[Mdaemon-L] Spam - Email Anda Akan Diblokir

Tue, 11 Jul 2023 21:15:33 -0700 

 dYth Pak Syafril,
Hari ini kami banyak menerima email tidak normal seperti dibawah, mohon bantuan bagaimana agar tidak masuk lagi. 
Log :

Wed 2023-07-12 05:18:54.964: [73667072] Session 73667072; child 0001
Wed 2023-07-12 05:18:54.964: [73667072] Accepting SMTP connection from 121.58.190.112:42750 to 10.10.10.85:25 Wed 2023-07-12 05:18:54.964: [73667072] Location Screen says connection is from Indonesia, Asia Wed 2023-07-12 05:18:54.965: [73667072] --> 220 mailhub.kobexindo.com ESMTP MDaemon 23.0.2; Wed, 12 Jul 2023 05:18:54 +0700 
Wed 2023-07-12 05:18:54.969: [73667072] <-- EHLO pmg01.cergis.net.id
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-mailhub.kobexindo.com Hello pmg01.cergis.net.id [121.58.190.112], pleased to meet you 
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-ETRN
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-8BITMIME
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-ENHANCEDSTATUSCODES
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-PIPELINING
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-CHUNKING
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-STARTTLS
Wed 2023-07-12 05:18:54.969: [73667072] --> 250 SIZE 41697280
Wed 2023-07-12 05:18:54.972: [73667072] <-- STARTTLS
Wed 2023-07-12 05:18:54.972: [73667072] --> 220 2.7.0 Ready to start TLS
Wed 2023-07-12 05:18:54.981: [73667072] SSL negotiation successful (TLS 1.3, TLS_AES_256_GCM_SHA384) 
Wed 2023-07-12 05:18:54.994: [73667072] <-- EHLO pmg01.cergis.net.id
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-mailhub.kobexindo.com Hello pmg01.cergis.net.id [121.58.190.112], pleased to meet you 
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-ETRN
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-8BITMIME
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-ENHANCEDSTATUSCODES
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-PIPELINING
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-CHUNKING
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-REQUIRETLS
Wed 2023-07-12 05:18:54.994: [73667072] --> 250 SIZE 41697280
Wed 2023-07-12 05:18:54.998: [73667072] <-- MAIL FROM:<[email protected]> SIZE=15824 BODY=8BITMIME Wed 2023-07-12 05:18:55.002: [73667072] Performing PTR lookup (112.190.58.121.IN-ADDR.ARPA) Wed 2023-07-12 05:18:55.007: [73667072] * D=112.190.58.121.IN-ADDR.ARPA TTL=(202) PTR=[pmg01.cergis.net.id] Wed 2023-07-12 05:18:55.011: [73667072] * D=pmg01.cergis.net.id TTL=(41) A=[121.58.190.112] 
Wed 2023-07-12 05:18:55.011: [73667072] ---- End PTR results
Wed 2023-07-12 05:18:55.012: [73667072] Performing IP lookup (pmg01.cergis.net.id) Wed 2023-07-12 05:18:55.017: [73667072] * D=pmg01.cergis.net.id TTL=(41) A=[121.58.190.112] 
Wed 2023-07-12 05:18:55.017: [73667072] ---- End IP lookup results
Wed 2023-07-12 05:18:55.020: [73667072] Performing IP lookup (citradermagaperkasa.com) Wed 2023-07-12 05:18:55.024: [73667072] * D=citradermagaperkasa.com TTL=(168) A=[54.39.70.216] Wed 2023-07-12 05:18:55.028: [73667072] * P=000 S=000 D=citradermagaperkasa.com TTL=(4) MX=[mail.citradermagaperkasa.com] {122.129.118.104} 
Wed 2023-07-12 05:18:55.028: [73667072] ---- End IP lookup results
Wed 2023-07-12 05:18:55.035: [73667072] Performing SPF lookup (pmg01.cergis.net.id / 121.58.190.112) 
Wed 2023-07-12 05:18:55.088: [73667072] * Result: none; no SPF record in DNS
Wed 2023-07-12 05:18:55.088: [73667072] ---- End SPF results
Wed 2023-07-12 05:18:55.088: [73667072] Performing SPF lookup (citradermagaperkasa.com / 121.58.190.112) Wed 2023-07-12 05:18:55.088: [73667072] * Policy (cache): v=spf1 a mx ip4:122.129.117.0/24 ip4:121.58.190.0/24 ip4:122.129.118.0/24 a:mg01.cergis.net.id ~allgoogle-site-verification=r-nA4nuXdIRSD81F3tDe2016iCE2k_gwbHsF-nfdv4g 
