On 12/05/21 15.32, Arif Santoso wrote: >> Kalau lewat MDaemon webmail: >> Pilih Spam message yang akan diforward. >> - Dari Right-Mouse-Clik menu pilih "forward as attachment". > Saya Cuma bisa dapat log ini pak. kok bisa tembus ya...
Bisa juga kirim smtp-in log dan lebih mudah di analisis, tetapi harus satu persatu tidak seperti forward as attachment yang bisa sekaligus dilakukan dalam 1 action (pilih semua spam message lalu forward as attachment). > Tue 2021-05-11 15:49:27.337: Performing DKIM verification > Tue 2021-05-11 15:49:27.337: * File: > c:\mdaemon\queues\temp\md5001000635771.tmp > Tue 2021-05-11 15:49:27.337: * Message-ID: > <[email protected]> > Tue 2021-05-11 15:49:27.337: * Result: neutral > Tue 2021-05-11 15:49:27.337: ---- End DKIM results > Tue 2021-05-11 15:49:27.345: Performing DMARC processing > Tue 2021-05-11 15:49:27.345: * File: > c:\mdaemon\queues\temp\md5001000635771.tmp > Tue 2021-05-11 15:49:27.345: * Message-ID: > <[email protected]> > Tue 2021-05-11 15:49:27.345: * Author domain: eaglehighplantations.com > Tue 2021-05-11 15:49:27.345: * Organizational domain: > eaglehighplantations.com > Tue 2021-05-11 15:49:27.345: * Query domain: _dmarc.eaglehighplantations.com > Tue 2021-05-11 15:49:27.352: * No DMARC policy record found > Tue 2021-05-11 15:49:27.352: * Action taken: none > Tue 2021-05-11 15:49:27.352: * Result: none > Tue 2021-05-11 15:49:27.352: ---- End DMARC results Ini spam yang pakai cara domain spoofing (From address pakai @eaglehighplantations.com). Bisa terjadi karena domain eaglehighplantations.com tidak diproteksi dengan antispoofing domain yang cukup. https://www.mail-archive.com/[email protected]/msg46228.html 1. SPF domain eaglehighplantations.com policy (qualifier) nya = SoftFail (~) = transition mode, harusnya FAIL (-) = REJECT. $ host -t txt eaglehighplantations.com eaglehighplantations.com descriptive text "v=spf1 +a +mx +ip4:222.165.195.18 +ip4:222.165.195.19 ~all" https://www.mail-archive.com/[email protected]/msg46876.html 2. DKIM domain eaglehighplantations.com policynya NEUTRAL, harusnya REJECT $ host -t txt MDaemon._domainkey.eaglehighplantations.com MDaemon._domainkey.eaglehighplantations.com descriptive text "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVUYgviyG6WyF2597BIaivwy5j+GgJvMJEaPiHP2XgRyV/6YQDJwnnVwni5l2m6s9Wi2tPahCT13EjdCp6Q+RFPyzaMRzt2EUnTEd69FfyrxHTLnLOLaWHf3Mft75vb0tkGn+KwC3ShpVwuMF1w33/Z6BcQnOnJEnJw5Ish0A9SQIDAQAB" $ host -t txt _domainkey.eaglehighplantations.com _domainkey.eaglehighplantations.com has no TXT record https://www.ciso-central.org/fraudulent-email/domain-key-identified-mail-dkim https://www.mail-archive.com/[email protected]/msg46104.html 3. DMARC record tidak diaktifkan. $ host -t txt _dmarc.eaglehighplantations.com _dmarc.eaglehighplantations.com has no TXT record Singkatnya, untuk mencegah domain spoofing maka perlu mengaktifkan setidaknya SPF dengan policy = Fail/Reject dan DMARC record dengan policy = Reject (atau Quarantine) yang align dengan SPF record (atau align dengan DKIM record). -- syafril -------- Syafril Hermansyah MDaemon-L Moderator. Please do not send mail direct or cc: to me regarding MDaemon problems. Run MDaemon 21.0.2 64 bit Beta C Apa yang Anda sukai pada diri org-2x lain pada umumnya juga adalah yang mereka sukai pada diri Anda --Lord Chesterfield, 1694-1773 -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke [email protected] Henti Langgan: Kirim mail ke [email protected] Versi terakhir: MDaemon 21.0.1, SecurityGateway 8.0.1
