>>>> Coba periksa apa isi DMARC exempt list. >>> >>>> Apakah ada isian 198.58.114.46? >> >> >>> Tidak ada Pak >> >> >> Ada isian di trusted IP >> >> http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--trusted_ips.html >> >> atau trusted host >> >> http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--trusted_hosts.ht >> ml
Selamat Pagi Pak Syafril, saya cek di trusted IPs dan di trusted hosts tidak ada IP atau host email spoofing tersebut > Bisa di check ke smtp-in log, apakah transaksi mail yang masuk dari internet > memicu DMARC verification. Aneh nya pada waktu kejadian itu dmarc Procesing nya seperti tidak jalan kalau di lihat dari log smtp in pada hari kejadian Mon 2023-08-07 11:55:28.694: [00968378] ---- End DKIM results Mon 2023-08-07 11:55:28.695: [00968378] Passing message through AntiVirus (Size: 8603)... Mon 2023-08-07 11:55:28.714: [00968378] * Message is clean (no viruses found) scanned by (IKARUS: clean (0.00303s)) Mon 2023-08-07 11:55:28.714: [00968378] ---- End AntiVirus results Mon 2023-08-07 11:55:28.716: [00968378] Message creation successful: d:\mdaemon\queues\inbound\46\md5001000027224.msg Mon 2023-08-07 11:55:28.716: [00968378] --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> Mon 2023-08-07 11:55:28.716: [00968378] <-- QUIT Mon 2023-08-07 11:55:28.716: [00968378] --> 221 2.0.0 See ya in cyberspace Mon 2023-08-07 11:55:28.717: [00968378] SMTP session successful (Bytes in/out: 8729/459) Mon 2023-08-07 11:55:28.718: ---------- Di bandingkan dengan log email dari BCA DMARC Processing nya jalan Mon 2023-08-07 11:55:48.943: [00968484] ---- End DKIM results Mon 2023-08-07 11:55:48.946: [00968484] Performing DMARC processing Mon 2023-08-07 11:55:48.946: [00968484] * File: d:\mdaemon\queues\temp\25\md5001000000239.tmp Mon 2023-08-07 11:55:48.946: [00968484] * Message-ID: <2007367336.8292957.1691384169124@759f5bc6-5d2c-49d8-4bf7-6a9c> Mon 2023-08-07 11:55:48.946: [00968484] * Author domain: klikbca.com Mon 2023-08-07 11:55:48.946: [00968484] * Organizational domain: klikbca.com Mon 2023-08-07 11:55:48.946: [00968484] * Query domain: _dmarc.klikbca.com Mon 2023-08-07 11:55:48.979: [00968484] * Policy record: v=DMARC1;p=quarantine;rua=mailto:[email protected];fo=1 Mon 2023-08-07 11:55:48.981: [00968484] * Verifying report recipient: [email protected] Mon 2023-08-07 11:55:48.981: [00968484] * Query domain: klikbca.com._report._dmarc.bca.co.id Mon 2023-08-07 11:55:49.012: [00968484] * Policy record: v=DMARC1 Mon 2023-08-07 11:55:49.012: [00968484] * Recipient [email protected] is verified Mon 2023-08-07 11:55:49.012: [00968484] * Checking authentication mechanisms for DMARC alignment Mon 2023-08-07 11:55:49.012: [00968484] * SPF: domain "klikbca.com" passed SPF check; and domain is DMARC aligned Mon 2023-08-07 11:55:49.012: [00968484] * DKIM: domain "klikbca.com" (from d= of signature #1) verified; and domain is DMARC aligned Mon 2023-08-07 11:55:49.012: [00968484] * Result: pass Mon 2023-08-07 11:55:49.012: [00968484] ---- End DMARC results Mon 2023-08-07 11:55:49.014: [00968484] Passing message through AntiVirus (Size: 3700)... Mon 2023-08-07 11:55:49.025: [00968484] * Message is clean (no viruses found) scanned by (IKARUS: clean (0.00110s)) Mon 2023-08-07 11:55:49.025: [00968484] ---- End AntiVirus results Mon 2023-08-07 11:55:49.025: [00968484] Passing message through Spam Filter (Size: 3700)... Mon 2023-08-07 11:55:49.229: [00968484] * 0.0 HTML_MESSAGE BODY: HTML included in message Mon 2023-08-07 11:55:49.229: [00968484] * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts