____________________________________________________________________________________________
PERHATIAN EXTERNAL EMAIL : Email ini datang dari luar Clipan. Harap verifikasi pengirim sebelum membuka lampiran atau mengklik tautan yang disematkan. Jika Anda mencurigai ini adalah spam, kirim email ini sebagai lampiran ke ithelpdesk ______________________________________________________________________________________________ Ini kasus account hijacking. Kelihatannya MDaemon mail.clipan.co.id belum diset securitynya dengan benar. > X-Spam-Processed: mail.clipan.co.id, Mon, 01 Nov 2021 13:47:24 +0700 > (not processed: message from trusted or authenticated source) > X-MDSPF-Result: softfail (mail.clipan.co.id) > X-MDRemoteIP: 3.143.24.90 > X-MDHelo: EC2AMAZ-TMRNQ09 > X-MDArrival-Date: Mon, 01 Nov 2021 13:47:24 +0700 > X-Authenticated-Sender: s...@clipan.co.id > From: "Message Support" <s...@clipan.co.id> > Subject: Password Notification Monday, November 1, 2021 > To: <ashve...@capitalalliance.lk> > Date: Mon, 1 Nov 2021 06:47:19 +0000 > Message-Id: <2021011106471864cb93c843-0afbd71...@clipan.co.id> Coba dicarikan transkrip log transaksi itu di smtp-in log agar bisa dianalisis kenapa akun s...@clipan.co.id bisa digunakan hacker dari Ohio, USA. Pak Syafril untuk log diatas saya tidak ketemu, tetapi apakah log dibawah ini bisa membantu? Mon 2021-11-01 12:04:41.464: 05: [544812] Session 544812; child 0001 Mon 2021-11-01 12:04:41.464: 05: [544812] Accepting SMTP connection from 3.143.24.90:56128 to 10.100.101.10:587 Mon 2021-11-01 12:04:41.465: 03: [544812] --> 220 mail.clipan.co.id ESMTP MSA MDaemon 19.0.3; Mon, 01 Nov 2021 12:04:41 +0700 Mon 2021-11-01 12:04:42.305: 02: [544812] <-- EHLO EC2AMAZ-TMRNQ09 Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-mail.clipan.co.id Hello EC2AMAZ-TMRNQ09 [3.143.24.90], pleased to meet you Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-8BITMIME Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-ENHANCEDSTATUSCODES Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-STARTTLS Mon 2021-11-01 12:04:42.306: 03: [544812] --> 250 SIZE 30720000 Mon 2021-11-01 12:04:42.565: 02: [544812] <-- STARTTLS Mon 2021-11-01 12:04:42.565: 03: [544812] --> 220 2.7.0 Ready to start TLS Mon 2021-11-01 12:04:43.501: 01: [544812] SSL negotiation successful (TLS 1.2, 521 bit key exchange, 256 bit AES encryption) Mon 2021-11-01 12:04:43.761: 02: [544812] <-- EHLO EC2AMAZ-TMRNQ09 Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250-mail.clipan.co.id Hello EC2AMAZ-TMRNQ09 [3.143.24.90], pleased to meet you Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250-8BITMIME Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250-ENHANCEDSTATUSCODES Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250 SIZE 30720000 Mon 2021-11-01 12:04:44.021: 02: [544812] <-- AUTH LOGIN Mon 2021-11-01 12:04:44.021: 03: [544812] --> 334 VXNlcm5hbWU6 Mon 2021-11-01 12:04:44.289: 02: [544812] <-- c2Vub0BjbGlwYW4uY28uaWQ= Mon 2021-11-01 12:04:44.289: 03: [544812] --> 334 UGFzc3dvcmQ6 Mon 2021-11-01 12:04:44.549: 02: [544812] <-- ****** Mon 2021-11-01 12:04:44.549: 01: [544812] Authenticating s...@clipan.co.id... Mon 2021-11-01 12:04:44.552: 01: [544812] Authenticated as s...@clipan.co.id Mon 2021-11-01 12:04:44.552: 03: [544812] --> 235 2.7.0 Authentication successful Mon 2021-11-01 12:04:44.812: 02: [544812] <-- MAIL FROM:<s...@clipan.co.id> Mon 2021-11-01 12:04:44.813: 09: [544812] Performing SPF lookup (clipan.co.id / 3.143.24.90) Mon 2021-11-01 12:04:44.813: 09: [544812] * Policy (cache): v=spf1 a mx ip4:117.102.86.99 ip4:202.77.107.76 ~all Mon 2021-11-01 12:04:44.815: 09: [544812] * Evaluating a: no match Mon 2021-11-01 12:04:44.821: 09: [544812] * Evaluating mx: no match Mon 2021-11-01 12:04:44.821: 09: [544812] * Evaluating ip4:117.102.86.99: no match Mon 2021-11-01 12:04:44.821: 09: [544812] * Evaluating ip4:202.77.107.76: no match Mon 2021-11-01 12:04:44.821: 09: [544812] * Evaluating ~all: match Mon 2021-11-01 12:04:44.821: 09: [544812] * Result: softfail Mon 2021-11-01 12:04:44.821: 09: [544812] ---- End SPF results Mon 2021-11-01 12:04:44.821: 03: [544812] --> 250 2.1.0 Sender OK Mon 2021-11-01 12:04:45.083: 02: [544812] <-- RCPT TO:<mariam.saf...@gapcorp.com> Mon 2021-11-01 12:04:45.087: 03: [544812] --> 250 2.1.5 Recipient OK Mon 2021-11-01 12:04:45.347: 02: [544812] <-- DATA Mon 2021-11-01 12:04:45.348: 01: [544812] Creating temp file (SMTP): c:\mdaemon\queues\temp\md50001637264.tmp Mon 2021-11-01 12:04:45.348: 03: [544812] --> 354 Enter mail, end with <CRLF>.<CRLF> Mon 2021-11-01 12:04:45.889: 01: [544812] Message size: 2592 bytes Mon 2021-11-01 12:04:45.889: 10: [544812] Performing DKIM lookup Mon 2021-11-01 12:04:45.889: 10: [544812] * File: c:\mdaemon\queues\temp\md50001637264.tmp Mon 2021-11-01 12:04:45.889: 10: [544812] * Message-ID: <01402021110405570F205E35$5c03f96...@clipan.co.id> Mon 2021-11-01 12:04:45.890: 10: [544812] * Result: neutral Mon 2021-11-01 12:04:45.890: 10: [544812] ---- End DKIM results Mon 2021-11-01 12:04:46.212: 01: [544812] Message creation successful: c:\mdaemon\queues\inbound\md50003040022.msg Mon 2021-11-01 12:04:46.212: 03: [544812] --> 250 2.6.0 Ok, message saved <Message-ID: <01402021110405570F205E35$5c03f96...@clipan.co.id>> Mon 2021-11-01 12:04:47.194: 04: [544812] * Socket error 590615 - The sender has finished using the connection and has initiated a shutdown. Mon 2021-11-01 12:04:47.194: 01: [544812] SMTP session successful (Bytes in/out: 9267/4954) Terima kasih. Salam, Seno -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.3, SecurityGateway 8.0.4
