or privileged information. =
Unless you are the intended recipient (or authorized to receive for the int=
ended recipient) you may not read, print, retain, use, copy, distribute or =
disclose to anyone the message or any information contained in the message =
herein. If you have received this communication in error, please advise the=
sender by reply e-mail and destroy all copies (including any attachments) =
of the original message. PT. Personel Alih Daya (Persada) is neither liable=
for the proper and complete transmission of the information contained=
in this communication nor for any delay in its receipt."</div></body></htm=
l>
------=_NextPart_000_0042_01D503EE.EC920530--
============================================================================
