Wed 2020-05-27 10:17:05.171: Session 175268; child 0006 Wed 2020-05-27 10:17:05.171: Accepting SMTP connection from 198.37.158.104:59087 to 10.99.0.1:25
Wed 2020-05-27 10:17:05.200: --> 220 mail.eaglehighplantations.com ESMTP MDaemon 19.5.1; Wed, 27 May 2020 10:17:05 +0700 Wed 2020-05-27 10:17:05.609: <-- EHLO csnrwzsv.outbound-mail.sendgrid.net Wed 2020-05-27 10:17:05.639: EHLO/HELO response delayed 10 seconds Wed 2020-05-27 10:17:15.657: --> 250-mail.eaglehighplantations.com Hello csnrwzsv.outbound-mail.sendgrid.net [198.37.158.104], pleased to meet you Wed 2020-05-27 10:17:15.657: --> 250-ETRN Wed 2020-05-27 10:17:15.657: Location Screening hiding AUTH from country United States Wed 2020-05-27 10:17:15.657: --> 250-8BITMIME Wed 2020-05-27 10:17:15.657: --> 250-ENHANCEDSTATUSCODES Wed 2020-05-27 10:17:15.657: --> 250-STARTTLS Wed 2020-05-27 10:17:15.657: --> 250 SIZE 15360000 Wed 2020-05-27 10:17:15.926: <-- MAIL FROM:<[email protected]> Wed 2020-05-27 10:17:15.927: Performing PTR lookup (104.158.37.198.IN-ADDR.ARPA) Wed 2020-05-27 10:17:15.982: * D=104.158.37.198.in-addr.arpa TTL=(15) PTR=[csnrwzsv.outbound-mail.sendgrid.net] Wed 2020-05-27 10:17:16.033: * D=csnrwzsv.outbound-mail.sendgrid.net TTL=(15) A=[198.37.158.104] Wed 2020-05-27 10:17:16.033: ---- End PTR results Wed 2020-05-27 10:17:16.033: Performing IP lookup (csnrwzsv.outbound-mail.sendgrid.net) Wed 2020-05-27 10:17:16.067: * D=csnrwzsv.outbound-mail.sendgrid.net TTL=(15) A=[198.37.158.104] Wed 2020-05-27 10:17:16.067: ---- End IP lookup results Wed 2020-05-27 10:17:16.069: Performing IP lookup (sendgrid.net) Wed 2020-05-27 10:17:16.087: * D=sendgrid.net TTL=(1) A=[167.89.123.54] Wed 2020-05-27 10:17:16.087: * D=sendgrid.net TTL=(1) A=[167.89.115.56] Wed 2020-05-27 10:17:16.105: * P=010 S=000 D=sendgrid.net TTL=(1) MX=[mx2.sendgrid.net] Wed 2020-05-27 10:17:16.105: * P=020 S=001 D=sendgrid.net TTL=(1) MX=[mx.sendgrid.net] Wed 2020-05-27 10:17:16.123: * D=mx2.sendgrid.net TTL=(1) A=[167.89.123.50] Wed 2020-05-27 10:17:16.123: * D=mx2.sendgrid.net TTL=(1) A=[167.89.118.48] Wed 2020-05-27 10:17:16.141: * D=mx.sendgrid.net TTL=(1) A=[167.89.123.50] Wed 2020-05-27 10:17:16.141: * D=mx.sendgrid.net TTL=(1) A=[167.89.118.48] Wed 2020-05-27 10:17:16.141: ---- End IP lookup results Wed 2020-05-27 10:17:16.147: Performing SPF lookup (csnrwzsv.outbound-mail.sendgrid.net / 198.37.158.104) Wed 2020-05-27 10:17:16.197: * Result: none; no SPF record in DNS Wed 2020-05-27 10:17:16.197: ---- End SPF results Wed 2020-05-27 10:17:16.197: Performing SPF lookup (sendgrid.net / 198.37.158.104) Wed 2020-05-27 10:17:16.200: * Policy: v=spf1 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 wlinclude:ptpn2.com ~all Wed 2020-05-27 10:17:16.200: * Evaluating ip4:167.89.0.0/17: no match Wed 2020-05-27 10:17:16.200: * Evaluating ip4:208.117.48.0/20: no match Wed 2020-05-27 10:17:16.200: * Evaluating ip4:50.31.32.0/19: no match Wed 2020-05-27 10:17:16.200: * Evaluating ip4:198.37.144.0/20: match Wed 2020-05-27 10:17:16.200: * Result: pass Wed 2020-05-27 10:17:16.200: ---- End SPF results Wed 2020-05-27 10:17:16.200: --> 250 2.1.0 Sender OK Wed 2020-05-27 10:17:16.486: <-- RCPT TO:<[email protected]> Wed 2020-05-27 10:17:16.500: Performing DNS-BL lookup (198.37.158.104 - connecting IP) Wed 2020-05-27 10:17:16.574: * zen.spamhaus.org - passed Wed 2020-05-27 10:17:16.574: ---- End DNS-BL results Wed 2020-05-27 10:17:16.637: --> 250 2.1.5 Recipient OK Wed 2020-05-27 10:17:17.202: <-- DATA Wed 2020-05-27 10:17:17.210: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000769706.tmp Wed 2020-05-27 10:17:17.210: --> 354 Enter mail, end with <CRLF>.