[Mdaemon-L] Email dianggap spam oleh MDaemon

Tue, 09 Jan 2024 23:31:50 -0800 

On 1/10/24 12:13, Bambang Setiawan via Mdaemon-L wrote:
Mohon bantuannya untuk analisa log sebagai berikut, penyebab email dari sender dianggap spam ini apa ya pak ? 


Kenapa log nya berantakkan begini?
Kelihatannya salah copy and paste.


Wed 2024-01-10 10:51:16.429: 02: [45941226] <-- MAIL FROM:<[email protected]> SIZE=1195522 



Wed 2024-01-10 10:51:24.807: 11: [45941226] Passing message through Outbreak 
Protection...
Wed 2024-01-10 10:51:24.807: 11: [45941226] *  Message-ID: 
<kl1pr03mb6898f33352b949ad997c486ce4...@kl1pr03mb6898.apcprd03.prod.outlook.com>
Wed 2024-01-10 10:51:24.807: 11: [45941226] *  Reference-ID: 
str=0001.0A67341C.659E135F.001C,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
Wed 2024-01-10 10:51:24.807: 11: [45941226] *  Virus result: 0 - Clean
Wed 2024-01-10 10:51:24.807: 11: [45941226] *  Spam result: 4 - Spam (confirmed)
Wed 2024-01-10 10:51:24.808: 11: [45941226] *  IWF result: 0 - Clean
Wed 2024-01-10 10:51:24.808: 11: [45941226] ---- End Outbreak Protection results

Wed 2024-01-10 10:51:24.823: 03: [45941226] --> 550 5.7.1 Sorry, message looks like spam or phish to me (OP) 


Mail ini dianggap spam oleh Outbreak Protection sehingga ditolak.


Dari sender yang sama email tes ini bisa masuk pak.



Wed 2024-01-10 11:42:16.916: 02: [45942993] <-- MAIL FROM:<[email protected]> SIZE=21433 



Wed 2024-01-10 11:42:17.622: 11: [45942993] Passing message through Outbreak 
Protection...
Wed 2024-01-10 11:42:17.623: 11: [45942993] *  Message-ID: 
<kl1pr03mb68987ad801c9969c7c60a12be4...@kl1pr03mb6898.apcprd03.prod.outlook.com>
Wed 2024-01-10 11:42:17.623: 11: [45942993] *  Reference-ID: 
str=0001.0A67342F.659E1F4C.001A:SCFSTAT98368960,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Wed 2024-01-10 11:42:17.623: 11: [45942993] *  Virus result: 0 - Clean
Wed 2024-01-10 11:42:17.623: 11: [45942993] *  Spam result: 1 - Clean
Wed 2024-01-10 11:42:17.623: 11: [45942993] *  IWF result: 0 - Clean
Wed 2024-01-10 11:42:17.623: 11: [45942993] ---- End Outbreak Protection results
Wed 2024-01-10 11:42:17.626: 07: [45942993] Passing message through Spam Filter 
(Size: 9264)...
Wed 2024-01-10 11:42:17.777: 07: [45942993] *  0.0 HTML_MESSAGE BODY: HTML 
included in message
Wed 2024-01-10 11:42:17.777: 07: [45942993] *  0.1 MIME_HTML_MOSTLY BODY: 
Multipart message mostly text/html MIME
Wed 2024-01-10 11:42:17.777: 07: [45942993] * -0.0 T_SCC_BODY_TEXT_LINE No 
description available.
Wed 2024-01-10 11:42:17.778: 07: [45942993] *  0.1 BODY_SINGLE_WORD Message 
body is only one word (no spaces)
Wed 2024-01-10 11:42:17.778: 07: [45942993] *  0.0 KHOP_HELO_FCRDNS Relay HELO 
differs from its IP's reverse DNS
Wed 2024-01-10 11:42:17.778: 07: [45942993] ---- End SpamAssassin results

Wed 2024-01-10 11:42:17.778: 07: [45942993] Spam Filter score/req: 0.20/12.0 




Yang ini mail dari sender yang sama, tetapi mail yang berbeda (isi, 
subject) nya.


http://mdaemon.dutaint.co.id/mdaemon/23.5/sp_outbreak_protection.html


Outbreak Protection is completely content agnostic, meaning that it 
doesn't rely on strict lexical analysis of message content. Thus, it 
doesn't require heuristic rules, content filtering, or signature 
updates. Further, that means it is not fooled by the addition of seed 
text, clever spelling changes, social engineering tactics, language 
barriers, or differences in encoding techniques. Instead, OP is based on 
Recurrent Pattern Detection and Zero-hour technologies. It relies on the 
mathematical analysis of message structure and message distribution 
characteristics over SMTP—it analyzes "patterns" associated with an 
email transmission and compares them to similar patterns collected from 
millions of email messages worldwide, which are sampled and compared in 
real time. Note: OP never transmits the actual content of messages, nor 
can message content be derived from the extracted patterns.



Oubreak Protection akurasinya sudah jauh lebih tinggi dibanding 
spamassassin, tetapi tidak bisa 100% akurat.

Dalam hal akurasi yang salah bisa dilaporkan ke altn.com.

https://knowledge.mdaemon.com/outbreak-protection-reporting


tetapi untuk pelaporan itu hanya bisa jika message sudah masuk ke queue, 
sehingga ada 2 pilihan bisa dilakukan:


1. Masukkan sender address kedalam antispam allow list no filtering

http://mdaemon.dutaint.co.id/mdaemon/23.5/sf_white_list.html


2, Outbreak Protection antispam accept message tetapi memberikan spam 
score positive.


Spam should be...

[x] accepted for filtering








--
syafril
--------
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.2 Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

We do not remember days, we remember moments.
        --- Cesare Pavese


--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 23.5.1, SecurityGateway 9.5.2

























					Kirim email ke