> Itu artinya user terindikasi terhijack. > Periksa smtp-in log, user [email protected] kirim mail ke berapa > recipient siang hari ini dan dari IP berapa.
Berikut log smtp in nya pak, User akses email dari wifi hp nya Thu 2024-08-22 14:19:14.277: ---------- Thu 2024-08-22 14:19:05.794: [25761180] Session 25761180; child 0037 Thu 2024-08-22 14:19:05.794: [25761180] Accepting SMTP connection from 182.3.102.177:52303 to 172.16.0.6:587 Thu 2024-08-22 14:19:05.795: [25761180] --> 220 bb.ptbmi.com ESMTP MSA MDaemon 23.5.3; Thu, 22 Aug 2024 14:19:05 +0700 Thu 2024-08-22 14:19:05.859: [25761180] <-- EHLO nblawrence Thu 2024-08-22 14:19:05.859: [25761180] --> 250-bb.ptbmi.com Hello nblawrence [182.3.102.177], pleased to meet you Thu 2024-08-22 14:19:05.859: [25761180] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Thu 2024-08-22 14:19:05.859: [25761180] --> 250-8BITMIME Thu 2024-08-22 14:19:05.859: [25761180] --> 250-ENHANCEDSTATUSCODES Thu 2024-08-22 14:19:05.859: [25761180] --> 250-PIPELINING Thu 2024-08-22 14:19:05.859: [25761180] --> 250-CHUNKING Thu 2024-08-22 14:19:05.859: [25761180] --> 250-STARTTLS Thu 2024-08-22 14:19:05.859: [25761180] --> 250 SIZE Thu 2024-08-22 14:19:05.926: [25761180] <-- AUTH LOGIN Thu 2024-08-22 14:19:05.926: [25761180] --> 334 VXNlcm5hbWU6 Thu 2024-08-22 14:19:05.982: [25761180] <-- bGF3cmVuY2UubGllQHB0Ym1pLmNvbQ== Thu 2024-08-22 14:19:05.982: [25761180] --> 334 UGFzc3dvcmQ6 Thu 2024-08-22 14:19:06.060: [25761180] <-- ****** Thu 2024-08-22 14:19:06.060: [25761180] Authenticating [email protected]... Thu 2024-08-22 14:19:06.062: [25761180] Authenticated as [email protected] Thu 2024-08-22 14:19:06.062: [25761180] --> 235 2.7.0 Authentication successful Thu 2024-08-22 14:19:14.961: [25761180] <-- MAIL FROM: <[email protected]> Thu 2024-08-22 14:19:14.962: [25761180] --> 250 2.1.0 Sender OK Thu 2024-08-22 14:19:14.962: [25761180] Connection closed Thu 2024-08-22 14:19:14.962: [25761180] SMTP session terminated (Bytes in/out: 118/366) Thu 2024-08-22 14:19:14.962: ---------- > Apakah mail itu memang secara sadar dilakukan oleh sender/user itu bukan oleh > worm virus atau hacker? Info dari user, user sendiri yang melakukan Terakhir 14:19 user info kalau tidak bisa kriim email, saya cek ternyata ke frozen Setelah itu saya enabled Waktu di coba langsung frozen lagi Trus saya enabled lagi Baru bisa Terima kasih Rievo
