Dear Pak Syafril, Kami menerima email spam dimana problemnya adalah seolah-olah email dikirimkan oleh diri sendiri. Sebagai informasi kami menggunakan cisco ironport sebagai email gateway / smart host. Incoming dari domain internal akan langsung di proses oleh mdaemon, sedangkan incoming mail dari external akan masuk ke ironport terlebih dahulu (ip ironport 172.30.30.100), sehingga log smtp-in pasti incoming mail nya from 172.30.30.100.
Mohon pencerahannya Pak, kenapa server lain dapat mengirimi email menggunakan domain kami? Apakah ada konfigirasi doamin kami yang masih kurang? Berikut ialah 2 contoh log dari smtp-in: Domain weisstech.co.id Sat 2022-09-03 02:10:06.536: ---------- Sat 2022-09-03 02:09:57.785: [102754] Session 102754; child 0009 Sat 2022-09-03 02:09:57.785: [102754] Accepting SMTP connection from 172.30.30.100:13790 to 172.30.2.2:25 Sat 2022-09-03 02:09:57.787: [102754] --> 220 mail.fastratabuana.co.id ESMTP MDaemon 16.0.4; Sat, 03 Sep 2022 02:09:57 +0700 Sat 2022-09-03 02:09:57.787: [102754] <-- EHLO mx1.kapalapi.co.id Sat 2022-09-03 02:09:57.788: [102754] --> 250-mail.fastratabuana.co.id Hello mx1.kapalapi.co.id [172.30.30.100], pleased to meet you Sat 2022-09-03 02:09:57.788: [102754] --> 250-ETRN Sat 2022-09-03 02:09:57.788: [102754] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Sat 2022-09-03 02:09:57.788: [102754] --> 250-8BITMIME Sat 2022-09-03 02:09:57.788: [102754] --> 250-ENHANCEDSTATUSCODES Sat 2022-09-03 02:09:57.788: [102754] --> 250-STARTTLS Sat 2022-09-03 02:09:57.788: [102754] --> 250 SIZE Sat 2022-09-03 02:09:57.789: [102754] <-- MAIL FROM:<[email protected]> SIZE=6973 Sat 2022-09-03 02:09:57.790: [102754] --> 250 2.1.0 Sender OK Sat 2022-09-03 02:09:57.791: [102754] <-- RCPT TO:<[email protected]> Sat 2022-09-03 02:09:57.795: [102754] --> 250 2.1.5 Recipient OK Sat 2022-09-03 02:09:57.795: [102754] <-- DATA Sat 2022-09-03 02:09:57.796: [102754] Creating temp file (SMTP): d:\mdaemon\queues\temp\18\md50000001253.tmp Sat 2022-09-03 02:09:57.796: [102754] --> 354 Enter mail, end with <CRLF>.<CRLF> Sat 2022-09-03 02:09:57.995: [102754] Message size: 10293 bytes Sat 2022-09-03 02:09:58.301: [102754] Passing message through Outbreak Protection... Sat 2022-09-03 02:09:58.302: [102754] * Message-ID: <[email protected]> Sat 2022-09-03 02:09:58.302: [102754] * Reference-ID: str=0001.0A67340F.63125539.0016,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld =1,fgs=0 Sat 2022-09-03 02:09:58.302: [102754] * Virus result: 0 - Clean Sat 2022-09-03 02:09:58.303: [102754] * Spam result: 1 - Clean Sat 2022-09-03 02:09:58.303: [102754] * IWF result: 0 - Clean Sat 2022-09-03 02:09:58.303: [102754] ---- End Outbreak Protection results Sat 2022-09-03 02:09:58.303: [102754] Passing message through Spam Filter (Size: 10293)... Sat 2022-09-03 02:10:02.172: [102754] * -4.7 BAYES_00 BODY: Bayes spam probability is 0 to 1% Sat 2022-09-03 02:10:02.172: [102754] * [score: 0.0000] Sat 2022-09-03 02:10:02.172: [102754] * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split Sat 2022-09-03 02:10:02.172: [102754] * IP) Sat 2022-09-03 02:10:02.172: [102754] * 1.6 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date Sat 2022-09-03 02:10:02.172: [102754] * 0.0 HTML_MESSAGE BODY: HTML included in message Sat 2022-09-03 02:10:02.172: [102754] * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS Sat 2022-09-03 02:10:02.172: [102754] * -0.0 T_SCC_BODY_TEXT_LINE No description available. Sat 2022-09-03 02:10:02.172: [102754] * 0.5 