[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening

Sun, 23 Jun 2024 18:44:57 -0700 

On 21/06/2024 13:43, Syafril Hermansyah via Mdaemon-L wrote:

On 6/21/24 09:36, Agi Subagio via Mdaemon-L wrote:

Carikan transaksi banned nya di Inbound Log.


inbound log ada di attachment - truncate
Wed 2024-06-19 18:14:09: **** ALERT **** Sender has reached RSET dynamic screening threshold 


Wed 2024-06-19 18:14:09: --> 421 Too many RSET commands
Wed 2024-06-19 18:14:09: **** ALERT **** Connection from 172.16.50.16 refused by dynamic screening; 604800 second(s) remain 



Ini benar dynamic screening yang memblock.
Blocking terjadi akibat adanya mail loop antara SG dengan office (backend) server. 


Wed 2024-06-19 18:14:08: --> 250 <>, Sender ok



Wed 2024-06-19 18:14:08: <-- RCPT TO:<[email protected]>
Wed 2024-06-19 18:14:08: User <[email protected]> is not local
Wed 2024-06-19 18:14:08: ========== Processing RCPT scripts for recipient: [email protected] 


Wed 2024-06-19 18:14:08: -- Executing: Blocklist --



Wed 2024-06-19 18:14:08: -- Executing: Tarpitting --



Wed 2024-06-19 18:14:08: -- Executing: Relaying Denied --



Wed 2024-06-19 18:14:08: -- Executing: Invalid Recipient --



Wed 2024-06-19 18:14:08: -- Executing: Validate Local Sender --



Wed 2024-06-19 18:14:08: -- Executing: DNS Blocklists (Client IP) --



Wed 2024-06-19 18:14:08: -- Executing: SPF --



Wed 2024-06-19 18:14:08: -- Executing: Callback Verification --
Wed 2024-06-19 18:14:08: --> 250 <[email protected]>, Recipient ok 


Wed 2024-06-19 18:14:08: <-- DATA



Wed 2024-06-19 18:14:08: --> 354 Enter mail, end with <CRLF>.<CRLF>
Wed 2024-06-19 18:14:08: NULL return path, parsing message headers for sender address 


Wed 2024-06-19 18:14:08: Sender = [email protected]



Wed 2024-06-19 18:14:08: Found DISABLED user



Wed 2024-06-19 18:14:08: User is disabled: <[email protected]>



Wed 2024-06-19 18:14:08: Message size: 3789 bytes



Wed 2024-06-19 18:14:08: Message-ID: <[email protected]>
Wed 2024-06-19 18:14:08: Accepting SMTP connection from [172.16.50.16 : 41020] on port 25
Wed 2024-06-19 18:14:08: # Sender is a local domain mail server (MBS Mail Server) 


Wed 2024-06-19 18:14:08: # Sender is on allowlist (IP global : 173878)
Wed 2024-06-19 18:14:08: --> 250-mx.mbs.co.id Hello mbs.co.id, pleased to meet you 




Ini bug, karena sender IP [172.16.50.16] masuk dalam allowlist global.
Saya akan laporkan ke MDaemon Security Gateway Developer.
Untuk sementara coba masukkan host backend server [mbs.co.id] kedalam allowlists_hosts atau disable "Ban IPs that send this many RSET command. 

https://help.mdaemon.com/SecurityGateway/en/allowlists_hosts.html

https://help.mdaemon.com/SecurityGateway/en/dynamic_screening.html

Itu kenapa [email protected] statusnya bisa disable?
Akun MAILER-DAEMON@ (<>, Null Reverse Path) umum dipakai sebagai system account untuk meresponse autoresponder, Return-Receive Confirmation dls. 
Coba diubah statusnya dari userlist menjadi enable/normal.

https://help.mdaemon.com/SecurityGateway/en/user_list.html
Untuk sementara Dynamic Screeninng saya matikan dulu karena bug tersebut. Sebelumnya sempat diaktifkan dengan menonaktifkan "Ban IPs that send this many RSET", tetapi domain mail server tetap ke banned walaupun opsi exclude sudah diaktifkan dan IP/host sudah didaftarkan ke dalam IP Allowlist.
Ada beberapa email akun yang sengaja tidak diaktifkan di SG dg tujuan agar tidak bisa menerima email dari luar. Alamat email tsb hanya utk keperluan internal sesama domain mail server. 