Mon 2023-08-07 11:55:49.229: [00968484] ---- End SpamAssassin results Mon 2023-08-07 11:55:49.229: [00968484] Spam Filter score/req: 0.10/12.0 Mon 2023-08-07 11:55:49.233: [00968484] Message creation successful: d:\mdaemon\queues\inbound\49\md5001000027216.msg Mon 2023-08-07 11:55:49.233: [00968484] --> 250 2.6.0 Ok, message saved <Message-ID: <2007367336.8292957.1691384169124@759f5bc6-5d2c-49d8-4bf7-6a9c>> Mon 2023-08-07 11:55:49.268: [00968484] <-- QUIT Mon 2023-08-07 11:55:49.268: [00968484] --> 221 2.0.0 See ya in cyberspace Mon 2023-08-07 11:55:49.268: [00968484] SMTP session successful (Bytes in/out: 4697/4355) Mon 2023-08-07 11:55:49.268: ---------- Padahal log di atas tanggal dan waktunya kurang lebih sama, jadi bisa di pastikan bukan karena DMARC Verificationnya tidak aktif pada saat itu Atau mungkin system membaca seakan2 email tersebut memang dari local, sehingga Dmarc procesingnya tidak jalan ??? >Jika tidak, disable dulu menu berikut >http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--dmarc_verification.html > [ ] Do not verify messages from trusted IPs Baik Pak sementara Do not verify messages from trusted Ips saya disabled > lalu periksa lagi smtp-in log, apakah DMARC verification berjalan. Wed 2023-08-09 08:54:28.471: [01143185] ---- End DKIM results Wed 2023-08-09 08:54:28.476: [01143185] Performing DMARC processing Wed 2023-08-09 08:54:28.476: [01143185] * File: d:\mdaemon\queues\temp\15\md5001000000001.tmp Wed 2023-08-09 08:54:28.476: [01143185] * Message-ID: <cajxr3gun0kpeif1dxaotdnwqmair3p+emqfdxemoc8a4+ti...@mail.gmail.com> Wed 2023-08-09 08:54:28.476: [01143185] * Author domain: gmail.com Wed 2023-08-09 08:54:28.476: [01143185] * Organizational domain: gmail.com Wed 2023-08-09 08:54:28.476: [01143185] * Query domain: _dmarc.gmail.com Wed 2023-08-09 08:54:28.476: [01143185] * Policy record (from cache): v=DMARC1; p=none; sp=quarantine; rua=mailto:[email protected] Wed 2023-08-09 08:54:28.479: [01143185] * Verifying report recipient: [email protected] Wed 2023-08-09 08:54:28.479: [01143185] * Query domain: gmail.com._report._dmarc.google.com Wed 2023-08-09 08:54:28.508: [01143185] * Policy record: v=DMARC1 Wed 2023-08-09 08:54:28.508: [01143185] * Recipient [email protected] is verified Wed 2023-08-09 08:54:28.508: [01143185] * Checking authentication mechanisms for DMARC alignment Wed 2023-08-09 08:54:28.508: [01143185] * SPF: domain "gmail.com" passed SPF check; and domain is DMARC aligned Wed 2023-08-09 08:54:28.509: [01143185] * DKIM: domain "gmail.com" (from d= of signature #1) verified; and domain is DMARC aligned Wed 2023-08-09 08:54:28.509: [01143185] * Result: pass Wed 2023-08-09 08:54:28.509: [01143185] ---- End DMARC results Wed 2023-08-09 08:54:28.510: [01143185] Passing message through AntiVirus (Size: 2561)... Wed 2023-08-09 08:54:28.520: [01143185] * Message is clean (no viruses found) scanned by (IKARUS: clean (0.00086s)) Wed 2023-08-09 08:54:28.520: [01143185] ---- End AntiVirus results Wed 2023-08-09 08:54:28.523: [01143185] Message creation successful: d:\mdaemon\queues\inbound\14\md5001000027418.msg Wed 2023-08-09 08:54:28.523: [01143185] --> 250 2.6.0 Ok, message saved <Message-ID: <cajxr3gun0kpeif1dxaotdnwqmair3p+emqfdxemoc8a4+ti...@mail.gmail.com>> Wed 2023-08-09 08:54:28.775: [01143185] <-- QUIT Wed 2023-08-09 08:54:28.775: [01143185] --> 221 2.0.0 See ya in cyberspace Wed 2023-08-09 08:54:28.776: [01143185] SMTP session successful (Bytes in/out: 3698/4054) Wed 2023-08-09 08:54:28.776: ---------- Berikut log setelah saya matikan, menu tersebut Terima Kasih Rievo