Wed 2023-07-12 05:18:55.093: [73667072] * Evaluating a: no match
Wed 2023-07-12 05:18:55.100: [73667072] * Evaluating mx: no match
Wed 2023-07-12 05:18:55.100: [73667072] * Evaluating ip4:122.129.117.0/24: no match Wed 2023-07-12 05:18:55.101: [73667072] * Evaluating ip4:121.58.190.0/24: match 
Wed 2023-07-12 05:18:55.101: [73667072] * Result: pass
Wed 2023-07-12 05:18:55.101: [73667072] ---- End SPF results
Wed 2023-07-12 05:18:55.101: [73667072] --> 250 2.1.0 Sender OK
Wed 2023-07-12 05:18:55.101: [73667072] <-- RCPT TO:<[email protected]> Wed 2023-07-12 05:18:55.142: [73667072] Performing DNS-BL lookup (121.58.190.112 - connecting IP) 
Wed 2023-07-12 05:18:55.146: [73667072] * cbl.abuseat.org - passed
Wed 2023-07-12 05:18:55.150: [73667072] * b.barracudacentral.org - passed
Wed 2023-07-12 05:18:55.170: [73667072] * zen.spamhaus.org - passed
Wed 2023-07-12 05:18:55.170: [73667072] ---- End DNS-BL results
Wed 2023-07-12 05:18:55.172: [73667072] --> 250 2.1.5 Recipient OK
Wed 2023-07-12 05:18:55.172: [73667072] <-- DATA
Wed 2023-07-12 05:18:55.201: [73667072] --> 354 Enter mail, end with <CRLF>.<CRLF> 
Wed 2023-07-12 05:18:55.208: [73667072] Message size: 15824 bytes
Wed 2023-07-12 05:18:55.217: [73667072] Performing DKIM verification
Wed 2023-07-12 05:18:55.217: [73667072] * File: d:\mdaemon\queues\temp\43\md5001000000146.tmp Wed 2023-07-12 05:18:55.217: [73667072] * Message-ID: <[email protected]> Wed 2023-07-12 05:18:55.218: [73667072] * DKIM-Signature 1: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citradermagaperkasa.com; s=cdpdkim22; t=1689088628; b h=From:To:Date:Message-ID:MIME-Version; <some tags are not logged> Wed 2023-07-12 05:18:55.218: [73667072] * Verification result: DKIM_SUBJECT_NOT_SIGNED 
Wed 2023-07-12 05:18:55.218: [73667072] * Result: neutral
Wed 2023-07-12 05:18:55.218: [73667072] ---- End DKIM results
Wed 2023-07-12 05:18:55.221: [73667072] Performing DMARC processing
Wed 2023-07-12 05:18:55.221: [73667072] * File: d:\mdaemon\queues\temp\43\md5001000000146.tmp Wed 2023-07-12 05:18:55.221: [73667072] * Message-ID: <[email protected]> Wed 2023-07-12 05:18:55.221: [73667072] * Author domain: citradermagaperkasa.com Wed 2023-07-12 05:18:55.221: [73667072] * Organizational domain: citradermagaperkasa.com Wed 2023-07-12 05:18:55.221: [73667072] * Query domain: _dmarc.citradermagaperkasa.com Wed 2023-07-12 05:18:55.221: [73667072] * Policy record (from cache): v=DMARC1; p=quarantine; rua=mailto:[email protected]; fo=0; adkim=r; aspf=r; sp=quarantine Wed 2023-07-12 05:18:55.224: [73667072] * Verifying report recipient: [email protected] Wed 2023-07-12 05:18:55.224: [73667072] * Query domain: citradermagaperkasa.com._report._dmarc.indotek.my.id Wed 2023-07-12 05:18:55.662: [73667072] * No DMARC policy record found; recipient discarded Wed 2023-07-12 05:18:55.662: [73667072] * Checking authentication mechanisms for DMARC alignment Wed 2023-07-12 05:18:55.662: [73667072] * SPF: domain "citradermagaperkasa.com" passed SPF check; and domain is DMARC aligned Wed 2023-07-12 05:18:55.663: [73667072] * DKIM: domain "citradermagaperkasa.com" (from d= of signature #1) failed verification 
Wed 2023-07-12 05:18:55.663: [73667072] * Result: pass
Wed 2023-07-12 05:18:55.663: [73667072] ---- End DMARC results
Wed 2023-07-12 05:18:55.664: [73667072] Passing message through AntiVirus (Size: 15824)... Wed 2023-07-12 05:18:55.732: [73667072] * Message is clean (no viruses found) scanned by (IKARUS: clean (0.02967s)) (ClamAV: clean (0.01635s)) 
Wed 2023-07-12 05:18:55.732: [73667072] ---- End AntiVirus results