PDS_BTC_ID FP reduced Bitcoin ID Sat 2022-09-03 02:10:02.172: [102754] * 0.2 BITCOIN_SPAM_02 BitCoin spam pattern 02 Sat 2022-09-03 02:10:02.172: [102754] * 0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address Sat 2022-09-03 02:10:02.172: [102754] ---- End SpamAssassin results Sat 2022-09-03 02:10:02.172: [102754] Spam Filter score/req: 1.80/11.0 Sat 2022-09-03 02:10:02.175: [102754] Message creation successful: d:\mdaemon\queues\inbound\49\md50000611450.msg Sat 2022-09-03 02:10:02.175: [102754] --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> Sat 2022-09-03 02:10:07.202: [102754] <-- QUIT Sat 2022-09-03 02:10:07.202: [102754] --> 221 2.0.0 See ya in cyberspace Sat 2022-09-03 02:10:07.203: [102754] SMTP session successful (Bytes in/out: 10427/475) Sat 2022-09-03 02:10:07.203: ---------- Domain Kapalapi.co.id Sat 2022-09-03 02:48:13.865: ---------- Sat 2022-09-03 02:48:08.885: [117901] Session 117901; child 0001 Sat 2022-09-03 02:48:08.885: [117901] Accepting SMTP connection from 172.30.30.100:51237 to 172.30.2.2:25 Sat 2022-09-03 02:48:08.887: [117901] --> 220 mail.fastratabuana.co.id ESMTP MDaemon 16.0.4; Sat, 03 Sep 2022 02:48:08 +0700 Sat 2022-09-03 02:48:08.888: [117901] <-- EHLO mx1.kapalapi.co.id Sat 2022-09-03 02:48:08.888: [117901] --> 250-mail.fastratabuana.co.id Hello mx1.kapalapi.co.id [172.30.30.100], pleased to meet you Sat 2022-09-03 02:48:08.888: [117901] --> 250-ETRN Sat 2022-09-03 02:48:08.888: [117901] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Sat 2022-09-03 02:48:08.888: [117901] --> 250-8BITMIME Sat 2022-09-03 02:48:08.888: [117901] --> 250-ENHANCEDSTATUSCODES Sat 2022-09-03 02:48:08.888: [117901] --> 250-STARTTLS Sat 2022-09-03 02:48:08.888: [117901] --> 250 SIZE Sat 2022-09-03 02:48:08.889: [117901] <-- MAIL FROM:<[email protected]> SIZE=6892 Sat 2022-09-03 02:48:08.891: [117901] --> 250 2.1.0 Sender OK Sat 2022-09-03 02:48:08.892: [117901] <-- RCPT TO:<[email protected]> Sat 2022-09-03 02:48:08.896: [117901] --> 250 2.1.5 Recipient OK Sat 2022-09-03 02:48:08.897: [117901] <-- DATA Sat 2022-09-03 02:48:08.898: [117901] Creating temp file (SMTP): d:\mdaemon\queues\temp\41\md50000001260.tmp Sat 2022-09-03 02:48:08.898: [117901] --> 354 Enter mail, end with <CRLF>.<CRLF> Sat 2022-09-03 02:48:09.235: [117901] Message size: 10279 bytes Sat 2022-09-03 02:48:09.239: [117901] Passing message through Spam Filter (Size: 10279)... Sat 2022-09-03 02:48:09.287: [117901] * -0.0 USER_IN_WELCOMELIST User is listed in 'welcomelist_from' Sat 2022-09-03 02:48:09.287: [117901] * -0.0 SHORTCIRCUIT Not all rules were run, due to a shortcircuited rule Sat 2022-09-03 02:48:09.287: [117901] * -100 USER_IN_WHITELIST From: address is in the whitelist Sat 2022-09-03 02:48:09.287: [117901] ---- End SpamAssassin results Sat 2022-09-03 02:48:09.287: [117901] Spam Filter score/req: -100.00/11.0 Sat 2022-09-03 02:48:09.292: [117901] Message creation successful: d:\mdaemon\queues\inbound\07\md50000611498.msg Sat 2022-09-03 02:48:09.292: [117901] --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> Sat 2022-09-03 02:48:14.297: [117901] <-- QUIT Sat 2022-09-03 02:48:14.297: [117901] --> 221 2.0.0 See ya in cyberspace Sat 2022-09-03 02:48:14.297: [117901] SMTP session successful (Bytes in/out: 10411/474) Sat 2022-09-03 02:48:14.298: ---------- Terimakasih, Asep. Y -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke [email protected] Henti Langgan: Kirim mail ke [email protected] Versi terakhir: MDaemon 22.0.3, SecurityGateway 8.5.3