Sat 2024-06-22 06:00:03: -- Executing: Invalid Sender --
Sat 2024-06-22 06:00:03: -- Executing: IP Shield --
Sat 2024-06-22 06:00:03: -- Executing: MAIL DNS Lookup --
Sat 2024-06-22 06:00:03: -- Executing: SMTP Authentication Required --
Sat 2024-06-22 06:00:03: --> 250 <>, Sender ok
Sat 2024-06-22 06:00:03: <-- RCPT TO:<[email protected]>
Sat 2024-06-22 06:00:03: Found DISABLED user
Sat 2024-06-22 06:00:03: User is disabled: <[email protected]>
Sat 2024-06-22 06:00:03: ========== Processing RCPT scripts for recipient: [email protected] 
Sat 2024-06-22 06:00:03: -- Executing: Blocklist --
Sat 2024-06-22 06:00:03: -- Executing: Tarpitting --
Sat 2024-06-22 06:00:03: -- Executing: Relaying Denied --
Sat 2024-06-22 06:00:03: -- Executing: Invalid Recipient --
Sat 2024-06-22 06:00:03: ** Reject 550 <[email protected]>, Recipient unknown 
Sat 2024-06-22 06:00:03: --> 550 <[email protected]>, Recipient unknown
Sat 2024-06-22 06:00:03: <-- RSET
Sat 2024-06-22 06:00:03: --> 250 RSET?  Well, OK.
Sat 2024-06-22 06:00:03: <-- RSET
Sat 2024-06-22 06:00:03: --> 250 RSET?  Well, OK.
Sat 2024-06-22 06:00:03: <-- MAIL FROM:<> SIZE=4885
Sat 2024-06-22 06:00:03: ========== Processing MAIL scripts
Sat 2024-06-22 06:00:03: -- Executing: Invalid Sender --
Sat 2024-06-22 06:00:03: -- Executing: IP Shield --
Sat 2024-06-22 06:00:03: -- Executing: MAIL DNS Lookup --
Sat 2024-06-22 06:00:03: -- Executing: SMTP Authentication Required --
Sat 2024-06-22 06:00:03: --> 250 <>, Sender ok
Sat 2024-06-22 06:00:03: <-- RCPT TO:<[email protected]>
Sat 2024-06-22 06:00:03: Found DISABLED user
Sat 2024-06-22 06:00:03: User is disabled: <[email protected]>
Sat 2024-06-22 06:00:03: ========== Processing RCPT scripts for recipient: [email protected] 
Sat 2024-06-22 06:00:03: -- Executing: Blocklist --
Sat 2024-06-22 06:00:03: -- Executing: Tarpitting --
Sat 2024-06-22 06:00:03: -- Executing: Relaying Denied --
Sat 2024-06-22 06:00:03: -- Executing: Invalid Recipient --
Sat 2024-06-22 06:00:03: ** Reject 550 <[email protected]>, Recipient unknown 
Sat 2024-06-22 06:00:03: --> 550 <[email protected]>, Recipient unknown
Sat 2024-06-22 06:00:03: <-- RSET
Sat 2024-06-22 06:00:03: --> 250 RSET?  Well, OK.
Sat 2024-06-22 06:00:03: <-- RSET
Sat 2024-06-22 06:00:03: --> 250 RSET?  Well, OK.
Sat 2024-06-22 06:00:03: <-- MAIL FROM:<> SIZE=23907 BODY=8BITMIME
Sat 2024-06-22 06:00:03: ========== Processing MAIL scripts
Sat 2024-06-22 06:00:03: -- Executing: Invalid Sender --
Sat 2024-06-22 06:00:03: -- Executing: IP Shield --
Sat 2024-06-22 06:00:03: -- Executing: MAIL DNS Lookup --
Sat 2024-06-22 06:00:03: -- Executing: SMTP Authentication Required --
Sat 2024-06-22 06:00:03: --> 250 <>, Sender ok
Sat 2024-06-22 06:00:03: <-- RCPT TO:<[email protected]>
Sat 2024-06-22 06:00:03: Found DISABLED user
Sat 2024-06-22 06:00:03: User is disabled: <[email protected]>
Sat 2024-06-22 06:00:03: ========== Processing RCPT scripts for recipient: [email protected] 
Sat 2024-06-22 06:00:03: -- Executing: Blocklist --
Sat 2024-06-22 06:00:03: -- Executing: Tarpitting --
Sat 2024-06-22 06:00:03: -- Executing: Relaying Denied --
Sat 2024-06-22 06:00:03: -- Executing: Invalid Recipient --
Sat 2024-06-22 06:00:03: ** Reject 550 <[email protected]>, Recipient unknown 
Sat 2024-06-22 06:00:03: --> 550 <[email protected]>, Recipient unknown
Sat 2024-06-22 06:00:03: <-- RSET
Sat 2024-06-22 06:00:03: --> 250 RSET?  Well, OK.
Sat 2024-06-22 06:00:04: <-- RSET
Sat 2024-06-22 06:00:04: --> 250 RSET?  Well, OK.
Sat 2024-06-22 06:00:04: <-- MAIL FROM:<> SIZE=40807 BODY=8BITMIME
Sat 2024-06-22 06:00:04: ========== Processing MAIL scripts
Sat 2024-06-22 06:00:04: -- Executing: Invalid Sender --
Sat 2024-06-22 06:00:04: -- Executing: IP Shield --
Sat 2024-06-22 06:00:04: -- Executing: MAIL DNS Lookup --
Sat 2024-06-22 06:00:04: -- Executing: SMTP Authentication Required --
Sat 2024-06-22 06:00:04: --> 250 <>, Sender ok
Sat 2024-06-22 06:00:04: <-- RCPT TO:<[email protected]>
Sat 2024-06-22 06:00:04: Found DISABLED user
Sat 2024-06-22 06:00:04: User is disabled: <[email protected]>
Sat 2024-06-22 06:00:04: ========== Processing RCPT scripts for recipient: [email protected] 
Sat 2024-06-22 06:00:04: -- Executing: Blocklist --
Sat 2024-06-22 06:00:04: -- Executing: Tarpitting --
Sat 2024-06-22 06:00:04: -- Executing: Relaying Denied --
Sat 2024-06-22 06:00:04: -- Executing: Invalid Recipient --
Sat 2024-06-22 06:00:04: ** Reject 550 <[email protected]>, Recipient unknown 
Sat 2024-06-22 06:00:04: --> 550 <[email protected]>, Recipient unknown
Sat 2024-06-22 06:00:04: <-- RSET
Sat 2024-06-22 06:00:04: **** ALERT **** Sender has reached RSET dynamic screening threshold 
Sat 2024-06-22 06:00:04: --> 421 Too many RSET commands
Sat 2024-06-22 06:00:04: **** ALERT **** Connection from 172.16.100.14 refused by dynamic screening; 604800 second(s) remain 
Sat 2024-06-22 06:00:04: SMTP session successful (Bytes in/out: 23194/1547)


--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 24.0.0, SecurityGateway 10.0.1

Kirim email ke