[mdaemon-l] Connection Refuse

Bambang Setiawan via mdaemon-l Tue, 17 Nov 2020 00:23:47 -0800


On 17/11/2020 13.41, Syafril Hermansyah via mdaemon-l wrote:


Nah ini dia penyebabnya mail  2020-11-16 11:27:44 s.d 14.00 ditolak.
Cari di smtp-in log 2020-11-16 berkisar jam 10 - 11.18 apakah ada transaksi dari
103.69.140.247 [sinsgout.his.huawei.com] yang ditolak karena kirim mail ke
banyak unknown recipient.


Sepertinya ini log terakhirnya pak,

Mon 2020-11-16 11:18:58.288: 01: ----------

Mon 2020-11-16 11:18:59.265: 05: [07641866] Session 07641866; child 0004

Mon 2020-11-16 11:18:59.265: 05: [07641866] Accepting SMTP connectionfrom 103.69.140.247:35689 to 124.81.84.135:25Mon 2020-11-16 11:18:59.265: 07: [07641866] Location Screen saysconnection is from Malaysia, AsiaMon 2020-11-16 11:18:59.266: 03: [07641866] --> 220 mail.persada.idESMTP MDaemon 20.0.1; Mon, 16 Nov 2020 11:18:59 +0700

Mon 2020-11-16 11:18:59.281: 02: [07641866] <-- EHLO sinsgout.his.huawei.com

Mon 2020-11-16 11:18:59.282: 03: [07641866] --> 250-mail.persada.idHello sinsgout.his.huawei.com [103.69.140.247], pleased to meet you

Mon 2020-11-16 11:18:59.282: 03: [07641866] --> 250-ETRN

Mon 2020-11-16 11:18:59.282: 07: [07641866] Location Screening hidingAUTH from country Malaysia, Asia

Mon 2020-11-16 11:18:59.282: 03: [07641866] --> 250-8BITMIME
Mon 2020-11-16 11:18:59.282: 03: [07641866] --> 250-ENHANCEDSTATUSCODES
Mon 2020-11-16 11:18:59.282: 03: [07641866] --> 250 SIZE

Mon 2020-11-16 11:18:59.297: 02: [07641866] <-- MAILFROM:<[email protected]> SIZE=3077800Mon 2020-11-16 11:18:59.306: 05: [07641866] Performing PTR lookup(247.140.69.103.IN-ADDR.ARPA)Mon 2020-11-16 11:18:59.308: 05: [07641866] *D=247.140.69.103.IN-ADDR.ARPA TTL=(6) PTR=[sinsgout.his.huawei.com]Mon 2020-11-16 11:18:59.310: 05: [07641866] * D=sinsgout.his.huawei.comTTL=(6) A=[103.69.140.247]

Mon 2020-11-16 11:18:59.310: 05: [07641866] ---- End PTR results

Mon 2020-11-16 11:18:59.312: 05: [07641866] Performing IP lookup(sinsgout.his.huawei.com)Mon 2020-11-16 11:18:59.313: 05: [07641866] * D=sinsgout.his.huawei.comTTL=(6) A=[103.69.140.247]

Mon 2020-11-16 11:18:59.313: 05: [07641866] ---- End IP lookup results

Mon 2020-11-16 11:18:59.319: 05: [07641866] Performing IP lookup(huawei.com)Mon 2020-11-16 11:18:59.321: 05: [07641866] * D=huawei.com TTL=(6)A=[121.37.49.12]Mon 2020-11-16 11:18:59.322: 05: [07641866] * P=010 S=001 D=huawei.comTTL=(6) MX=[mx5.huawei.com]Mon 2020-11-16 11:18:59.322: 05: [07641866] * P=020 S=000 D=huawei.comTTL=(6) MX=[mx7.huawei.com]Mon 2020-11-16 11:18:59.322: 05: [07641866] * P=030 S=002 D=huawei.comTTL=(6) MX=[mx8.his.huawei.com]Mon 2020-11-16 11:18:59.322: 05: [07641866] * P=030 S=003 D=huawei.comTTL=(6) MX=[mx9.his.huawei.com]Mon 2020-11-16 11:18:59.324: 05: [07641866] * D=mx5.huawei.com TTL=(6)A=[103.218.216.136]Mon 2020-11-16 11:18:59.325: 05: [07641866] * D=mx7.huawei.com TTL=(6)A=[168.195.93.46]Mon 2020-11-16 11:18:59.327: 05: [07641866] * D=mx8.his.huawei.comTTL=(6) A=[103.69.140.246]Mon 2020-11-16 11:18:59.328: 05: [07641866] * D=mx9.his.huawei.comTTL=(6) A=[185.176.79.54]