Wed 2023-07-12 05:18:56.377: [73667072] Passing message through Outbreak Protection... Wed 2023-07-12 05:18:56.377: [73667072] * Message-ID: <[email protected]> Wed 2023-07-12 05:18:56.377: [73667072] * Reference-ID: str=0001.0A67341C.64ADD550.0067,ss=3,re=0.000,recu=0.000,reip=0.000,cl=3,cld=1,fgs=0 
Wed 2023-07-12 05:18:56.377: [73667072] * Virus result: 0 - Clean
Wed 2023-07-12 05:18:56.377: [73667072] * Spam result: 3 - Spam (bulk)
Wed 2023-07-12 05:18:56.377: [73667072] * IWF result: 0 - Clean
Wed 2023-07-12 05:18:56.377: [73667072] ---- End Outbreak Protection results
Wed 2023-07-12 05:18:56.378: [73667072] Passing message through Spam Filter (Size: 15824)... Wed 2023-07-12 05:18:56.746: [73667072] * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was 
Wed 2023-07-12 05:18:56.746: [73667072] * blocked. See
Wed 2023-07-12 05:18:56.746: [73667072] * http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block 
Wed 2023-07-12 05:18:56.746: [73667072] * for more information.
Wed 2023-07-12 05:18:56.746: [73667072] * [URIs: citradermagaperkasa.com]
Wed 2023-07-12 05:18:56.746: [73667072] * 10 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish Wed 2023-07-12 05:18:56.746: [73667072] * 0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge Wed 2023-07-12 05:18:56.746: [73667072] * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts Wed 2023-07-12 05:18:56.746: [73667072] * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or 
Wed 2023-07-12 05:18:56.746: [73667072] * identical to background
Wed 2023-07-12 05:18:56.746: [73667072] * 0.0 HTML_MESSAGE BODY: HTML included in message Wed 2023-07-12 05:18:56.746: [73667072] * 0.0 URIBL_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to Wed 2023-07-12 05:18:56.746: [73667072] * zen.spamhaus.org was blocked due to usage of an open resolver. Wed 2023-07-12 05:18:56.746: [73667072] * See https://www.spamhaus.org/returnc/pub/ 
Wed 2023-07-12 05:18:56.746: [73667072] * [URIs: ipfs.io]
Wed 2023-07-12 05:18:56.746: [73667072] * -0.0 T_SCC_BODY_TEXT_LINE No description available. 
Wed 2023-07-12 05:18:56.746: [73667072] ---- End SpamAssassin results
Wed 2023-07-12 05:18:56.746: [73667072] Spam Filter score/req: 10.10/12.0
Wed 2023-07-12 05:18:56.757: [73667072] Message creation successful: d:\mdaemon\queues\inbound\03\md5001000017017.msg Wed 2023-07-12 05:18:56.757: [73667072] --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> 
Wed 2023-07-12 05:18:56.757: [73667072] <-- QUIT
Wed 2023-07-12 05:18:56.757: [73667072] --> 221 2.0.0 See ya in cyberspace
Wed 2023-07-12 05:18:56.758: [73667072] SMTP session successful (Bytes in/out: 16714/1174)
*From:*Email Security ([email protected]) [mailto:[email protected] <mailto:[email protected]>] 
*Sent:* 11 July 2023 17:45
*To:* [email protected]
*Subject:* Peringatan Bahwa Email Anda Akan Diblokir

*   Akun Anda Akan Diblokir!**
*  Akun Anda*akan diblokir segera,*lakukan proses upgrade keamanan baru kami untuk 2023 pembaruan adalah 

                                                wajib untuk semua pengguna,
                         Jika Anda ingin terus menggunakan Alamat Email Anda /*{ [email protected] <mailto:[email protected]> }*/
*Tingkatkan Akun Anda Sekarang* <https://ipfs.io/ipfs/QmSJtkXGJJwYaGtTFA71hcpURJqz97HWdx14CcwLiDpm38?filename=update.mail.html#[email protected]>
*ATAU ANDA AKAN KEHILANGAN ALAMAT EMAIL ANDA JIKA ANDA TIDAK MENINGKATKAN AKUN ANDA SEKARANG*
Segera upgrade Alamat email Anda untuk keamanan dan itu akan membantu kami melayani
Anda lebih baik, dan ini juga bertujuan untuk memberitahu Anda jika Email Anda diakses dari lokasi yang berbeda. 

*Terima kasih.**
*Security Admin © 2023 A**

--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.2

Kirim email ke