> Itu artinya user terindikasi terhijack.
> Periksa smtp-in log, user [email protected] kirim mail ke berapa 
> recipient siang hari ini dan dari IP berapa.

Berikut log smtp in nya pak,
  User akses email dari wifi hp nya 


Thu 2024-08-22 14:19:14.277: ----------
Thu 2024-08-22 14:19:05.794: [25761180] Session 25761180; child 0037
Thu 2024-08-22 14:19:05.794: [25761180] Accepting SMTP connection from 
182.3.102.177:52303 to 172.16.0.6:587
Thu 2024-08-22 14:19:05.795: [25761180] --> 220 bb.ptbmi.com ESMTP MSA MDaemon 
23.5.3; Thu, 22 Aug 2024 14:19:05 +0700
Thu 2024-08-22 14:19:05.859: [25761180] <-- EHLO nblawrence
Thu 2024-08-22 14:19:05.859: [25761180] --> 250-bb.ptbmi.com Hello nblawrence 
[182.3.102.177], pleased to meet you
Thu 2024-08-22 14:19:05.859: [25761180] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Thu 2024-08-22 14:19:05.859: [25761180] --> 250-8BITMIME
Thu 2024-08-22 14:19:05.859: [25761180] --> 250-ENHANCEDSTATUSCODES
Thu 2024-08-22 14:19:05.859: [25761180] --> 250-PIPELINING
Thu 2024-08-22 14:19:05.859: [25761180] --> 250-CHUNKING
Thu 2024-08-22 14:19:05.859: [25761180] --> 250-STARTTLS
Thu 2024-08-22 14:19:05.859: [25761180] --> 250 SIZE
Thu 2024-08-22 14:19:05.926: [25761180] <-- AUTH LOGIN
Thu 2024-08-22 14:19:05.926: [25761180] --> 334 VXNlcm5hbWU6
Thu 2024-08-22 14:19:05.982: [25761180] <-- bGF3cmVuY2UubGllQHB0Ym1pLmNvbQ==
Thu 2024-08-22 14:19:05.982: [25761180] --> 334 UGFzc3dvcmQ6
Thu 2024-08-22 14:19:06.060: [25761180] <-- ******
Thu 2024-08-22 14:19:06.060: [25761180] Authenticating [email protected]...
Thu 2024-08-22 14:19:06.062: [25761180] Authenticated as [email protected]
Thu 2024-08-22 14:19:06.062: [25761180] --> 235 2.7.0 Authentication successful
Thu 2024-08-22 14:19:14.961: [25761180] <-- MAIL FROM: <[email protected]>
Thu 2024-08-22 14:19:14.962: [25761180] --> 250 2.1.0 Sender OK
Thu 2024-08-22 14:19:14.962: [25761180] Connection closed
Thu 2024-08-22 14:19:14.962: [25761180] SMTP session terminated (Bytes in/out: 
118/366)
Thu 2024-08-22 14:19:14.962: ----------

> Apakah mail itu memang secara sadar dilakukan oleh sender/user itu bukan oleh 
> worm virus atau hacker?
Info dari user, user sendiri yang melakukan 
Terakhir 14:19 user info kalau tidak bisa kriim email, saya cek ternyata ke 
frozen 
Setelah itu saya enabled
Waktu di coba langsung frozen lagi 

Trus saya enabled lagi 

Baru bisa 

Terima kasih
Rievo 

Kirim email ke