<CRLF> Wed 2020-05-27 10:17:17.222: Message size: 4002 bytes Wed 2020-05-27 10:17:17.224: Performing DKIM lookup Wed 2020-05-27 10:17:17.224: * File: c:\mdaemon\queues\temp\md50000769706.tmp Wed 2020-05-27 10:17:17.224: * Message-ID: <[email protected]> Wed 2020-05-27 10:17:17.311: * DKIM-Signature 1: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.me; s=smtpapi; <some tags are not logged> Wed 2020-05-27 10:17:17.311: * Verification result: good signature Wed 2020-05-27 10:17:17.312: * Result: pass Wed 2020-05-27 10:17:17.312: ---- End DKIM results Wed 2020-05-27 10:17:17.323: Passing message through Spam Filter (Size: 4002)... Wed 2020-05-27 10:17:17.729: * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was Wed 2020-05-27 10:17:17.729: * blocked. See Wed 2020-05-27 10:17:17.729: * http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block Wed 2020-05-27 10:17:17.729: * for more information. Wed 2020-05-27 10:17:17.729: * [URIs: eaglehighplantations.com] Wed 2020-05-27 10:17:17.729: * 0.3 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level Wed 2020-05-27 10:17:17.729: * mail domains are different Wed 2020-05-27 10:17:17.729: * 0.0 HTML_MESSAGE BODY: HTML included in message Wed 2020-05-27 10:17:17.729: * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or Wed 2020-05-27 10:17:17.729: * identical to background Wed 2020-05-27 10:17:17.729: * 1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of Wed 2020-05-27 10:17:17.729: * words Wed 2020-05-27 10:17:17.729: * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts Wed 2020-05-27 10:17:17.729: * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay Wed 2020-05-27 10:17:17.729: * lines Wed 2020-05-27 10:17:17.729: * 0.0 T_REMOTE_IMAGE Message contains an external image Wed 2020-05-27 10:17:17.729: ---- End SpamAssassin results Wed 2020-05-27 10:17:17.729: Spam Filter score/req: 1.60/12.0 Wed 2020-05-27 10:17:17.795: Message creation successful: c:\mdaemon\queues\inbound\md50003946642.msg Wed 2020-05-27 10:17:17.795: --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> Wed 2020-05-27 10:17:19.622: <-- QUIT Wed 2020-05-27 10:17:19.622: --> 221 2.0.0 See ya in cyberspace Wed 2020-05-27 10:17:19.622: SMTP session successful (Bytes in/out: 4180/505) Wed 2020-05-27 10:17:19.622: ---------- Wed 2020-05-27 10:17:19.690: Session 175369; child 0005 From: [email protected] [mailto:[email protected]] On Behalf Of Arif Santoso Sent: 27 Mei 2020 10:17 To: Milis Komunitas MDaemon Indonesia Subject: [mdaemon-l] Penyusup Mdaemon Server Dear All, Ada user dengan alamat pengirim dari email server. Padahal user tersebut tidak ada. From: eaglehighplantations.com<[email protected]> kok bisa ya, saya cari di log smtp (in) juga nggak ada. Mohon pencerahan nya. Rgds, Arif -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke [email protected] Henti Langgan: Kirim mail ke [email protected] Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2 -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke [email protected] Henti Langgan: Kirim mail ke [email protected] Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2