Mon 2020-11-16 11:18:59.328: 05: [07641866] ---- End IP lookup results
Mon 2020-11-16 11:18:59.330: 03: [07641866] --> 250 2.1.0 Sender OK

Mon 2020-11-16 11:18:59.345: 02: [07641866] <-- RCPTTO:<[email protected]>Mon 2020-11-16 11:18:59.348: 01: [07641866] Sender attempted to delivermessage to unknown addressMon 2020-11-16 11:18:59.348: 03: [07641866] --> 550 5.1.1 Recipientunknown <[email protected]>Mon 2020-11-16 11:18:59.378: 02: [07641866] <-- RCPTTO:<[email protected]>Mon 2020-11-16 11:18:59.380: 01: [07641866] Sender attempted to delivermessage to unknown addressMon 2020-11-16 11:18:59.380: 03: [07641866] --> 550 5.1.1 Recipientunknown <[email protected]>

Mon 2020-11-16 11:18:59.409: 02: [07641866] <-- RCPT TO:<[email protected]>

Mon 2020-11-16 11:18:59.411: 01: [07641866] Sender attempted to delivermessage to unknown addressMon 2020-11-16 11:18:59.411: 03: [07641866] --> 550 5.1.1 Recipientunknown <[email protected]>Mon 2020-11-16 11:18:59.437: 02: [07641866] <-- RCPTTO:<[email protected]>Mon 2020-11-16 11:18:59.439: 01: [07641866] Sender attempted to delivermessage to unknown addressMon 2020-11-16 11:18:59.439: 03: [07641866] --> 550 5.1.1 Recipientunknown <[email protected]>

Mon 2020-11-16 11:18:59.469: 02: [07641866] <-- RCPT TO:<[email protected]>

Mon 2020-11-16 11:18:59.471: 01: [07641866] More than 5 RCPT commandsencountered; this session tarpitted with a 10 second initial delayscaling by 1.00Mon 2020-11-16 11:18:59.472: 01: [07641866] Sender attempted to delivermessage to unknown addressMon 2020-11-16 11:18:59.472: 03: [07641866] --> 550 5.1.1 Recipientunknown <[email protected]>Mon 2020-11-16 11:18:59.583: 01: [07641866] Dynamic screeningconfiguration requires closing this sessionMon 2020-11-16 11:18:59.583: 04: [07641866] SMTP session terminated(Bytes in/out: 248/505)

Mon 2020-11-16 11:18:59.583: 01: ----------

Kalau melihat errornya, terindikasi setting SMTP screening terlalu kecil
nilainya, perlu dinaikkan nilainya mengantisipasi sender salah tulis alamat
recipient.

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?security--smtp_screen.htm

Block IPs that cause this many failed RCPTs = 10

Disamping itu jika ada server/ip yang masuk kedalam dynamic blacklist akan ada
notification ke global administrator, yang akan bisa remove dari blacklist
dengan mereply mail tersebut (Thaw).

Dynamic blacklist jangan di set terlalu lama untuk first guilty, cukupkan dalam
bilangan jam/hour, misalkan 3 hours agar bisa auto thaw dalam waktu singkat.

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?dynamic-screening_auth-failure-tracking.htm


Default expiration timeout = 3 hours.

Baik Pak, saya sudah sesuaikan seperti yang Bapak sarankan.

Pagi tadi sementara Dynamic Screening nya saya non aktifkan Pak, dansaya tes email dari [email protected] bisa diterima,

Jika saya aktifkan kembali dynamic screening dengan opsi yang sudahdisesuaikan apakah harusnya sudah normal kembali mail server saya pak.



Terima kasih.

--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.1

[mdaemon-l] Connection Refuse

Kirim email ke